Microsoft 365 Security Portals
Managing the online security of your company is always a challenge as cyber threats are constantly evolving.
Managing the online security of your company is always a challenge as cyber threats are constantly evolving. No matter how well prepared you are to face any disruption, security is not a one-time investment, but an ongoing process. It can be difficult to find the right level of control to also keep the accessibility and productivity balanced at the same time.
To address this issue, Microsoft 365 created the Security Center. Microsoft 365 offers an amazing set of tools and platforms to track and continuously improve the security state of your organization. There are several places where you can find those tools. For instance, you have 7 different portals such as:
Cloud App Security Portal
Security & Compliance Center
Azure Security Center portal
Microsoft Defender Security Portal
Microsoft 365 security center
Azure ATP portal
Microsoft 365 compliance center
In this article, together with my colleague, Tudor Ispas, we will share our tested and true approach for choosing the right portal for your company's security needs. We want to get to the point as quickly as possible, so for this article, we are going to skip all licensing-related aspects.
That said, if you are just getting into the whole bucket of security services in Microsoft 365 and want to learn a thing or two about on-line security solutions, read on!
Cloud App Security
Well, this one is a beast. A Swiss Army knife of visibility and protection of your data in the cloud.
Use it if you want to:
Perform a cloud discovery: apps, users, IPs, traffic, locations and more
Shadow IT discovery
Add new applications to track and control
Enjoy a full-blown transparency of logs and reports on literally everything
Create new policies based on the existing templates
Analyze threats such as risky sign-in, ransomware, mass downloads, Azure AD threat intelligence pointers and so much more
Truly, it's a thing of great beauty.
Security & Compliance Center
Firstly, this portal seems to be continuously absorbed by both Microsoft 365 compliance center and Microsoft 365 security center, thus we should eventually have specialized workloads under compliance.microsoft.com and security.microsoft.com respectfully. As a result of this process, while cruising through compliance or security, you will occasionally get redirected to protection. In fact, security will sometimes redirect you to the Cloud App Security as well.
Use protection.office if you want to:
See and manage alerts related to Exchange online
See and manage alerts related to Office 365 ATP
See, trigger and manage investigations
Create and manage labels, DLP and ATP policies and more
Azure Security Center portal
The keyword here is "Subscription". This portal is about your subscription(s) and resources in it as well as the connected on-premises resources. Whether you'd like to get recommendations on how to improve security across your Azure environment or check alerts associated with it - this is the place. Use it if you want to:
See how your secure current environment is and change that if possible
Apply threat prevention recommendations and see alerts
Protect your on-premises resources by installing Log Analytics agent on them
Microsoft Defender Security Center
To simplify, this is a portal that gathers metrics and data from all devices across your network enrolled with Windows Defender ATP. Use it if you want to:
See the status of Microsoft Defender ATP enrollment across your devices
Work with alerts and investigations
See devices and users at risk
See how many threats impact your organization
Deep dive into potential threats to your network
Microsoft 365 security center
This is where you can check the security health of your organization. You should be able to see and manage alerts related to apps, devices, identities, data, and infrastructure. Sometimes it will still redirect you to the protection.
Use it if you want to:
Check your secure score
See and manage security alerts
See users and devices at risk
See privileged OAuth apps
To classify email messages, documents, sites, and more through labelling
It seems like we should expect this portal to develop further and consolidate everything under its own hood thus no longer redirecting to other portals for investigations or alert details.
Azure ATP Portal
This is a so-called Attack timeline portal. The entire thing is about suspicious activities detected by Advanced Threat Protection (Azure ATP). You can filter by severity and dig deeper into alerts. This functionality is also available in the Cloud App Security portal.
Use it if you want to:
Monitor and respond to the alerts detected by Azure ATP
Microsoft 365 compliance center
To be fair, this portal is about compliance in your organization. However, it's worth to be mentioned since you might notice an alert section there as well. Even though it's there, you will be redirected to protection if you wish to go deeper with individual alerts.
Use it if you want to:
Check your compliance score
Improve overall compliance posture
To conclude
As a service provider, although most of the time you end up using what business approves, you should try and educate your stakeholders about what is available on the market. Staying up to date and briefing them about what would best suit your company will make a big difference in your security compliance policy.
As a business owner, it is your responsibility to stay informed and always search for the most appropriate tools for security. You should always research the best tools out there to make sure you are protecting your data and in control of your IT.