Microsoft 365 Defender
Stop attacks across Microsoft 365 services
As threats become more complex and persistent, alerts increase, and security teams are overwhelmed. Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.
Stop attacks before they happen
Reduce your attack surface and eliminate persistent threats.
Detect and automate across domains
Integrate threat data for rapid and complete response.
Hunt across all your data
Leverage time saved to apply your unique expertise.
Features
Prevent cross-domain attacks and persistence
Automatically prevent threats from accessing your organization and stop attacks before they happen. Understand attacks and context across domains to eliminate lie-in-wait and persistent threats and protect against current and future breaches—all with help from Microsoft 365 Defender.
Reduce signal noise
View prioritized incidents in a single dashboard to reduce confusion, clutter, and alert fatigue. Use the automated investigation capabilities of Microsoft 365 Defender to spend less time on detection and response so you can focus on triaging critical alerts and responding to threats.
Auto-heal affected assets
Take care of routine and complex remediation with Microsoft 365 Defender. Detection, investigation, and response occur automatically at the domain level within each Microsoft 365 security product. Return affected assets to a safe state in the broader context of an incident and automatically remediate seemingly isolated attacks across the portfolio.
Hunt threats across domains
Search across all your Microsoft 365 data with Microsoft 365 Defender. Leverage your organizational knowledge with custom queries. Protect your organization against internal threats and develop custom detection and response tools for long-term protection and an improved Secure Score.
Microsoft 365 Defender
Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
A unified endpoint security platform for preventative protection, post-breach detection, automated investigation, and response.
Use a cloud-based solution that helps protect your organisation’s identities from multiple types of advanced targeted cyberattacks.
Protect your organization against sophisticated attacks such as phishing and zero-day malware.
View apps used in your organization, identify and combat cyberthreats, and monitor and control data travel in real time.
Licensing Requirements
Any of these licenses gives you access to Microsoft 365 Defender features via the Microsoft 365 Defender portal without additional cost:
Microsoft 365 E5 or A5
Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
Windows 10 Enterprise E5 or A5
Windows 11 Enterprise E5 or A5
Enterprise Mobility + Security (EMS) E5 or A5
Office 365 E5 or A5
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Defender for Office 365 (Plan 2)