MDTI Standalone Portal Retirement and Transition to Defender XDR

On June 30th, 2024, the Microsoft Defender (MDTI) standalone portal will reach end-of-life and the Microsoft Defender XDR portal will become MDTI's exclusive home for both standard and premium users. In this blog, we'll guide customers using the standalone portal that wish to continue using MDTI in Defender XDR through the simple migration process. We'll also help customers, and their teams, prepare to take advantage of the benefits MDTI brings to Microsoft's XDR, SIEM, and AI solutions. 

What is happening to the MDTI standalone portal? 

On June 30th, 2024, the MDTI standalone portal at ti.defender.microsoft.com will be decommissioned. However, customers can seamlessly use the same features and content from MDTI's permanent home in the Microsoft Defender XDR portal in both free and premium capacities. All existing MDTI licenses will carry over to the new portal. Customers can also access this information via natural language prompts by purchasing Copilot for Security.

How do I use MDTI within the Defender XDR portal?

Within Microsoft Defender XDR, users will see the familiar MDTI pages under the “” blade in the left navigation menu: 

Microsoft Defender Threat Intelligence resources are accessible under the Threat Intelligence blade within the left navigation menu, on the “Intel profiles”, “Intel explorer”, and “Intel projects” tabs.Microsoft Defender resources are accessible under the Threat Intelligence blade within the left navigation menu, on the “Intel profiles”, “Intel explorer”, and “Intel projects” tabs.

  • On the “Intel explorer” tab within Defender XDR (pictured above), you will find the same features and content from the standalone portal Home page. This includes Threat Intelligence Search, Featured Articles, and Recent Threat Article streams. 
  • The content from the Profiles page on the standalone portal is available on the “Intel profiles” tab in Defender XDR. 
  • You can create or access your team and individual projects from the “Intel projects” tab. You can continue working on the same projects you created on the standalone portal by logging into Defender XDR with the same account. 

Customers with an MDTI license may begin using the premium experience within Defender XDR immediately. Those without a license can continue using the standard version at no cost in the Defender portal or explore MDTI licensing options to receive unlimited access to Microsoft's award-winning intelligence. 

If you do not have Defender XDR but want to continue using MDTI, explore licensing options or set up a trial environment.

Note: Please talk to your tenant administrator if you believe you should have access to Defender XDR within your organization, but do not. The Microsoft Entra roles which grant access to Defender XDR can be found here.

What else can I do with MDTI within Defender XDR? 

Since launching MDTI into the XDR portal early last year at Microsoft Secure and opening the standard version to all XDR customers at Microsoft Ignite in November, thousands of MDTI and Defender XDR customers have experienced the benefits of aligning the high-fidelity threat intelligence in MDTI with their investigation and response tools under a single pane of glass.

MDTI enhances and complements a variety of other products and features in Defender XDR: 

  • Use Threat Analytics to prioritize threats and content related to ongoing campaigns and your organization's top exposures. 
  • Find MDTI results from anywhere in the Defender portal using Defender XDR global search functionality (search bar at the top of the page in Defender XDR). MDTI results will appear under the “Intel Explorer” tab, alongside results from Microsoft Defender for Endpoint, Office, Identity, Cloud Apps, Vulnerability Management, and more on other tabs. 
  • Enrich discovered artifacts (IP addresses, domains, hosts, URLs and more) from Microsoft Defender incidents and alerts with more information by searching in MDTI. 
  • In Advanced Hunting, use IOCs sourced from MDTI to hunt across logs and events in your environment (see “Use Cases” section in this blog). 

MDTI also enhances other Microsoft security products to help deliver a unified threat intelligence experience for customers:

  • In Microsoft Defender for Cloud, proactively discover vulnerable assets in Cloud Security Explorer using knowledge from MDTI content. 
  • In Microsoft Sentinel, improve your mean time to detect (MTTD) by: 
  • Parlayed with Sentinel's analytic or rules, incidents can be automatically enriched against these MDTI playbooks, which facilitate incident triage and provide context to those observed IP and host entities. This greatly improves your SOC's mean time to respond (MTTR). 

How do I use MDTI through Copilot for Security? 

Microsoft Copilot for Security enables customers to access, operate on, and integrate Microsoft's raw and finished threat intelligence via natural language. With Copilot for Security, users can leverage MDTI's data sets and content anytime, anywhere within Defender XDR to provide additional context and aid in investigations.

MDTI powers Copilot for Security via a wide range of Threat Intelligence skills and promptbooks.MDTI powers Copilot for Security via a wide range of Threat Intelligence skills and promptbooks.

MDTI powers Copilot for Security via a wide range of Threat Intelligence skills, enabling you to quickly retrieve information on indicators including IP addresses and domains, and contextualize artifacts with content such as threat articles and intel profiles. Additionally, out-of-the-box promptbooks correlate MDTI content and data with other security information from Defender XDR, such as incidents and hunting activities, to help customers quickly understand the broader scope of an attack. These capabilities will be available within both the standalone and embedded Copilot for Security experiences.

Learn more about the MDTI skills available in Copilot here, and check back to this blog following Microsoft Secure next week to learn more about MDTI's role in Copilot for Security. 

New to MDTI? Here's where to start

If you are interested in learning more about MDTI and how it can help you unmask and neutralize modern adversaries and cyberthreats such as ransomware, and to explore the features and benefits of MDTI please visit the MDTI product web page.

Also, be sure to contact our sales team to request a demo or a quote.

 

This article was originally published by Microsoft's Defender Threat Intelligence Blog. You can find the original article here.