Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint
The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.
Integrating Microsoft Defender for Office 365 with Microsoft Defender for Endpoint can help your security operations team monitor and take action quickly if users' devices are at risk. For example, once integration is enabled, your security operations team will be able to see the devices that are potentially affected by a detected email message, as well as how many recent alerts were generated for those devices in Microsoft Defender for Endpoint.
The following image depicts what the Devices tab looks like when you have Microsoft Defender for Endpoint integration enabled:
In this example, you can see that the recipients of the detected email message have four devices and one has an alert. Clicking the link for a device opens its page in Microsoft 365 Defender (formerly the Microsoft Defender security center).
The Microsoft 365 Defender portal replaces the Microsoft Defender Security Center. See Microsoft Defender for Endpoint in Microsoft 365 Defender.
Your organization must have Microsoft Defender for Office 365 (or Office 365 E5) and Microsoft Defender for Endpoint.
You must be a global administrator or have a security administrator role (such as Security Administrator) assigned in Microsoft 365. For more information, see Permissions in the Microsoft 365 Defender portal.
You must have access to Explorer (or real-time detections).
To integrate Microsoft Defender for Office 365 with Microsoft Defender for Endpoint
Integrating Microsoft Defender for Office 365 with Microsoft Defender for Endpoint is set up in both Defender for Endpoint and Defender for Office 365.
As a global administrator or a security administrator,https://security.microsoft.com/threatexplorer.
In the navigation pane, choose Email & collaboration > Explorer.
On the Explorer page, in the upper right corner of the screen, click MDE Settings.
In the Microsoft Defender for Endpoint connection flyout that appears, turn on Connect to Microsoft Defender for Endpoint () and then click Close.
Back in the navigation pane, choose Settings. On the Settings page, choose Endpoints
On the Endpoints page that opens, choose Advanced features.
Scroll down to Office 365 Threat Intelligence connection, and turn it on ().
When you're finished, click Save preferences.