This article is contributed. See the original author and article here.

At Ignite in September we announced Microsoft 365 Defender, a unified XDR security solution for identities, endpoints, cloud apps, email and collaboration. Since then, we’ve seen tremendous results, with customers taking advantage of deep integrations that modernize security operations and prioritize actionable insights across their enterprise assets. In fact, in one case we saw consolidation from 1,000 alerts to just 40 high-priority incidents. Built-in self-healing technology has fully automated remediation tasks in action in more than 70% of the time and helps defenders to focus on other tasks that better leverage their knowledge and expertise.


Announcing public preview of the unified security portal

We’re incredibly excited about this unified approach to threat protection, and today we announced the public preview of the new Microsoft 365 Defender and the unified security portal, which now includes Microsoft Defender for Office 365. This is an important milestone in our journey to provide consolidated security tools that deliver intelligent and integrated security across domains.


Figure 1: The new Microsoft 365 Defender portalFigure 1: The new Microsoft 365 Defender portal



Customers are now able to use the unified portal to manage security operations across Microsoft Defender for Office 365 and Microsoft Defender for Endpoint. This new portal is available at, and it contains all the Defender for Office 365 capabilities you use today, with the addition of some new features as well.


What’s new in the Security portal?

In the new converged portal, we are surfacing the same great experiences you know from Defender for Office 365 and incorporating new experiences for cross-workload detection and response to security incidents. These new capabilities can only be found in the new Microsoft 365 Defender portal, and they allow security teams to investigate and hunt in one centralized location, harnessing the power of correlation of signals across products.



Microsoft 365 Defender and the unified portal introduce new and exciting capabilities such as:

  • Incidents – a unified investigation page that correlates multiple alerts into a single incident, including details on triggering alerts, impacted assets, and deep-dive details across your endpoints, identities, cloud apps, and Office 365 environment. Learn more about incidents in Microsoft 365 Defender here.

  • Threat Analytics – detailed in-product threat intelligence reports providing in-depth analysis and context around the real-world threats tracked by Microsoft experts. Each report shows where and how your organization may be affected through incidents and alerts and provides recommendations to mitigate and prevent these threats. Learn more about Threat analytics in Microsoft 365 Defender here.

  • Email investigation page – A comprehensive view that surfaces a variety of insights and contextual data for each email, helping security teams investigate emails from a single view. Learn more about the email entity page in Microsoft 365 Defender here.   

  • Learning Hub – a collection of educational resources to help you get started, including things like blogs, how-to videos, interactive guides, and official product documentation.


Figure 2: The new email investigation page in the Microsoft 365 security centerFigure 2: The new email investigation page in the Microsoft 365 security center



In addition, the new security portal provides advanced tools for post-breach investigation, like:

  • Unified alerts queue and a new alert details page – a new look for alerts that provides a simple to use experience for alert analysis, surfaces more details on each alert, and provides a drill down to continue with a detailed investigation in Threat Explorer

  • Advanced Hunting – a tool for examination of data using custom queries

  • Automated Incident Remediation – capabilities that save SecOps teams valuable time by leveraging AI-powered automatic remediation capabilities to ensure all impacted assets related to an incident are automatically remediated where possible

  • Action Center – A centralized view of actions pending approval


What about the existing capabilities?

While the portal has changed from to, what has not changed is our mission to offer customers comprehensive protection of Office 365 against advanced threats.


Figure 3: Our comprehensive approach to securing Office 365Figure 3: Our comprehensive approach to securing Office 365



The new security portal also contains all the capabilities and dashboards your security teams use today in Defender for Office 365. These features have moved into the new security center and can be found in the Email & collaboration section of the navigation pane. Capabilities like Threat Explorer, Submissions, Quarantine, Reports, and policy creation and setting options have all been ported over. Customers will see the features that correspond to their Defender for Office 365 or E5 subscription.


If you have questions regarding the transition, check out our documentation.



Next steps

We’re incredibly excited about this update, and hope you’ll take the time to familiarize yourself with the new security home, learn all about the new capabilities, and locate your previously used tools. You can update your workflows to use the new unified portal at As we move forward towards general availability, the portal will be phased out.


Check out this video for a quick summary of some of the new capabilities for Defender for Office 365 customers.


Are you a Microsoft Defender for Endpoint customer? Learn more about how this transition affects Defender for Endpoint here.


Get involved!

Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.


Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

%d bloggers like this: