All Microsoft Defender for Identity features now available in the Microsoft 365 Defender portal
Published Feb 08 2022 08:00 AM 16.9K Views

Over the last few months, as part of our XDR journey, we’ve been working to make all Microsoft Defender for Identity features available in the Microsoft 365 Defender portal. Today, we’re pleased to announce that the final two features are now generally available:


Firstly, all the identity security posture management assessments that were accessible in Defender for Cloud Apps are now available in Secure Score, which can be accessed directly through Microsoft 365 Defender’s homepage at


PortalConverge Screenshot 1.png

 Figure 1: A view of Defender for Identity's security posture management assessments in Secure Score


You can then filter by product and then select Microsoft Defender for Identity. This will then show you all available assessments being generated by data gathered by Defender for Identity. What’s more is that now, clicking on any of those improvement actions will bring in a panel that will allow security teams to investigate any exposed entity impacted by the assessment, see any implementation plan suggestions, any change history to the assessment and finally, the ability to edit the status and action plan as they see fit.


Secondly, we’re pleased to be a part of a new universal search feature launching in the Microsoft 365 Defender portal. Most of the individual products that contribute data and signal to Microsoft 365 Defender have a dedicated search function located somewhere on their individual portals. What’s been introduced today is a convenient search bar at the top of the portal screen that will allow security teams to look for any entity being monitored by Microsoft 365 Defender, be it identity, endpoint, Office 365 data, and more. Results can be interacted with directly from the search drop down, or security teams can opt to click on “All users”, or “All devices” etc. to see all entities associated with that search term.


PortalConverge Screenshot 2.png

 Figure 2: A demonstration of the search functionality in Microsoft 365 Defender


With these two features in place and being made generally available, I’m also pleased to announce that all remaining features that have been in public preview up until now will also be generally available from today. This includes:


  • Onboarding and administration experience - We made the onboarding process automatic for new customers, meaning they didn’t have to manually configure a workspace. Further, all the admin features were made available under the Identities menu in Microsoft 365 Defender’s Settings.


  • Defender for Identity alerting and incident correlation – Surfacing Defender for Identity alerts into Microsoft 365 Defender’s alert queue and making them available to the auto incident correlation feature. This ensures that all the alerts that matter are available in one place, and that the scope of a breach can be ascertained quicker than before.


  • Defender for Identity available in Advanced Hunting within Microsoft 365 Defender - This is an incredibly powerful method of giving your threat hunters the ability to have an additional identity-focused lens to give their efforts more context, data, and insight.


  • Improved alert exclusion experience – We’ve made the interface more user friendly, including adding a useful search function. Even better though, we’re also introducing global exclusions. This means that any entity can be excluded from all alerts generated by Defender for Identity, helping with any testing scenarios you may have. This is due to be improved further soon, with complex logic for alert exclusions – for example, “Exclude User1 from this particular alert when on Computer1 only”.


Making these features generally available today means that all Defender for Identity related tasks can be done from a single place, and all your XDR signal can now be found in one location. This should help investigations be more efficient and allow your threat hunters to stop attacks quicker than before and with more ease. These advantages mean that we strongly encourage security teams to make Microsoft 365 Defender the home of their interactions with Defender for Identity. Moving forward, any new feature being developed for Defender for Identity will only be released as part of the Microsoft 365 Defender portal.


In the coming weeks, we’ll share plans around how we plan on enabling a convenient redirect option, so that anyone browsing to the classic Defender for Identity portal will be forwarded to the new experience. After a transitional period, we’ll then configure the service so that customers will have to opt out of using the new experience by default, before finally, retiring the classic experience. We’ll be using Message Center to push these details out.


Please get familiar with these new experiences in Microsoft 365 Defender. Check out this blog which has convenient links to all release blogs and documentation to support the features. As always, please let us know what you think by leaving comment below , or dropping us a note here.


Thank you to all our customers for your support, suggestions and feedback. Defender for Identity’s mission is to help prevent identity-based attacks on Active Directory, and your continued support helps us achieve this.

Version history
Last update:
‎Feb 11 2022 12:17 PM
Updated by: