统一 Microsoft 365 安全中心概述The unified Microsoft 365 security center overview

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用于:Applies to:

希望体验 Microsoft 365 Defender?Want to experience Microsoft 365 Defender? 你可在验室环境中评估生产中运行试点项目You can evaluate it in a lab environment or run your pilot project in production.

改进的 Microsoft 365 安全中心 () 中心门户中对电子邮件、协作、标识和设备威胁的保护、检测、调查和 https://security.microsoft.com 响应。 The improved Microsoft 365 security center (https://security.microsoft.com) combines protection, detection, investigation, and response to email, collaboration, identity, and device threats, in a central portal.

Microsoft 365 安全中心将现有 Microsoft 安全门户(如 Microsoft Defender 安全中心和 Office 365 安全与合规中心)&功能。Microsoft 365 security center brings together functionality from existing Microsoft security portals, like Microsoft Defender Security Center and the Office 365 Security & Compliance center. 安全中心强调快速访问信息、简化布局以及将相关信息汇集在一起以便于使用。The security center emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. 此中心包括:This center includes:

  • Microsoft Defender for Office 365 Microsoft Defender for Office 365 通过一组保护电子邮件和 Office 365 资源的预防、检测、调查和搜寻功能帮助组织保护其企业。Microsoft Defender for Office 365 Microsoft Defender for Office 365 helps organizations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
  • Microsoft Defender for Endpoint 为贵组织的设备提供预防性保护、攻破后检测、自动调查和响应。Microsoft Defender for Endpoint delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization.
  • Microsoft 365 Defender 是 Microsoft 扩展检测和响应 ( XDR) 解决方案的一部分,该解决方案利用 Microsoft 365 安全项目组合自动分析跨域的威胁数据,并生成单个仪表板上攻击的图片。Microsoft 365 Defender is part of Microsoft’s Extended Detection and Response (XDR) solution that leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, and build a picture of an attack on a single dashboard.

如果需要有关 Office 365 安全中心或 Microsoft Defender 安全中心&更改的信息,请参阅:If you need information about what's changed from the Office 365 Security & Compliance center or the Microsoft Defender Security Center, see:

备注

Microsoft 365 安全门户使用和强制执行现有的基于角色的访问,并且将每个安全模型移动到统一门户。The Microsoft 365 security portal uses and enforces existing roles-based access, and will move each security model into the unified portal. 每个聚合工作负荷 (如 MDO 或 MDE) 都有自己的基于角色的访问。Each converged workload (such as MDO or MDE) has its own roles-based access. 产品中已有的角色将自动聚合到 Microsoft 365 安全门户中。The roles already in the products will be converged into the Microsoft 365 security portal, automatically. 但是,MCAS 的角色和权限仍将在 MCAS 中处理。However, roles and permissions for MCAS will still handled over in MCAS.

预期结果What to expect

在 Office 365 安全与合规中心 (protection.office.com) 和 Microsoft Defender 安全中心 (securitycenter.microsoft.com) 中使用的所有安全内容现在都可以在 Microsoft 365 安全中心找到。All the security content that you use in the Office 365 Security and Compliance Center (protection.office.com) and the Microsoft Defender security center (securitycenter.microsoft.com) can now be found in the Microsoft 365 security center.

Microsoft 365 安全中心将来自不同工作负载的信号引入一组统一体验,可帮助安全团队调查和响应攻击::Microsoft 365 security center helps security teams investigate and respond to attacks by bringing in signals from different workloads into a set of unified experiences for:

  • 事件&警报Incidents & alerts
  • 搜寻Hunting
  • 操作中心Action Center
  • 威胁分析Threat analytics

Microsoft 365 安全中心在将 Microsoft Defender for Office 365 和 Microsoft Defender for Endpoint 合并时强调统一、清晰和共同的目标。The Microsoft 365 security center emphasizes unity, clarity, and common goals as it merges Microsoft Defender for Office 365 and Microsoft Defender for Endpoint. 合并基于下面列出的优先级,在不影响每个安全套件组合提供的功能的情况下进行:The merge was based on the priorities listed below, and made without sacrificing the capabilities that each security suite brought to the combination of:

  • 常见构建基块Common building blocks
  • 常用术语Common terminology
  • 常见实体Common entities
  • 与其他工作负荷的功能奇偶校验Feature parity with other workloads

备注

无需客户执行迁移步骤或购买新许可证,即可访问统一的 Microsoft 365 安全中心。The unified Microsoft 365 security center will be accessible without any need for customers to take migration steps or purchase a new license. 例如,具有 E3 订阅的管理员可以访问这个新门户,就像使用 Microsoft Defender for Office 365 计划 1 和计划 2 的管理员一样;但是,Exchange Online Protection 或 MDO 计划 1 客户只能看到其订阅许可证支持的安全功能。For example, this new portal will be accessible to administrators with an E3 subscription, just as it is to those with Microsoft Defender for Office 365 Plan 1 and Plan 2; however, Exchange Online Protection, or MDO Plan 1 customers will see only the security features their subscription license supports. 新中心的目标是集中安全性。The goal of the new center is to centralize security.

统一调查Unified investigations

聚合安全中心为调查 Microsoft 365 中的安全事件创建了一个单独位置。Converging security centers creates a single place for investigating security incidents across Microsoft 365. 主要 示例是 Microsoft 365 &快速 启动 时事件和警报下的事件。A primary example is Incidents under Incidents & alerts on the quick launch of the Microsoft 365 security center.

Microsoft 365 安全中心中的"事件"页面。

选择事件名称将显示一个页面,该页面演示聚合安全中心的价值。Selecting an incident name displays a page that demonstrates the value of converging security centers.

Microsoft 365 安全中心内事件的"摘要"页面示例

在事件页面顶部,你将看到摘要、警报、设备、用户邮箱、调查和 证据 选项卡。 Along the top of an incident page, you'll see the Summary, Alerts, Devices, Users, Mailboxes, Investigations, and Evidence tabs. 选择这些选项卡可获取更多详细信息。Select these tabs for more detailed information. 例如,"用户"选项卡显示聚合工作负载 (Microsoft Defender for Endpoint、Microsoft Defender for Identity 和 Microsoft Cloud App Security) 以及一系列源(如本地 Active Directory 域服务 (AD DS) 、Azure Active Directory (Azure AD) 和第三方标识提供程序)的用户的信息。For example, the Users tab displays information for users from converged workloads (Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Microsoft Cloud App Security) and a range of sources such as on-premises Active Directory Domain Services (AD DS), Azure Active Directory (Azure AD), and third-party identity providers. 有关详细信息,请参阅 调查用户For more information, see investigate users.

花时间查看环境中的事件,深入了解这些选项卡,并实践了解如何访问为不同类型的威胁事件提供的信息。Take the time to review the incidents in your environment, drill down into these tabs, and practice building an understanding of how to access the information provided for incidents for different kinds of threats.

有关详细信息,请参阅 Microsoft 365 安全中心内的事件For more information, see incidents in the Microsoft 365 security center.

改进的流程Improved processes

常用控件和内容要么显示在同一位置,要么压缩为一个数据馈送,以便于查找。Common controls and content either appear in the same place, or are condensed into one feed of data making it easier to find. 例如,统一设置。For example, unified settings.

统一设置Unified settings

单击"角色"并打开"设置"页,其中包括常规设置、权限、API 和规则。

角色&权限Permissions & roles

"&角色"页显示终结点角色&组、角色和设备组。

访问 Microsoft 365 安全中心使用 Azure Active Directory 全局角色或自定义角色进行配置。Access the Microsoft 365 security center is configured with Azure Active Directory global roles or by using custom roles. 对于适用于终结点的 Defender,请参阅 分配用户对 Microsoft Defender 安全中心的访问权限For Defender for Endpoint, see Assign user access to Microsoft Defender Security Center. 对于适用于 Office 365 的 Defender,请参阅 Microsoft 365 合规中心和 Microsoft 365 安全中心中的权限For Defender for Office 365, see Permissions in the Microsoft 365 compliance center and Microsoft 365 security center.

备注

Microsoft 365 安全中心中的 Microsoft Defender for Endpoint 支持向托管安全服务提供商 (MSSP) 授予访问权限,方式与在 Microsoft Defender安全中心授予访问权限的方式相同。Microsoft Defender for Endpoint in the Microsoft 365 security center supports granting access to managed security service providers (MSSPs) in the same that way access is granted in the Microsoft Defender security center.

集成报告Integrated reports

Microsoft 365 安全中心也统一了报告。Reports are also unified in the Microsoft 365 security center. 管理员可以从一般安全报告开始,分支到有关终结点、电子邮件和协作&报告。Admins can start with a general security report, and branch into specific reports about endpoints, email & collaboration. 此处的链接基于工作负荷配置动态生成。The links here are dynamically generated based upon workload configuration.

快速查看 Microsoft 365 环境Quickly view your Microsoft 365 environment

主页 显示 安全团队所需的许多公用卡片。The Home page shows many of the common cards that security teams need. 卡片和数据的组合取决于用户角色。The composition of cards and data is dependent on the user role. 由于 Microsoft 365 安全中心使用基于角色的访问控制,因此不同的角色将看到对日常工作更有意义的卡片。Because the Microsoft 365 security center uses role-based access control, different roles will see cards that are more meaningful to their day to day jobs.

此概览信息可帮助您了解组织中的最新活动。This at-a-glance information helps you keep up with the latest activities in your organization. Microsoft 365 安全中心将来自不同来源的信号汇集在一起,以呈现 Microsoft 365 环境的整体视图。The Microsoft 365 security center brings together signals from different sources to present a holistic view of your Microsoft 365 environment.

卡片分为以下类别:The cards fall into these categories:

具有更好的数据覆盖范围的威胁分析Threat analytics with better data coverage

通过以下 Microsoft 365 Defender 威胁分析集成体验跟踪和响应新出现的威胁:Track and respond to emerging threats with the following Microsoft 365 Defender threat analytics integrated experience:

  • Microsoft Defender for Endpoint 和 Microsoft Defender for Office 365 之间的数据覆盖范围更好,从而可以跨域进行联合事件管理、自动调查、修正以及主动或被动威胁搜寻。Better data coverage between Microsoft Defender for Endpoint and Microsoft Defender for Office 365, making combined incident management, automatic investigation, remediation, and proactive or reactive threat hunting across-domain possible.
  • 来自 Microsoft Defender for Office 365 的电子邮件相关检测和缓解,以及 Microsoft Defender for Endpoint 中已提供的终结点数据。Email-related detections and mitigations from Microsoft Defender for Office 365, in addition to the endpoint data already available from Microsoft Defender for Endpoint.
  • 威胁相关事件的视图,将警报聚合到跨 Microsoft Defender for Endpoint 和 Microsoft Defender for Office 365 的端到端攻击案例,以减少工作队列,以及简化和加快调查。A view of threat-related incidents which aggregate alerts into end-to-end attack stories across Microsoft Defender for Endpoint and Microsoft Defender for Office 365 to reduce the work queue, as well as simplify and speed up your investigation.
  • Microsoft 365 Defender 解决方案检测到并阻止的攻击尝试。Attack attempts detected and blocked by Microsoft 365 Defender solutions. 还有一些数据可用于推动预防性操作,以缓解进一步暴露的风险并增加恢复能力。There's also data that you can use to drive preventive actions that mitigate the risk of further exposure and increase resilience.
  • 增强型设计,将可操作信息置于聚焦中,帮助你快速识别数据以紧急关注、调查和利用报告。Enhanced design that puts actionable information in the spotlight to help you quickly identify data to urgently focus on, investigate, and leverage from the reports.

集中式学习中心A centralized Learning Hub

Microsoft 365 安全中心包括一个学习中心,从 Microsoft 安全博客、YouTube 上的 Microsoft 安全社区以及 docs.microsoft.com 上的官方文档等资源中提供正式指导。The Microsoft 365 security center includes a learning hub that bubbles up official guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation at docs.microsoft.com.

在学习中心内,Email & Collaboration (Microsoft Defender for Office 365 或 MDO) 指南与 Endpoint (Microsoft Defender for Endpoint 或 MDE) 以及 Microsoft 365 Defender 学习资源并排提供。Inside the learning hub, Email & Collaboration (Microsoft Defender for Office 365 or MDO) guidance is side-by-side with Endpoint (Microsoft Defender for Endpoint or MDE), and Microsoft 365 Defender learning resources.

学习中心将打开,学习路径围绕"如何使用 Microsoft 365 Defender 进行调查?"等主题组织。The learning hub opens with Learning paths organized around topics such as “How to Investigate Using Microsoft 365 Defender?” 和"Microsoft Defender for Office 365 最佳做法"。and “Microsoft Defender for Office 365 Best Practices”. 此部分当前由 Microsoft 内部的安全产品组提供。This section is currently curated by the security Product Group inside Microsoft. 每个学习路径反映了了解概念所花的预计时间。Each Learning path reflects a projected time it takes to get through the concepts. 例如,"Microsoft Defender for Office 365 用户帐户泄露时要执行的步骤"预计需要 8 分钟,并且会进行一些有价值的学习。For example 'Steps to take when a Microsoft Defender for Office 365 user account is compromised' is projected to take 8 minutes, and is valuable learning on the fly.

单击内容后,为该网站添加书签,将书签组织到"安全"或"关键"文件夹中可能很有用。After clicking through to the content, it may be useful to bookmark this site and organize bookmarks into a 'Security' or 'Critical' folder. To see all Learning paths, click the Show all link in the main panel.To see all Learning paths, click the Show all link in the main panel.

备注

Microsoft 365 安全中心学习中心顶部有一些有用的筛选器,可让你选择当前为 Microsoft 365 Defender 的产品 (Microsoft Defender for Endpoint 和 Microsoft Defender for Office 365) 。 There are helpful filters along the top of the Microsoft 365 security center learning hub that will let you choose between products (currently Microsoft 365 Defender, Microsoft Defender for Endpoint, and Microsoft Defender for Office 365). 请注意,列出了每个部分的学习资源数量,这可以帮助学习者跟踪他们有多少资源可用于培训和学习。Notice that the number of learning resources for each section is listed, which can help learners keep track of how many resources they have at hand for training and learning.

除产品筛选器外,还列出了当前主题、 (网络研讨会) 、对安全区域、安全角色和产品功能的熟悉程度或经验。Along with the Product filter, current topics, types of resources (from videos to webinars), levels of familiarity or experience with security areas, security roles, and product features are listed.

提示

Microsoft Learn 中有很多其他 学习机会There are lots of other learning opportunities in Microsoft Learn. 你将找到认证培训,如 MS-500T02-A:实施 Microsoft 365 威胁防护课程You'll find certification training such as Course MS-500T02-A: Implementing Microsoft 365 Threat Protection.

向我们发送反馈Send us your feedback

我们需要你提供反馈。We need your feedback. 我们一直在希望改进,因此如果你希望查看某些内容,请将 你的 Microsoft 365 Defender 反馈发送给我们We're always looking to improve, so if there's something you'd like to see, send us your Microsoft 365 Defender feedback.

您还可以从本文留下反馈。You can also leave feedback from this article. 在"提交和查看反馈"结尾的"反馈"部分中,选项为 "此 产品"或 "此页面"。In the 'Feedback' section at the end under 'Submit and view feedback for', the options are This product, or This page.

使用 "此产品 "按钮获得 产品 反馈:Use the This product button for product feedback:

  1. 文章 底部选择"此产品"。Select This product at the bottom of the article.
    1. 如果要继续阅读这些方向,请右键单击该按钮,然后单击"在新建选项卡中打开"。Right-click the button and 'Open in a new tab' if you want to keep reading these directions.
  2. 这将导航到 UserVoice 论坛This will navigate to the UserVoice forum.
  3. 有 2 个选项:You have 2 options:
    1. 向下滚动到文本框 "我们可以如何在 Office 365 中提高合规性或更好地保护你的用户?",并粘贴到 Microsoft 365 安全中心Scroll down to the text box How can we improve compliance or protect your users better in Office 365? and paste in Microsoft 365 security center. 可以在结果中搜索类似你的想法并投票,或使用"发布新想法 "按钮You can search the results for an idea like yours and up-vote it, or use the button for Post a new idea.
    2. 如果确定已报告此问题,并且想要通过投票 (或) ,请使用 UserVoice 右边的"提供反馈"框。 If you feel certain this issue is already reported, and want to raise its profile with a vote (or votes), use the Give Feedback box on the right side of UserVoice. 搜索 Microsoft 365 安全中心,查找问题,并使用投票 按钮 提升其状态。Search for Microsoft 365 security center, find the issue, and use the vote button to raise its status.

使用 此页面 可就文章本身提供反馈。Use This page for feedback on the article itself. 感谢您的反馈。Thanks for your feedback. 您的声音可帮助我们改进产品。Your voice helps us improve products.

探索安全中心必须提供哪些功能Explore what the security center has to offer

继续探索 Microsoft 365 安全中心中的特性和功能:Keep exploring the features and capabilities in the Microsoft 365 security center: