Επεξεργασία

Κοινή χρήση μέσω


Overview of the Alerts page in Microsoft 365 Lighthouse

As a Managed Service Provider (MSP), you need to monitor and respond to the security issues of your customers efficiently and effectively. Microsoft 365 Lighthouse provides an alerts tool that gives you a consolidated view of all the high-priority detections and alerts across your customers. You can see a prioritized list of the most urgent issues that require your attention and take immediate action to resolve them. You can also enable push alerts to your existing support systems and flows, so you never miss a critical alert that needs your intervention.

To help you get started, Lighthouse provides a default set of alert rules based on best practices and recommendations. You can use these alert rules as is or modify them according to your preferences and needs. You can also create custom alert rules for more control and flexibility.

Alerts tab

The Alerts tab provides a consolidated view of potential security issues across all your customers. The tab contains two sections:

  • Active alerts by date created: A graph that displays the number of active alerts over time.

  • Alerts table: A list of current alerts that can be filtered by alert type, severity, status, or assigned to.

The Alerts tab also includes the following options:

  • Export: Select to export alert data to an Excel comma-separated values (.csv) file.
  • Refresh: Select to retrieve the most current alert data.
  • Search: Enter keywords to locate a specific alert in the list.

From the list of alerts, select any alert to open the alert details pane. The Overview tab in this pane includes the following information:

  • Affected tenants
  • Alert description
  • Rule that triggered the alert
  • Alert type
  • Time stamp (first detected, last updated)
  • Impacted entity

From the Overview tab, you can update the severity and status of the alert and assign the alert to a specific user to resolve.

Select the Comments and history tab in the alert details pane to see a complete history of the alert. You can add additional comments to the alert as needed.

Screenshot of the Alerts tab in Lighthouse.

Alert types

Lighthouse offers several configurable alert types from the following services: Microsoft Defender for Business (MDB), Microsoft Defender Antivirus, and Microsoft Entra ID.

Lighthouse does not currently support alerts from the following services: Microsoft Defender for Cloud Apps, Microsoft Defender for Office 365 (MDO), or additional Azure services.

The following table provides details about the different alert types that Lighthouse supports.

Alert type Available values during creation of alert rule
Non-compliant device Alert severity: Low, Medium, High, Informational
Compliance state: Not compliance, In grace period, Not evaluated
Device type: Desktop, Windows RT, Win MO6, Nokia, Windows Phone, Mac, Windows CE, Embedded Windows, iPhone, iPad, iPod, Android, SoC Consumer, Unix, Mac MDM, Windows HoloLens, Windows Surface Hub, Android (for work), Android (Enterprise), Windows 10x, Android (Google Mobile Services), Palm, Unknown
Devices without antivirus protection Alert severity: Low, Medium, High, Informational
Threat protection: Enabled, Disabled
Antivirus updates: Needs updates
Variance detection Alert severity: Low, Medium, High, Informational
Deployment status: Incomplete, Ineligible, Failed
Risky user Alert severity: Low, Medium, High, Informational
Risk state: At risk, Confirmed compromised
Windows logs Alert severity: Low, Medium, High, Informational
Entry type: Error, Warning, Information, Success audit, Failure audit
Log name: All logs, Application, Security, Setup, System
Security incident Alert severity: Low, Medium, High, Informational
Classification: Not specified, False positive, True positive, Benign positive
Determination: Not specified, Apt, Malware, Security personnel, Security testing, Unwanted software, Other, Multi-staged attack, Compromised user, Phishing, Malicious user activity, Clean, Insufficient data, Confirmed user activity, Line of business application
Service source: Not specified, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Microsoft Defender for Office 365, Microsoft 365 Defender, Microsoft Entra Identity Protection, Microsoft App Governance, Data Loss Prevention, Microsoft Defender for Cloud
Status: All, Unknown, New, In progress, Resolved
Lighthouse communications Alert severity: Low, Medium, High, Informational
Lighthouse system events: All events, Initial data availability
Active threat on device Alert severity: Low, Medium, High, Informational
Threat type: All threats, Miscellaneous, Virus, Malware, Spyware
Severity: Unknown, Low, Moderate, High, Severe

Alert rules tab

The Alert rules tab shows a summary of all the alert rules in your partner tenant. Lighthouse provides eight default alert rules that are automatically applied to all customers. You can edit existing alert rules or create your own custom alert rules.

The Alert rules tab also includes the following options:

  • Create alert rule: Select to have Lighthouse guide you through the process of creating a custom alert rule.
  • Edit alert rule: Select to edit an existing alert rule.
  • Delete: Select to delete an alert rule from the list.
  • Search: Enter keywords to locate a specific alert rule in the list.

Screenshot of Alert rules tab.

Create and manage alert rules (article)
Overview of the Threat management page in Microsoft 365 Lighthouse (article)
Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus (article)
Overview of the Device security page in Microsoft 365 Lighthouse (article)
Overview of the Vulnerability management page in Microsoft 365 Lighthouse (article)