在 Microsoft 365 安全中心分析用户Analyze users in Microsoft 365 security center

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用于:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

事件分析的一部分可能包括用户帐户。Part of your incident analysis can include user accounts. 从"事件 " 和"用户"中事件 &">">****开始Start with the Users tab for an incident from Incidents & alerts > incident > Users.

事件的用户页面示例

若要获取事件的用户帐户的快速摘要,请选择用户帐户名称旁边的选中标记。To get a quick summary of a user account for the incident, select the check mark next to the user account name. 下面是一个示例。Here's an example.

Microsoft 365 安全中心内事件的用户帐户摘要窗格示例

备注

用户页面显示 Azure Active Directory (AD) 组织以及组,帮助你了解与用户关联的组和权限。The User page shows Azure Active Directory (AD) organization as well as groups, helping you understand the groups and permissions associated with a user.

在此飞出页面中,你可以查看用户威胁信息,包括任何当前事件、活动警报和风险级别以及用户曝光、帐户、设备等。In this fly-out page, you can review user threat information, including any current incidents, active alerts, and risk level as well as user exposure, accounts, devices, and more.

此外,你可以直接在 Microsoft 365 安全中心采取措施来解决受损用户的问题,确认用户受到威胁或要求他们重新登录。In addition, you can take action directly in the Microsoft 365 security center to address a compromised user, confirming the user is compromised or requiring them to sign in again.

从此处,可以选择" 转到用户页面 "以查看用户帐户的详细信息。From here, you can select Go to user page to see the details of a user account. 下面是一个示例。Here's an example.

Microsoft 365 安全中心内事件的用户帐户页面示例

您还可以通过从"用户"页上的列表中选择用户帐户的名称来 查看此页面。You can also see this page by selecting the name of the user account from the list on the Users page.

Microsoft 365 安全中心用户页面将来自 Microsoft Defender for Endpoint、Microsoft Defender for Identity 和 Microsoft Cloud App Security (的信息合并在一起,具体取决于你拥有哪些) 。The Microsoft 365 security center user page combines information from Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Microsoft Cloud App Security (depending on what licenses you have).

此页面显示特定于用户帐户安全风险的信息。This page shows information specific to the security risk of a user account. 这包括一个分数,可帮助评估风险以及导致用户的整体风险的最新事件和警报。This includes a score that helps assess risk and recent events and alerts that contributed to the overall risk of the user.

在此页中,你可以执行以下附加操作:From this page, you can do these additional actions:

  • 将用户帐户标记为已泄露Mark the user account as compromised
  • 要求用户重新登录Require the user to sign in again
  • 暂停用户帐户Suspend the user account
  • 请参阅 Azure Active Directory (Azure AD) 用户帐户设置See the Azure Active Directory (Azure AD) user account settings
  • 查看用户帐户拥有的文件View the files owned by the user account
  • 查看与该用户共享的文件。View files shared with this user.

下面是一个示例。Here's an example.

Microsoft 365 安全中心内针对事件的用户帐户的操作示例