Microsoft 365 Security Portals

Managing the online security of your company is always a challenge as cyber threats are constantly evolving.

Microsoft 365 Security Portals

Managing the online security of your company is always a challenge as cyber threats are constantly evolving. No matter how well prepared you are to face any disruption, security is not a one-time investment, but an ongoing process. It can be difficult to find the right level of control to also keep the accessibility and productivity balanced at the same time.

To address this issue, Microsoft 365 created the Security Center. Microsoft 365 offers an amazing set of tools and platforms to track and continuously improve the security state of your organization. There are several places where you can find those tools. For instance, you have 7 different portals such as:

  • Cloud App Security Portal

  • Security & Compliance Center

  • Azure Security Center portal

  • Microsoft Defender Security Portal

  • Microsoft 365 security center

  • Azure ATP portal

  • Microsoft 365 compliance center

In this article, together with my colleague, Tudor Ispas, we will share our tested and true approach for choosing the right portal for your company's security needs. We want to get to the point as quickly as possible, so for this article, we are going to skip all licensing-related aspects.

That said, if you are just getting into the whole bucket of security services in Microsoft 365 and want to learn a thing or two about on-line security solutions, read on!

Cloud App Security

Well, this one is a beast. A Swiss Army knife of visibility and protection of your data in the cloud.

Use it if you want to:

  • Perform a cloud discovery: apps, users, IPs, traffic, locations and more

  • Shadow IT discovery

  • Add new applications to track and control

  • Enjoy a full-blown transparency of logs and reports on literally everything

  • Create new policies based on the existing templates

  • Analyze threats such as risky sign-in, ransomware, mass downloads, Azure AD threat intelligence pointers and so much more

Truly, it's a thing of great beauty.

Security & Compliance Center

Firstly, this portal seems to be continuously absorbed by both Microsoft 365 compliance center and Microsoft 365 security center, thus we should eventually have specialized workloads under and respectfully. As a result of this process, while cruising through compliance or security, you will occasionally get redirected to protection. In fact, security will sometimes redirect you to the Cloud App Security as well.

Use if you want to:

  • See and manage alerts related to Exchange online

  • See and manage alerts related to Office 365 ATP

  • See, trigger and manage investigations

  • Create and manage labels, DLP and ATP policies and more

Azure Security Center portal

The keyword here is "Subscription". This portal is about your subscription(s) and resources in it as well as the connected on-premises resources. Whether you'd like to get recommendations on how to improve security across your Azure environment or check alerts associated with it - this is the place. Use it if you want to:

  • See how your secure current environment is and change that if possible

  • Apply threat prevention recommendations and see alerts

  • Protect your on-premises resources by installing Log Analytics agent on them

Microsoft Defender Security Center

To simplify, this is a portal that gathers metrics and data from all devices across your network enrolled with Windows Defender ATP. Use it if you want to:

  • See the status of Microsoft Defender ATP enrollment across your devices

  • Work with alerts and investigations

  • See devices and users at risk

  • See how many threats impact your organization

  • Deep dive into potential threats to your network

Microsoft 365 security center

This is where you can check the security health of your organization. You should be able to see and manage alerts related to apps, devices, identities, data, and infrastructure. Sometimes it will still redirect you to the protection.

Use it if you want to:

  • Check your secure score

  • See and manage security alerts

  • See users and devices at risk

  • See privileged OAuth apps

  • To classify email messages, documents, sites, and more through labelling

It seems like we should expect this portal to develop further and consolidate everything under its own hood thus no longer redirecting to other portals for investigations or alert details.

Azure ATP Portal

This is a so-called Attack timeline portal. The entire thing is about suspicious activities detected by Advanced Threat Protection (Azure ATP). You can filter by severity and dig deeper into alerts. This functionality is also available in the Cloud App Security portal.

Use it if you want to:

  • Monitor and respond to the alerts detected by Azure ATP

Microsoft 365 compliance center

To be fair, this portal is about compliance in your organization. However, it's worth to be mentioned since you might notice an alert section there as well. Even though it's there, you will be redirected to protection if you wish to go deeper with individual alerts.

Use it if you want to:

  • Check your compliance score

  • Improve overall compliance posture

To conclude

As a service provider, although most of the time you end up using what business approves, you should try and educate your stakeholders about what is available on the market. Staying up to date and briefing them about what would best suit your company will make a big difference in your security compliance policy.

As a business owner, it is your responsibility to stay informed and always search for the most appropriate tools for security. You should always research the best tools out there to make sure you are protecting your data and in control of your IT.