A List of Microsoft Security Portals and Admin Centers (Azure, M365, Microsoft, Windows)

The name of Microsoft cloud portals changed lots during last a couple of years. This post is to summarize some of security related portals for security operators and admins to easily jump into without confusing the names of portals and URLs.

Microsoft Security Portals

Security portals

Security operators and admins can go to the following portals to manage security-specific settings, investigate possible threat activities, respond to active threats, and collaborate with IT admins to remediate issues.

Portal name	Description	Link
Microsoft 365 Defender portal	Monitor and respond to threat activity and strengthen security posture across your identities, email, data, endpoints, and apps with Microsoft 365 Defender	security.microsoft.com
Microsoft Defender Security Center	Monitor and respond to threat activity on your endpoints using capabilities provided with Microsoft Defender for Endpoint	securitycenter.windows.com
Security & Compliance Center	Manage Exchange Online Protection and Microsoft Defender for Office 365 to protect your email and collaboration services, and ensure compliance to various data-handling regulations	protection.office.com
Defender for Cloud portal	Use Microsoft Defender for Cloud to strengthen the security posture of your data centers and your hybrid workloads in the cloud	portal.azure.com/#blade/Microsoft_Azure_Security
Microsoft Defender for Identity portal	Identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions using Active Directory signals with Microsoft Defender for Identity	portal.atp.azure.com
Defender for Cloud Apps portal	Use Microsoft Defender for Cloud Apps to get rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats on cloud services	portal.cloudappsecurity.com
Microsoft Security Intelligence portal	Get security intelligence updates for Microsoft Defender for Endpoint, submit samples, and explore the threat encyclopedia	microsoft.com/wdsi

Portals for other workloads

While these portals are not specifically for managing security, they support various workloads and tasks that can impact your security. Visit these portals to manage identities, permissions, device settings, and data handling policies.

Portal name	Description	Link
Azure portal	View and manage all your Azure resources	portal.azure.com
Azure Active Directory portal	View and manage Azure Active Directory	aad.portal.azure.com
Microsoft Purview compliance portal	Manage data handling policies and ensure compliance with regulations	compliance.microsoft.com
Microsoft 365 admin center	Configure Microsoft 365 services; manage roles, licenses, and track updates to your Microsoft 365 services	admin.microsoft.com
Microsoft Endpoint Manager admin center	Use Microsoft Endpoint Manager to manage and secure devices using combined Intune and Configuration Manager capabilities	devicemanagement.microsoft.com
Microsoft Intune portal	Use Microsoft Intune to deploy device policies and monitor devices for compliance	endpoint.microsoft.com

Microsoft 365 Defender (Microsoft Threat Protection)

Microsoft Threat Protection is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. Basically it is a  ‘one-stop-shop’ for security incident management and remediation, here are the ins and outs of Microsoft Threat Protection.

Microsoft Threat Protection unifies your incident response process by integrating key capabilities across Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP, Microsoft Cloud App Security, and Azure ATP. This unified experience adds powerful features you can access in the Microsoft 365 security center.

Microsoft Threat Protection services

TABLE 1

Microsoft Defender Advanced Threat Protection

Office 365 Advanced Threat Protection

Azure Advanced Threat Protection

Microsoft Cloud App Security

Microsoft Threat Protection suite protects:

• Endpoints with Microsoft Defender ATP - Microsoft Defender ATP is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
• Email and collaboration with Office 365 ATP - Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
• Identities with Azure ATP 
• Azure AD Identity Protection - Azure ATP uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
• Applications with Microsoft Cloud App security - Microsoft Cloud App security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Starting the service

To turn on Microsoft Threat Protection, simply select Turn on Microsoft Threat Protection and apply the change. You can also access this option by selecting Settings (security.microsoft.com/settings) in the navigation pane and then selecting Microsoft Threat Protection.

Confirm that the service is on

Once the service is provisioned, it adds:

• Incidents management
• An action center for managing automated investigation and response
• Advanced hunting capabilities

 Microsoft 365 security center with incidents management and other Microsoft Threat Protection capabilities

Azure ATP (Microsoft Defender for Identity)

https://portal.atp.azure.com/ It will auto redirect to your signed in account url , such as https://51sec.atp.azure.com/timeline

On Sep 22 2020, Microsoft made the name change , Azure ATP renamed to Microsoft Defender for Identity (previously Azure Advanced Threat Protection).

Windows Defender ATP (Microsoft Defender for Endpoint)

https://securitycenter.windows.com/

Microsoft Defender for Endpoint is the new name for Windows Defender ATP, which is a Microsoft endpoint solution effectively replaces the need for 3rd party endpoint protection solutions. Windows Defender Advanced Threat Protection uses machine intelligence and the Azure based “intelligent security graph” to detect security threats. This approach allows your business and security team to detect attacks, but also investigate and respond to cyber threats in a post-breach layer of protection.

Compared to the built-in Windows Defender feature in Windows 10, Windows Defender Advanced Threat Protection (ATP) is a significant upgrade providing pre- and post- breach protections. Using a combination of the technologies built into the Windows 10 versions (Defender, Device Guard, AppLocker) with the cloud service, Defender ATP offers a complete enterprise-level security suite.

Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:

• Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.

• Cloud security analytics: Leveraging big-data, device-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.

• Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.

Microsoft Defender ATP

TABLE 1

Threat & Vulnerability Management	Attack surface reduction	Next-generation protection	Endpoint detection and response	Automated investigation and remediation	Microsoft Threat Experts
Centralized configuration and administration, APIs
Microsoft Threat Protection

O365 ATP (Microsoft Defender for O365)

https://protection.office.com/

Around 5 years ago (April 2015) Microsoft announced Exchange Online Advanced Threat Protection (ATP), which was renamed to Office 365 Advanced Threat Protection around a year later. Now it is Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection. 

Office 365 Advanced Threat Protection is one of the three types of Advanced Threat Protection that Microsoft offers (Other two are Azure ATP and Windows Defender ATP), providing your organization with advanced security features that keep you protected from advanced cybersecurity threats!  By using Office 365 Advanced Threat Protection you can add additional protection to the email filtering service available in Office 365 called Exchange Online Protection (EOP).

Here are logical early configuration chunks:

• Configure everything with 'anti' in the name.
  • anti-malware
  • anti-phishing
  • anti-spam
• Set up everything with 'safe' in the name.
  • safe links
  • safe attachments
• Defend the workloads (ex. SharePoint Online, OneDrive, and Teams)
• Protect with Zero-Hour auto purge

From an email message flow point of view, Office 365 ATP is part of the Exchange Online Protection (EOP) security measures already in place. EOP provides the Connection Filtering, Malware Scanning, Mail Flow Rules and Spam Filtering functionality. This is actually important to realize, since having a not well thought off EOP protection can have consequences on the effectiveness of ATP. 

Mail flow

Microsoft Cloud App Security

https://portal.cloudappsecurity.com

It will auto redirect to your signed in account url , such as https://51sec.portal.cloudappsecurity.com/

Microsoft 365 Compliance

https://compliance.microsoft.com/

The Microsoft 365 compliance center provides easy access to the data and tools you need to manage to your organization's compliance needs. Microsoft 365 Compliance Center is a dedicated workspace for your compliance, privacy, and risk management specialists. It’s packed with useful administrative tools to support you in meeting your legal, regulatory, and organizational requirements.

From here, you can:

• Check out the Microsoft Compliance Scorecard, which analyzes your company’s progress with completing recommended actions that increase data protection and follow regulatory standards. “It also provides workflow capabilities and built-in control mapping to help you efficiently carry out those actions,” adds Microsoft.
• Review the Solution catalog card, where you can find an entire list of integrated solutions “to help you manage end-to-end compliance scenarios.”
• Review the Active alerts card, “which includes a summary of the most active alerts and a link where you can view more detailed information, such as Severity, Status, Category, and more.”

Microsoft Service Trust Portal

https://servicetrust.microsoft.com/

This is a one-stop shop for security, regulatory compliance, and privacy information related to the Microsoft Cloud. The Service Trust Portal, also referred to simply as STP, is a service feature available within Microsoft Office 365 that provides current and prospective users of the platform with a wealth of insight into how the tech giant manages privacy, compliance, and security.

This platform is the location where Microsoft shares information that organizations need to perform due diligence and evaluate all of Microsoft’s cloud services. Microsoft has launched this service as a way to help improve transparency, enhance understanding, and simplify assessments for its users.

Microsoft Azure Identity Protection

https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/Overview

Microsoft Azure Security

https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/GettingStarted

• Azure AD Conditional Access
• Azure AD Identity Protection
• Azure Security Center
• Identity Secure Score
• Named locations
• Authentication methods
• Multi Factor Authentication (MFA)

Sep 22 2020, Microsoft made the following branding changes to unify the Microsoft 365 Defender technologies:

• Microsoft 365 Defender (previously Microsoft Threat Protection).
• Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).
• Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection).
• Microsoft Defender for Identity (previously Azure Advanced Threat Protection).

Microsoft 365 Security Center

Enables Microsoft 365 Defender (Microsoft Threat Protection)

Some Lists

Here is a list for Security Related Portals of Microsoft, Azure, Windows and Office 365. 

• Microsoft 365 Defender - Microsoft Threat Protection - https://security.microsoft.com/
• Azure ATP - Microsoft Defender for Identity - https://portal.atp.azure.com/
• Windows Defender ATP - Microsoft Defender for Endpoint - https://securitycenter.windows.com/
• O365 ATP (Office 365 Security & Compliance) - Microsoft Defender for O365 - https://protection.office.com/
• Microsoft Cloud App Security - https://portal.cloudappsecurity.com
• Microsoft 365 Compliance - https://compliance.microsoft.com/
• Microsoft Service Trust Portal - https://servicetrust.microsoft.com/
• Microsoft Azure Identity Protection - https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/
• Microsoft Azure Security https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/
• Microsoft 365 Security Center - https://security.microsoft.com/

References

• Microsoft security portals and admin centers