ADMIN PORTALS AND ACCESS

NAME LINK DESCRIPTION 
Microsoft 365 – Admin Centre https://admin.microsoft.com/AdminPortal?#/homepage Admin portal landing page 
Microsoft 365 Security https://security.microsoft.com/homepage New Microsoft portal where Microsoft are surfacing a lot of alerts and configurations from other portals around security. 
Microsoft 365 Compliance https://compliance.microsoft.com/homepage New Microsoft portal where Microsoft are surfacing a lot of alerts and configurations from other portals around compliance, DLP, information management 
Microsoft Defender Security Centre https://securitycenter.windows.com/dashboard Defender dashboard – Looks to be being phased out as all can be viewed from Microsoft 365 Security portal 
Microsoft Cloud App Security (MCAS) https://portal.cloudappsecurity.com/#/dashboard Microsoft CASB (Cloud Access Security Broker) MCAS aggregates a lot of telemetry across many different sources and stitches it all together to obtain a holistic view across the Cloud and some on premise systems. Very heavily used and is very useful to investigate many different types of activity. Can be quite noisy around alerts, needs tuning and can be quite flexible. Useful to use in discovering grey / shadow IT over permissive applications etc… 
Defender for Identity (Azure ATP) Monitors the traditional domain environment, processes, Netflow on physical domain controllers within the environment. Will then correlate with Azure logs to give holistic view across hybrid identity  
Azure – Sentinel https://portal.azure.com Microsoft’s Cloud SIEM solution – Good to look at some dashboards.
Zscaler Admin Access This needs to be accessed from a VM machine. In order to access as admin account needs to be provisioned in Zscaler and the Ent Application in Azure.  
Azure – Risky Users https://portal.azure.com/#blade/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/RiskyUsers/ViaDigest/true If an email is generated, it is quite important to investigate as these alerts tend to be quite accurate. 
Also when an alert is generated, it is Medium severity or higher. I do not tend to look at the Low severity alerts in the portal, but will view every now and then to close off and to see if there is anything unusual. 
SecureWorks – Client Portal https://portal.secureworks.com Client portal where all tickets can be managed from 
SecureWorks – Red Cloak Portal https://redcloak.secureworks.com/index?domain=f9748205 Red Cloak portal access 
CrowdStrike – Portal Access https://falcon.crowdstrike.com/login/ CrowdStrike Portal access 
Cylance – Portal Access https://login-euc1.cylance.com/Login Cylance portal access – SSO Enabled (LEGACY) 
Meraki – Portal Access https://n229.meraki.com/login/dashboard_login?go=%2F&sh=229 Meraki portal access 

Powered by BetterDocs