Unified Portal: Defender XDR, Security Copilot & Sentinel

Photo by <a href="https://unsplash.com/@growtika?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">Growtika</a> on <a href="https://unsplash.com/photos/icon-VofYoHuMWyc?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">Unsplash</a>

Managing security in multi-cloud environments just got easier, thanks to Microsoft’s latest update. They’ve introduced a unified experience in the Microsoft Defender portal, combining SIEM (Security Information and Event Management) and XDR (Extended Detection and Response). Say goodbye to navigating between SIEM, EDR, and Threat Intelligence systems. Now, all your security data is accessible in one place, with the added benefit of Security Copilot generative AI.

With this update, Microsoft now offers a comprehensive overview of incidents across your digital estate, covering endpoints, SaaS (Software as a Service), Network, Cloud, and On-Prem infrastructure hence improving Cloud Security.

Microsoft is taking M365 Defender to the next level, incorporating signals from Defender for Cloud and renaming it Microsoft Defender XDR. Additionally, Microsoft Sentinel is in the mix, contributing valuable insights to create a unified Security Operations Platform. No more dealing with multiple interfaces; Microsoft is simplifying things. The Defender Portal allows you to coordinate threat detection, prevention, investigation, and response seamlessly.

Disrupt security events at machine speed to protect user identities, endpoints, and business applications. This approach takes prevention to the next level, eliminating the need to navigate through different services for investigations.

With the unified Portal, you won’t lose any functionality related to any service. You can still use connected services, but now SOC teams can operate within one portal when 360 degrees of context matters.

GPT based Microsoft Security Copilot

Microsoft is introducing Microsoft Security Copilot, your all-in-one virtual assistant powered by AI, designed to streamline your cybersecurity workflow. This  AI interface is finely tuned for Cybersecurity, embedded seamlessly into every user’s Defender experience.

Microsoft Security Copilot simplifies incident handling by automatically generating reports and summaries in the sidebar for each incident, offering a quick and comprehensive overview

Incidents with up to 100 alerts can be summarized into one incident summary, including:

  • The time and date when an attack started.
  • The entity or asset where the attack started.
  • A summary of timelines of how the attack unfolded.
  • The assets involved in the attack.
  • Indicators of compromise (IOCs).
  • Names of threat actors involved.

This feature provides a comprehensive view of your security landscape by allowing you to analyze scripts and alerts in context while you work, offering a 360-degree understanding. The advanced unified hunting experience enables admins to write queries in natural language, saving time on complex queries. Whether you’re exploring Sentinel or Microsoft XDR, Security Copilot ensures seamless data exploration and delivers results without the hassle of managing multiple portals.

Microsoft Security Copilot, an all-in-one virtual assistant powered by AI, enhances your workflow, setting a new industry benchmark and raising the standard for cybersecurity interfaces. Acting as a vigilant guardian, it catches details that might be easily overlooked. Specifically trained for cybersecurity, it reflects Microsoft’s commitment to evolving the Language Model (LLM).

Tailored to fit your environment, Microsoft Security Copilot eliminates the need to navigate multiple portals, seamlessly integrated into each Defender experience. This integration streamlines workflows, providing a unified hunting experience where natural language can be used to write queries.

Set up Microsoft Defender XDR

If you’re already using Microsoft Defender E5 License and have a Microsoft Sentinel workspace, onboarding in the Defender portal is straightforward. Simply click on the banner in your Defender portal to connect to your Sentinel workspace and choose the workspace you’d like to connect to.

Connect to your Sentinel workspace

Review your selection and then connect. The entire process of onboarding takes just seconds and there is no complicated onboarding required.

Connect to a Microsoft Sentinel workspace

You have now connected your Microsoft Sentinel to the Microsoft Defender XDR portal

Microsoft Sentinel to the Microsoft Defender XDR porta

Microsoft Sentinel continues to operate seamlessly within the Azure portal, just as you’re accustomed to. If you’re already utilizing Microsoft XDR and Microsoft Sentinel, getting everything up and running is a straightforward process. For more exciting updates on Microsoft Defender XDR visit https://aka.ms/SOCPlatform.

1 thought on “Unified Portal: Defender XDR, Security Copilot & Sentinel”

Leave a Comment