Lab: Explore the Microsoft Defender portal

This lab maps to the following Learn content:

  • Learning Path: Describe the capabilities of Microsoft security solutions
  • Module: Describe the threat protection capabilities of Microsoft Defender XDR
  • Unit: Describe the Microsoft Defender portal

Lab scenario

In this lab, you’ll explore the Microsoft Defender portal by walking through the content displayed on the landing page. You’ll also explore the options on the navigation panel that provide quick access to functionality that is part of Microsoft’s Extended Detection and Response (XDR) solution: Microsoft Defender for Endpoints, and Microsoft Defender for Office 365 (email and collaboration). Lastly you’ll also explore how Microsoft Secure Score can help an organization improve its security posture.

Estimated Time: 30 minutes

Task 1

Explore the Microsoft Defender landing page.

  1. Open Microsoft Edge. In the address bar, enter admin.microsoft.com.

  2. Sign in with your admin credentials.
    1. In the Sign-in window, enter admin@WWLxZZZZZZ.onmicrosoft.com (where ZZZZZZ is your unique tenant ID provided by your lab hosting provider) then select Next.
    2. Enter the admin password provided by your lab hosting provider. Select Sign in.
    3. Depending on your lab hoster and if this is the first time you are logging in to the tenant, you may be prompted to complete the MFA registration process. If so, follow the prompts on the screen to setup MFA.
    4. Once you’re signed-in, you’re taken to the Microsoft 365 admin center page.

  3. From the left navigation pane of the Microsoft 365 admin center, under Admin centers, select Security. If you don’t see Security listed, select Show all, then select Security. A new browser page opens to the welcome page of the Microsoft Defender portal.

  4. If this is the first time you visit the Microsoft 365 Defender portal, you may get a pop-up window to take a quick tour. You can choose to take the brief tour or close the window.

  5. The home page of the Microsoft Defender portal shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Scroll through the page to view the default set of cards for your role as global admin.

  6. The cards displayed can be customized to your preference. Select + Add cards. A Window opens that displays any cards that are available to add to your home page. You may already have all cards displayed in which case you will see the note, “You already have all the cards on your home page.” Close the window by select the X on top-right corner of the window.

  7. Selecting the ellipses on the top-right of any card will provide the option to remove the card from the landing page.

  8. You can also move the cards around. Hover your mouse cursor over the title bar of any card, when you’ll get a cross shaped cursor select the card and move it to your desired location.

  9. Some cards have buttons on the bottom of the card that are selectable. The title of some cards serve as a link to the page for that topic. For example, if you select the title of the Microsoft Secure Score card, it will take you to the Microsoft Secure Score page. You’ll explore more about Microsoft Secure Score in a subsequent section of this lab.

  10. Keep the browser window open.

Task 2

In this part of the lab, you’ll explore some of the options available from the left navigation panel of the Defender portal. Through the Microsoft Defender portal, Microsoft delivers on the promise of a unified security operations platform. The Microsoft Defender portal combines protection, detection, investigation, and response to threats across your entire organization and all its components, in a central place.

  1. Explore the left navigation panel, at will.

  2. To return to the home page of the Microsoft Defender portal, select Home on the left navigation panel.

Task 3

In this task, you’ll explore how Microsoft Secure Score can help an organization improve its security posture.

  1. You should still be in the Microsoft Defender portal. From the left navigation panel, expand Exposure Management than select Secure score. If Exposure Management is not shown in your tenant, then from the Welcome page of the Microsoft Defender portal, scroll down until you see the card for Microsoft Secure Score. Select the title of the card (the text will turn blue when you place your mouse cursor over the title of the card).

  2. The Microsoft Secure Score page opens to the Overview tab. Microsoft Secure Score is a measurement of an organization’s security posture. Your organization’s secure score is shown as a percentage, along with the number of points you’ve achieved out of the total possible points and broken down by category. Select Include, next to where it says Your secure score. A small window opens that allows you to include the achievable score, Planned score, and Current license score in the breakdown of your organization’s secure score. Select Include again to close the window.

  3. The overview page also includes top improvement actions, comparison score, history, and additional resources.

  4. Select Recommended actions from the top of the page. Notice the information available in the table.

  5. Select the first item from the list and review the available information. In the window that opens, note the status options available. Select the Implementation tab to view to view information related to implementation. Select the X at the top right corner to close this window.

  6. Select the History tab from the top of the page. For each activity listed there is a brief statement that provides context. Select an item from the history table. On the top-right of the details page, under History, select X events (where X is a number). The action history window opens and provides more information. Select Close on the bottom of the page, then select the X on the top-right corner of the details page to return to the History page.

  7. From the top of the page, select Metrics & trends. Note the available information. From the top-right corner of the page, select the calendar icon. You can narrow down the view to a custom date range. Selecting the filter icon, allows you to filter the view by Identity and/or apps. Close the window and select Home from the left navigation panel to return to the Microsoft Defender home page.

  8. Close all the open browser tabs.

Review

In this lab, you explored the Microsoft Defender portal by walking through the content displayed on the landing page, you explored the options on the navigation panel that provides quick access to functionality that is part of Microsoft’s Extended Detection and Response (XDR) solution, Microsoft Defender for Endpoints, and Microsoft Defender for Office 365 (email and collaboration). Lastly you explored how Microsoft Secure Score can help an organization improve its security posture.