29th of January was a big day for Microsoft 365 Security and Compliance solutions. New portal started rolling out to the Microsoft 365 tenants. Of course I wanted to test new portal immediately. Without longer overview sentences let’s get in to it!
Why two portals? Before you had only one portal where you could see all the links but you had only limited access to some resources based on your Azure Active Directory’s directory role. Now in the new Two portals model you see only those links and things that you should see when working daily. When writing this blog 2nd of February 2019 there are three separate roles in this new portal (plus Global Administrator):
- Security Administrator
- Security Reader
- Compliance Administrator
There will be soon more additional roles:
- Security Operator
- Compliance Data Administrator
All of these roles are based on least privileged permission model where you should have only the required permission to complete your daily work. You can find the comparison of the current roles from the next table:
URL to portal: https://security.microsoft.com
First impression was “WHOAH!!! IT IS SO FAST AND CLEAR!!!”
From the first sign-in you could see the Secure Score, Identity protection risk user count and risk level, overview of malware detections, DLP matches and Cloud App Security OAuth apps overview. You don’t have to remember anymore all the portal URL’s or how to find those because of alerts are pulled to this new portal and buttons are forwarding you to the right portal for closer inspection.
When looking closer Secure score, you can see that a lot of better view of overview, improvement actions and history, how it was before. With one look, you can plan the next steps how to get your cloud identity and resources more secure.
When investigating about some specific threat, malware or identity breaches, you should before find a way to the right portal. Not anymore! Select only Hunting, from the new security portal and you have three choices where you can choose what you want to hunt.
From the next list you can find the title and target where the new Security portal forwards you when you want to hunt.
- Email and data
- Office 365 Threat Explorer
- Windows Defender ATP Advanced Hunting
- Azure ATP Hunting
This is a huge help for Security Analysts who are trying to find the correct portal. In fact before this, you should almost every time remember the Windows Defender ATP portal URL separately. Now you don’t need to remember it anymore. 😉
Classifications and Policies
You can find the old DLP labels under the new portal as well as you can find the policies for them also. Remember that you can migrate AIP labels for O365 labels. The integration will help to standardize your data compliance and management ecosystem in the future when you have same labels everywhere. There isn’t any big changes except Label analytics that will report label usage in the future. This same report has been in Public Preview for couple of months on Azure Information Protection side (as in the picture). Currently the report in Security portal is empty but I can assume that the report is something like in the AIP console.
URL to portal: https://compliance.microsoft.com
As well this portal is fast and works like a charm. Many may think that what’s really the difference between the security and compliance center, because the stuff is almost same. Yes, the difference is that in the Compliance side we are talking about the data compliance (labeling, securing, discovering and so on) and from the security side everything else.
From the Monitoring and reports view, you can see first DLP policy matches, shared files (separated internally/publicly) and shadow IT applications that you have found through the Microsoft Cloud App Security Discovery.
Classification and Data subject requests
Under classifications you can find the same DLP (or AIP if integrated) labels as well as policies for them. This section is the same than in the security portal.
When you are managing the Microsoft 365 environment, you must also comply with some GDPR related stuff if someone is requesting their personal data. Microsoft has made this easy for admin and you can start the eDiscovery for the user really easily. After the discovery completes, you can download the report from the compliance portal.This not a new thing, but now it is also available in Compliance Portal.
After the eDiscovery completes you can download the export using eDiscovery Export Tool and send the data for the person who requested it.
If you still haven’t found the Microsoft 365 security portal that you were looking for, you can find the list under the tab More resources from the both portals separately (Security Portal and Compliance Portal).
Things that are still missing
What do I miss here? The alerts. In the old Office 365 Security & Compliance portal you had a consolidated view of Office 365 and Cloud App Security alerts in the one page. After these portals has been rolled out to the all tenants I believe that this section will be also migrated to the new portals.
I want to see also more integrated features and the ramp down of the old Security & Compliance portal. Everything under the old threat management should be included to the new portal itself without any links to other portals.
When do I get it?
Microsoft is rolling out the new portal from the end of January 2019 through the March of 2019. So you can wait the new portal on your tenant in Q1/2019.
Altogether this new portal is a huge usage and compliance step forward on Microsoft 365 Security side. You can give permissions more granually in security area and these new portals will help administrators to focus to the right things. New portals requires some enhancements while comparing to the old portal, but I bet those are going to be integrated to there as soon as everything is ready. I like a LOT of the more resources sections where you can find the links to the every portal that you want to use when talking about Microsoft 365 Security side.