Demo: The Microsoft 365 Defender portal

This demo maps to the following Learn content:

  • Learning Path: Describe the capabilities of Microsoft security solutions
  • Module: Describe the threat protection capabilities of Microsoft 365
  • Unit: Describe the Microsoft 365 Defender portal

Demo scenario

In this demo, you’ll show the Microsoft 365 Defender portal by walking through the content displayed on the landing page. You’ll also walk through the options on the navigation panel that provide quick access to functionality that is part of Microsoft’s Extended Detection and Response (XDR) solution: Microsoft Defender for Endpoints, and Microsoft Defender for Office 365 (email and collaboration). Lastly you’ll also show how Microsoft Secure Score can help an organization improve its security posture.

Demo Part 1

Explore the Microsoft 365 Defender landing page.

  1. Open Microsoft Edge. In the address bar, enter admin.microsoft.com. You should already be signed in as the admin. If not, sign in with your admin credentials.

  2. From the left navigation pane of the Microsoft 365 admin center, select Show all.

  3. Under Admin centers, select Security. A new browser page opens to the welcome page of the Microsoft 365 Defender portal.

  4. If this is the first time you visit the Microsoft 365 Defender portal, you may get a pop-up window to take a quick tour. Close this.

  5. The welcome page of the Microsoft 365 Defender portal, shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Scroll through the page to view the default set of cards for your role as global admin.

  6. The cards displayed can be customized to your preference. Select + Add cards. A Window opens indicating that you already have all the cards on your home page. Close the window by select the X on top-right corner of the window.

  7. Selecting the ellipses on the top-right of any card will provide more actions you can take.

  8. You can also move the cards around. Hover your mouse cursor over the title bar of any card, when you’ll get a cross shaped cursor select the card and move it to your desired location.

  9. Selecting the title of a card will take you to additional information for that topic. You’ll explore this in the next task.

  10. The left navigation panel provides links/access to information that is part of Microsoft’s Extended Detection and Response (XDR solution) which includes incidents & alerts, hunting, action center, threat analytics, secure score and more. It also includes quick access to Microsoft Defender for Endpoint (the links listed under Endpoints, Defender for Office for 365 (links listed under Email and Collaboration), Microsoft Defender for Cloud Apps (links under Cloud apps). Explore these options by selecting some of the links. To return to the home page of the Microsoft 365 Defender portal, select Home on the left navigation panel.

  11. Keep the browser window open.

Demo Part 2

In this part of the demo, you’ll show how Microsoft Secure Score can help an organization improve its security posture.

  1. From the Welcome page of the Microsoft 365 Defender portal, select Microsoft Secure Score, from the title bar of the card (the text will turn blue). Alternatively, you can select Secure score from the left navigation panel.

  2. The Microsoft Secure Score page opens to the Overview tab. Microsoft Secure Score is a measurement of an organization’s security posture. Your organization’s secure score is shown as a percentage, along with the number of points you’ve achieved out of the total possible points and broken down by category. Select Include, next to where it says Your secure score. you can choose for the view of your score to include the achievable score, Planned score, and Current license score.

  3. The overview page also includes top improvement actions, comparison score, history, and additional resources.

  4. Select Improvement actions from the top of the page. Notice the information available for each item in the table.

  5. Selecting an item from the list provides detailed information. Select Require MFA for Administrative roles. Note how you can update the status of the action plan and the detailed information for implementation of the action.

  6. From the top left of the page, select Manage. A new browser tab opens and takes you directly to the Conditional Access Policies page. Return to Microsoft secure score tab on your browser to return to the improvement action page for requiring MFA for administrative roles. From the top right corner of the window, select the X to close this window and return the improvement actions page.

  7. Select the History tab from the top of the page. Some activities may show negative points. As described in the activity field this may be because an item was removed because it was no longer relevant. Select an item from the history table. On the top-right of the details page, under History, select X events (where X is a number). The action history window opens and provides more information. Select Close on the bottom of the page, then select the X on the top-right corner of the details page to return to the History page.

  8. From the top of the page, select Metrics & trends. Note the available information. From the top-right corner of the page, select the calendar icon. You can narrow down the view to a custom date range. Selecting the filter icon, allows you to filter the view by Identity, Devices, and/or apps. Close the window and select Home from the left navigation panel to return to the Microsoft 365 Defender home page.

  9. Close the browser page.

Review

In this demo, you explored the Microsoft 365 Defender portal by walking through the content displayed on the landing page, you explored the options on the navigation panel that provides quick access to functionality that is part of Microsoft’s Extended Detection and Response (XDR) solution, Microsoft Defender for Endpoints, and Microsoft Defender for Office 365 (email and collaboration). Lastly you showed how Microsoft Secure Score can help an organization improve its security posture.