If You’re Managing Security in M365, Start Here: The Hidden Corners of Microsoft Security Every Admin Should Bookmark

Leave a Comment

Getting Familiar with Microsoft Security & Compliance Consoles

When managing Microsoft 365 security, it’s essential to know your way around the different admin consoles — particularly the Security Console, Exchange Admin Center, and Purview. Each one serves a distinct purpose, and understanding where to look can save you hours of digging when you’re investigating alerts or performing remediations.

1. The Security Console: Your First Stop for Threat Hunting

The Microsoft Security Console (security.microsoft.com) is where you’ll spend most of your time searching emails and performing remediations.
It’s also the hub where Microsoft incidents are stored. Whether you’re tracing phishing attempts, investigating compromised accounts, or checking Defender detections, this is your go-to dashboard.

💡 Pro Tip: You’ll notice that incident alerts give a general overview, but don’t always provide all the context you need. That’s where the next console comes in.

2. The Compliance Center: Purview’s Hidden Power

While incident alerts in the Security Console are useful, the Compliance Alerts section in Microsoft Purview (purview.microsoft.com/compliancealerts/compliancealerts) often provides a clearer picture of what happened.

For example, if a user created a forwarding rule to their personal email, Purview will show this activity more transparently than the generic incident summary.

eDiscovery and DLP

If you’re doing “official digging,” eDiscovery in Purview (purview.microsoft.com/ediscovery) is where you’ll conduct deeper investigations and email logging.
If your organization pays for Data Loss Prevention (DLP), it’s also configured and managed here.

3. Roles and Permissions: The Gotcha Moment

Here’s a surprise many admins learn the hard way: even if you’re a Global Admin, you might still need to assign yourself a role within the Security Center to perform certain actions — like remediations.

You can manage your roles here:
👉 security.microsoft.com/mtp_roles

Without proper role assignment, you’ll be scratching your head wondering why certain buttons are greyed out.

4. Quarantine and Threat Policies

Before setting up policies, bookmark the quarantine page (Microsoft Defender → Quarantine). This page will become one of your most-used tools when reviewing blocked or quarantined emails.

Setup Sequence Matters

  1. Create quarantine policies first
  2. Then configure phishing, malware, and spam policies under Threat Policies

If you skip ahead or rely solely on Preset Security Policies, your custom configurations might not work properly. It’s best to disable preset policies before creating custom ones.

5. Exchange Admin Center: Don’t Miss the “Other Features” Tab

The Exchange Admin Center (admin.exchange.microsoft.com) has an “Other Features” section with several useful links and tools.
Visit: Exchange Admin – Other Features

You can also access hybrid setup configurations directly here:
Hybrid Setup

6. Setting Up Alert Policies and Notifications

Setting up alert policies is crucial for staying informed about security incidents in real time.
Bookmark this page for easy access:
🔗 security.microsoft.com/alertpoliciesv2

It may sound trivial, but locating this page later can be a nightmare — you’ll thank yourself when you need to turn off or modify an alert without hunting through menus.

Leave a Reply

Your email address will not be published. Required fields are marked *