Microsoft Defender for Business is now in preview, and will roll out gradually to customers and IT Partners who sign-up here to request it. We will onboard an initial set of customers and partners in the coming weeks and will expand the preview leading up to general availability. Note that preview will launch with an initial set of scenarios, and we will be adding capabilities regularly.
Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
The Microsoft 365 Defender portal enables your security team to respond to and mitigate detected threats.
- Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.
- Notice cards on the Home page. Cards tell you at a glance how many threats were detected, along with how many user accounts, endpoints (devices), and other assets were affected. The following image is an example of cards you might see:
- Select a button or link on the card to view more information and take action. As an example, our Devices at risk card includes a View details button. Selecting that button takes us to the Device inventory page, as shown in the following image:
The Device inventory page lists company devices, along with their risk level and exposure level.
- Select an item, such as a device. A flyout pane opens and displays more information about alerts and incidents generated for that item, as shown in the following image:
- On the flyout, view the information that is displayed. Select the ellipsis (…) to open a menu that lists available actions, as shown in the following image:
- Select an available action. For example, you might choose Run antivirus scan, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select Initiate Automated Investigation to trigger an automated investigation on the device.