Lab: Explore the Microsoft 365 Defender portal

This lab maps to the following Learn content:

  • Learning Path: Describe the capabilities of Microsoft security solutions
  • Module: Describe the threat protection capabilities of Microsoft 365
  • Unit: Describe the Microsoft 365 Defender portal

Lab scenario

In this lab, you’ll explore the Microsoft 365 Defender portal by walking through the content displayed on the landing page. You’ll also explore the options on the navigation panel that provide quick access to functionality that is part of Microsoft’s Extended Detection and Response (XDR) solution: Microsoft Defender for Endpoints, and Microsoft Defender for Office 365 (email and collaboration). Lastly you’ll also explore how Microsoft Secure Score can help an organization improve its security posture.

Estimated Time: 10-15 minutes

Task 1

Explore the Microsoft 365 Defender landing page.

  1. Open Microsoft Edge. In the address bar, enter admin.microsoft.com.

  2. Sign in with your admin credentials.

    1. In the Sign-in window, enter admin@WWLxZZZZZZ.onmicrosoft.com (where ZZZZZZ is your unique tenant ID provided by your lab hosting provider) then select Next.

    2. Enter the admin password provided by your lab hosting provider. Select Sign in.
    3. When prompted to stay signed- in, select Yes. This takes you to the Microsoft 365 admin center page.

  3. From the left navigation pane of the Microsoft 365 admin center, select Security. If you don’t see Security listed, select Show all, then select Security. A new browser page opens to the welcome page of the Microsoft 365 Defender portal.

  4. If this is the first time you visit the Microsoft 365 Defender portal, you may get a pop-up window to take a quick tour. It is recommended that you complete the tour. Select Take a quick tour. Read the description provided in each pop-up window, then select Next. Continue through the tour until you get to the end, then select Done.

  5. The welcome page of the Microsoft 365 Defender portal, shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Scroll through the page to view the default set of cards for your role as global admin.

  6. The cards displayed can be customized to your preference. Select + Add cards. A Window opens indicating that you already have all the cards on your home page. Close the window by select the X on top-right corner of the window.

  7. Selecting the ellipses on the top-right of any card will provide more actions you can take.

  8. You can also move the cards around. Hover your mouse cursor over the title bar of any card, when you’ll get a cross shaped cursor select the card and move it to your desired location.

  9. Selecting the title of a card will take you to additional information for that topic. You’ll explore this in the next task.

  10. The left navigation panel provides links/access to information that is part of Microsoft’s Extended Detection and Response (XDR solution) which includes incidents & alerts, hunting, action center, threat analytics, secure score and more. It also includes quick access to Microsoft Defender for Endpoint (the links listed under Endpoints, Defender for Office for 365 (links listed under Email and Collaboration), Microsoft Defender for Cloud Apps (links under Cloud apps). Explore these options by selecting some of the links. To return to the home page of the Microsoft 365 Defender portal, select Home on the left navigation panel.

  11. Keep the browser window open.

Task 2

In this task, you’ll explore how Microsoft Secure Score can help an organization improve its security posture.

  1. From the Welcome page of the Microsoft 365 Defender portal, select Microsoft Secure Score, from the title bar of the card (the text will turn blue). Alternatively, you can select Secure score from the left navigation panel.

  2. The Microsoft Secure Score page opens to the Overview tab. Microsoft Secure Score is a measurement of an organization’s security posture. Your organization’s secure score is shown as a percentage, along with the number of points you’ve achieved out of the total possible points and broken down by category. Select Include, next to where it says Your secure score. A small window opens that allows you to include the achievable score, Planned score, and Current license score in the breakdown of your organization’s secure score. Select Include again to close the window.

  3. The overview page also includes top improvement actions, comparison score, history, and additional resources.

  4. Select Recommended actions from the top of the page. Notice the information available in the table, for each item, which includes score impact and points achieved.

  5. Selecting an item from the list provides detailed information. Select Require MFA for Administrative roles and review the available information. Select Edit status & action plan. In the window that opens, note the status options available. Select the X at the top right corner to close this window

  6. Select the History tab from the top of the page. Select an item from the history table. A detailed page for the selected item opens. Explore the options available. To exit out of the details page and return to the History page, select the X on the top-right corner of the page.

  7. From the top of the page, select Metrics & trends. Note the available information. From the top-right corner of the page, select the calendar icon. You can narrow down the view to a custom date range. Selecting the filter icon, allows you to filter the view by Identity and/or apps. Close the window and select Home from the left navigation panel to return to the Microsoft 365 Defender home page.

  8. Close all the open browser tabs.

Review

In this lab, you explored the Microsoft 365 Defender portal by walking through the content displayed on the landing page, you explored the options on the navigation panel that provides quick access to functionality that is part of Microsoft’s Extended Detection and Response (XDR) solution, Microsoft Defender for Endpoints, and Microsoft Defender for Office 365 (email and collaboration). Lastly you explored how Microsoft Secure Score can help an organization improve its security posture.