Application overview

The Datto SaaS Defense Dashboard provides a useful and meaningful visual display of your organization's key platform information. The Dashboard allows you to quickly track your environment's product usage and effectively monitor threat prevention activity within your organization.

It includes six widgets (sections): Prevented Threats, Protected Email Accounts, End User Reports, Total Threats, Most Attacked Seats, and Scans Traffic.

See the article Datto SaaS Defense Dashboard.

The Clients page provides access to client information such as the date you activated SaaS Defense for the client, the number of malicious attacks (if any) attempted on the client's Microsoft 365 applications, and the number of seats protected for each of those applications. Client management tools on this page allow you to:

• choose whether Datto SaaS Defense automatically blocks incoming threats or only flags threats allowing you to investigate further.
• create email and URL allowlists and blocklists.
• add the Lucky Meter service to show the extent to which your environment is vulnerable to malicious threats when Datto SaaS Defense in not activated.

See the article Managing Clients on the Clients page.

On the Malicious page, you can access detailed information concerning attempted attacks. Drilling into an attack record enables you to investigate specific attack data (artifacts) that helps you determine whether a malicious attack actually occurred.

See the article Analyzing threats on the Malicious page.

Maybe you'd like to analyze only the emails of clients who have been targets of a specific attack. Or, perhaps you need to investigate why a specific client's emails are being blocked. The Live Search feature enables you to search your clients' Exchange 365 mailboxes to find emails quickly and take action if necessary.

The Events page lists the records for which a client has determined an email was mishandled by Datto SaaS Defense. There are two situations where this may occur. In one situation, the client identifies an email as a security threat that should have been quarantined by Datto SaaS Defense, but it wasn't. In the other situation, an email was quarantined by Datto SaaS Defense but the client verifies it was not a threat. Therefore, the email should not have been quarantined.

To give your clients the ability to provide you with information related to these situations, you need to install the Datto SaaS Defense Report Threat Outlook add-in for each of your clients. A client sends the information via Outlook and it automatically populates on the Events page.

See the article Reviewing an incident report on the Events page.

Using the functionality on the Notifications page, you can create a custom message that the system automatically sends to alert you about a malicious attack or when an end user has reported a threat incident.

See the article Adding a notification on the Notifications page.

On the Reports page, you can create customized reports that provide a high-level view of the malicious traffic in your environment. You can simultaneously create multiple reports customized for each client. In addition, you can create reports analyzing your environment's vulnerability to threats.

See the article Creating reports on the Reports page.