Overview of the Microsoft 365 security center
Managing the security of your business to protect against an ever-evolving threat landscape brings many challenges. You might have too many security solutions with various places to configure lots of controls. You may struggle with knowing which controls are the most effective and which will introduce new challenges for your workforce. It can be difficult for security teams to find the right balance of security and productivity.
Enter Microsoft 365 security center - the new home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure. Here you can easily view the security health of your organization, act to configure devices, users, and apps, and get alerts for suspicious activity. The Microsoft 365 security center is intended to help security admins and security operations teams manage and protect their organization.
The new Microsoft 365 security center and Microsoft 365 compliance center are specialized workspaces designed to meet the needs of security and compliance teams. These solutions are integrated across Microsoft 365 services and provide actionable insights to help reduce risks and safeguard your digital estate.
Visit the Microsoft 365 security center at https://security.microsoft.com.
You must be assigned an appropriate role, such as Global Administrator, Security Administrator, Security Operator, or Security Reader in Azure Active Directory to access the Microsoft 365 security center.
At-a-glance view of your Microsoft 365 environment
The Home page shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Because the Microsoft 365 security center uses role-based access control, different roles will see cards that are more meaningful to their day to day jobs.
This at-a-glance information helps you keep up with the latest activities in your organization. The Microsoft 365 security center brings together signals from different sources to present a holistic view of your Microsoft 365 environment.
Loosely, the cards fall into these categories:
- Identities- Monitor the identities in your organization and keep track of suspicious or risky behaviors. Learn more about identity protection
- Data - Help track user activity that could lead to unauthorized data disclosure.
- Devices - Get up-to-date information on alerts, breach activity, and other threats on your devices.
- Apps - Gain insight into how cloud apps are being used in your organization. Learn more about Cloud App Security discovered apps
Explore what the security center has to offer
The Microsoft 365 security center includes:
- Home – Get at-a-glance view of the overall security health of your organization.
- Incidents - See the broader story of an attack by connecting the dots seen on individual alerts on entities. You'll know exactly where an attack started, what devices are impacted, who was affected, and where the threat has gone.
- Alerts – Have greater visibility into all the alerts across your Microsoft 365 environment. Includes alerts from Microsoft Cloud App Security, Microsoft Defender for Office 365, Azure Active Directory, Microsoft Defender for Identity, and Microsoft Defender for Endpoint. Available to E3 and E5 customers.
- Action center - Reduce the volume of alerts your security team must address manually, allowing your security operations team to focus on more sophisticated threats and other high-value initiatives.
- Reports – Get the detail and information you need to better protect your users, devices, apps, and more.
- Secure score – Improve your overall security posture with Microsoft Secure Score. This page provides an all up summary of the different security features and capabilities you've enabled and includes recommendations for areas to improve.
- Advanced hunting – Proactively search for malware, suspicious files, and activities in your Microsoft 365 organization.
- Classification – Help protect data loss by adding labels to classify documents, email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose. For example, you can create labels that encrypt files, add content marking, and control user access to specific sites.
- Policies - Set up policies to manage devices, protect against threats, and receive alerts about various activities in your org.
- Permissions - Manage who in your organization has access to view content and perform tasks in the Microsoft 365 security center. You can also assign Microsoft 365 permissions in the Azure AD Portal.
Explore these topics about monitoring, reviewing, and responding to your security needs:
- Connect the dots on alerts through Incidents
- Automatically remediate threats using Automated investigation and remediation
- Review and improve your security posture holistically with Microsoft Secure Score
- View devices on your network
- Report the status of your identities, data, devices, apps, and infrastructure
- Proactively hunt for threats for intrusion attempts and breach activity affecting your email, data, devices, and accounts
- Understand the latest attack campaigns and techniques with threat analytics