Every Microsoft Security administrator knowns the pain: Every security product has it’s own portal, navigating these different portal can be really cumbersome. If you have an investigation that spreads between the different Defender products (Office 365, Endpoints, Identity…), you often have multiple open tabs for each of the different products.
A while ago, Microsoft launched the Microsoft Defender portal which was announced as the Unified Security portal. This week, the portal finally went to public preview: you now have a unified way to manage the security products!
While I was super exited about this portal, you should be aware that it’s not yet ‘The Portal to Rule Them All’. The portal currently includes all incidents from the following products:
- Cloud App Security
- Microsoft Defender for Endpoint
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
Managing the configuration is only possible for Defender for Endpoint and Office 365. As you can see in the screenshot to the right, almost all configurations are available from the new Security Portal. The lay-out, however, is a little bit different.
When you are first starting off with the Unified Portal, you might have to take some time to figure out where the different configurations elements are.
Once you get used to the new portal and its new lay-out, it’s such an amazing experience. I often do investigations that are surfaced from Azure Sentinel and pivot to Defender for Endpoint or Office 365 for extra information. This way, I can easily ‘hunt’ between the different products without having to pivot between the different portals.
Within the settings tab of the Security Center, you can configure the settings for the different products.
Enabling the portal
The Unified Portal isn’t enabled by default, you need to enable Preview features in the Security Portal to enable unified management. Navigate to the Microsoft Defender Portal, and go the settings. Within preview features tab, enable the preview features to enable the Unified Portal experience.
By default, the ‘old’ Security Center for MDE and Security portal are both available and usable. It is apparent that the Security portal is the portal of the future. I would recommend using this portal for your day-to-day operations and for your investigations. It will allow you to easily pivot between the different security products.
Within the Security Center, you can configure portal redirection. This means that every user will be redirected to the new Unified Portal by default.
This is the only portal that supports redirection. Microsoft Defender for Office 365 can still be managed from the Office 365 Security & Compliance portal. That portal is still used for a lot of things besides Defender for Office 365, so we don’t have the ability to shut if off just yet.
The future is bright
The preview is a really good step in the right direction for every Microsoft Security engineer. But we are not quite there yet. We are currently able to manage 2 out of 4 Defender products and I really hope we will be able to manage them all. In the meantime, feel free to delete your Security Center bookmark and start using the Unified Portal for all your Defender for Endpoint administration and operations!