A daily, weekly, and monthly rhythm for the Microsoft Security portals — Defender, Purview, and Entra. Mapped to a real ransomware attack chain so every activity has a clear why.
Each portal owns a distinct surface — threats, data, and identity. Used together they form the operational core of E5 Security.
Extended Detection & Response (XDR). Endpoints · Email · Identity · Cloud Apps. Unified incidents, advanced hunting, automated investigation & response.
Data Security & Compliance. Sensitivity labels, encryption, Endpoint DLP, Insider Risk Management, data lifecycle & records management.
Identity & Access. Conditional Access, Identity Protection, Privileged Identity Management, Access Reviews, Entitlement Management.
Not every activity needs to happen every day. Map the work to the cadence that fits its value curve. The three layers compound — missing the daily rhythm starves the weekly and monthly ones of signal.
Incidents, alerts, false positives, sensor health, user-reported messages, risky sign-ins. These decay fast — if you miss a day, you lose the signal.
Secure Score drift, emerging threats, policy assessments, targeted-user reports, access review check-ins. Pattern detection, not firefighting.
Policy audits, configuration baselines, access certifications, insider risk posture, data loss trends, license optimization. Slower cycles tied to governance and ROI.
Eight stages an attacker walks through. Defenders win by breaking the chain at any one of them. Click any stage to highlight every Defender, Purview, and Entra activity that helps detect, prevent, or respond at that stage.
The concrete actions that compress mean time to detect & respond. Pick a portal, pick a cadence, work the cards. The attack-chain chips at the bottom of each card show which ransomware stages that activity helps break — and they sync with the filter above.
Cadence without controls is just dashboards. Eight non-negotiables for each portal — the guardrails that turn activity into real protection.
Don't try to switch on every activity at once. Build the rhythm in three steps — the layers compound. A team that tries to start with monthly governance before they have daily rhythm ends up doing neither.
Indicative figures based on typical Microsoft engagement patterns. Your mileage may vary by tenant size, industry, and maturity — but the direction is consistent.
Bookmark these. Every activity in this dashboard has a corresponding Microsoft Learn doc that's the source of truth when you need to go deeper.