Exploring the Microsoft 365 security center
In this, we will get a brief about Microsoft 365 security center and its features.
The Microsoft 365 security center is the new home for monitoring and managing security across your Microsoft identities, data, devices, and apps. Here you can view the security health of your organization, act to configure devices, users, and apps, and get alerts for suspicious activity. Moreover, it helps security admins and security operations teams manage and protect their organization.
Further, the Microsoft 365 security center allows admins to tailor the navigation pane to meet daily operational needs. Admins can customize the navigation pane to show or hide functions and services based on their specific preferences. Customization is specific to the individual admin, so other admins won’t see these changes.
However, the Microsoft 365 security center navigation pane has these options:
- Firstly, Home: Get an at-a-glance view of the overall security health of your organization.
- Secondly, Incidents: See the broader story of an attack by connecting the dots seen on individual alerts on entities.
- Thirdly, Alerts: Have greater visibility into all the alerts across your Microsoft 365 environment. Includes alerts from Microsoft Cloud App Security, Microsoft Defender for Office 365, Azure Active Directory, and Microsoft Defender for Endpoint.
- Then, Action center: Reduce the volume of alerts your security team must address manually, allowing them to focus on more sophisticated threats and other high-value initiatives.
- After that, Secure Score: Improve your overall security posture with Microsoft Secure Score. This page provides an all-up summary of the different security features and capabilities you’ve enabled. And, it includes recommendations for areas to improve.
- Advanced hunting: Proactively search for malware, suspicious files, and activities in your Microsoft 365 organization.
- Lastly, Permissions: Manage who, in your organization, has access to view content and perform tasks in the Microsoft 365 security center. You can also assign Microsoft 365 permissions in the Azure AD portal.
Threat analytics with better data coverage
Track and respond to emerging threats with the following Microsoft 365 Defender threat analytics integrated experience:
- Firstly, better data coverage between Microsoft Defender for Endpoint and Microsoft Defender for Office 365, making combined incident management, automatic investigation, remediation, and proactive or reactive threat hunting across-domain possible.
- Secondly, Email-related detections and mitigations from Microsoft Defender for Office 365. In addition to the endpoint data already available from Microsoft Defender for Endpoint.
- Then, a view of threat-related incidents which aggregate alerts into end-to-end attack stories across Microsoft Defender for Endpoint and Microsoft Defender for Office 365 to reduce the work queue, as well as simplify and speed up your investigation.
- Lastly, attack attempts detected and blocked by Microsoft 365 Defender solutions. There’s also data that you can use to drive preventive actions. This data mitigates the risk of further exposure and increases resilience.
Reference: Microsoft Documentation, Doc 2