Skip to main content
Microsoft Security

Microsoft Defender Threat Intelligence

Help protect your organization from modern adversaries and cyberthreats such as ransomware. 

Three people working together at a desk.

Attend the new security track at Microsoft Ignite

Try new capabilities with hands-on demos, learn how to extend AI-powered protection across clouds and platforms, and explore proven security strategies November 15-16, 2023.

Uncover your adversaries

Expose and eliminate modern cyberthreats and their infrastructure using dynamic cyberthreat intelligence.

Identify attackers and their tools

Understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet.

Accelerate cyberthreat detection and remediation

Discover the full scope of a cyberattack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block IP addresses or domains.

Enhance your security tools and workflows

Extend the reach and visibility of your existing security investments. Use the raw cyberthreat intelligence from your security tools and workflows, via an API, to gain more context and understand cyberthreats more deeply.

Microsoft Defender Threat Intelligence

Gain an unparalleled view of the ever-changing cyberthreat landscape. Defender Threat Intelligence maps the entire internet to expose cyberthreat actors and their infrastructures. Get the cyberthreat intelligence you need to block an entire cyberattack and keep your organization safe from complex cyberthreats such as ransomware. 


Uncover and help eliminate cyberthreats with Defender Threat Intelligence. 

A list of components on hosts in Microsoft Defender Threat Intelligence.

Get continuous cyberthreat intelligence

Scan the internet to create a complete picture of day-to-day changes. Create cyberthreat intelligence for your own business to understand and reduce exposure.

A document titled Risk IQ: Fingerprinting Sliver C2 Servers in Microsoft Defender Threat Intelligence.

Expose adversaries and their methods

Understand the group behind an online cyberattack, their methods, and how they typically operate.

An Incidents list in Microsoft Sentinel organized by severity.

Enhance alert investigations

Enrich Microsoft Sentinel and Microsoft 365 Defender incident data with external cyberthreat intelligence to uncover the full scale of a cyberthreat or cyberattack.

A list of Host Pairs for a website in Microsoft Defender Threat Intelligence.

Accelerate incident response

Investigate and remove malicious infrastructure such as domains and IPs and all the known tools and resources operated by a cyberattacker or cyberthreat family.

A project named Franken-Phish and a list of related artifacts in Microsoft Defender Threat Intelligence.

Hunt cyberthreats as a team

Easily collaborate on investigations across teams using the Defender Threat Intelligence workbench and share knowledge of cyberthreats with Intel Profiles.

A list of components on IPs on Microsoft Defender Threat Intelligence.

Expand prevention and improve security posture

Automatically uncover malicious entities and help stop outside cyberthreats by blocking internal resources from accessing dangerous internet resources.

Back to tabs

Give security teams an edge with Microsoft Security Copilot

Powerful new capabilities, new integrations, and industry-leading generative AI—now available in early access.

Join the Microsoft Defender Threat Intelligence Community

Register for free to help safeguard your organization while contributing to community protection.

How Microsoft Defender Threat Intelligence works

Microsoft tracks more than 65 trillion signals daily, helping security teams identify vulnerabilities with greater efficacy and stay ahead of today's cyberthreats.

A diagram showing how Defender Threat Intelligence works through advanced internet reconnaissance, analysis, and dynamic cyberthreat intelligence.

Integrated cyberthreat protection with SIEM and XDR

Empower your security teams to effectively protect your digital estate by combining extended detection and response (XDR) and security information and event management (SIEM).

An overview dashboard in Microsoft 365 Defender showing active cyberthreats, active incidents, users at risk, devices at risk, and more.

Microsoft 365 Defender

Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.

Back to tabs

Related products

Use industry-leading Microsoft security products to help prevent and detect cyberattacks across your organization.

A person having a conversation at their desk.

Microsoft Sentinel

See and stop cyberthreats across your entire enterprise with intelligent security analytics.

A person sitting at their desk typing on a laptop connected to a desktop monitor.

Microsoft Defender for Cloud

Increase protection in your multicloud and hybrid environments.

A person working at their desk across two monitors.

Microsoft Defender External Attack Surface Management

Understand your security posture beyond the firewall.

Additional resources


Read the cyberthreat intelligence blog

Learn about the new cyberthreat intelligence offerings from Microsoft.


Help protect your business with cyberthreat intelligence

Learn how to use internet cyberthreat intelligence to defend your organization against cyberattacks.


Best practices and implementation

Get started with cyberthreat intelligence solutions for your organization today.


Visit the Microsoft Defender Threat Intelligence blog

Learn from Defender Threat Intelligence experts, see what's new, and let us hear from you.

Protect everything

Make your future more secure. Explore your security options today.

Follow Microsoft