Microsoft Defender Portal Adds Unified Security Summary to Simplify Cybersecurity Reporting

Microsoft has launched a unified security summary in its Defender portal, aimed at simplifying how administrators track and report security progress. This comprehensive report delivers actionable insights into an organization’s overall security posture, making it easier to communicate risks and achievements.

“Security operations center (SOC) teams can easily showcase their security achievements and the impact of Microsoft Defender using the unified security summary. Having the summary readily available in the Microsoft Defender portal streamlines the process for SOC teams to generate security reports, saving time usually spent on collecting data from various sources and creating reports tailored to their audiences,” Microsoft explained.

Key metrics and insights included in the Unified Security Summary

The unified security summary highlights details about the security posture of an organization. It includes data from Microsoft Score Score, threat protection information, exposure score, and the number of onboarded devices to Microsoft Defender for Endpoint. Moreover, the detection section provides details about the number of alerts and incidents.

The Protection section includes data on Microsoft’s automatic investigation and response features, including the number of attacks disrupted, incidents listed, and malicious activities, URLs, and emails blocked by Microsoft Defender Antivirus. Additionally, the Copilot-powered investigation and response section contains the number of files and scripts analyzed using Microsoft Copilot in Defender.

The investigation and response section includes data on active and resolved alerts and incidents, top 10 critical incidents with their status and affected assets, automated investigation and response actions, and email messages where malicious files were identified and removed by Microsoft Defender for Office 365 Zero-hour auto purge (ZAP).

Benefits

The Unified Security Summary enhances communication, decision making, and visibility for security teams by providing clear insights into incidents and risk levels. It also helps organizations to streamline reporting and offers easier export and integration options. The summary includes aggregated data over 30 or 90 days, which covers various security aspects.

To view the unified security summary, administrators will need to head over to the “reports” section in the Microsoft Defender portal and select the “Unified security summary” option. However, users must have permissions to view all devices and have “security data read” permissions.

Microsoft notes that security teams often face challenges in communicating their efforts due to the high volume of vulnerabilities and incidents. The unified security summary allows administrators to keep stakeholders well-informed about the security posture of their organizations.