Microsoft 365 Defender

Stop attacks with automated, cross-domain threat protection  and built-in AI.

Stop attacks across Microsoft 365 services

As threats become more complex and persistent, alerts increase, and security teams are overwhelmed. Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

Stop attacks before they happen

Reduce your attack surface and eliminate persistent threats.

Detect and automate across domains

Integrate threat detection data for rapid and complete response.

Hunt across all your data

Leverage time saved to apply your unique expertise.

Microsoft 365 Defender capabilities

Overview
Guided Tour

Capabilities

Prevent cross-domain attacks and persistence

Some features vary by market

Prevent cross-domain attacks and persistence

Automatically prevent threats from accessing your organization and stop attacks before they happen. Understand attacks and context across domains to eliminate lie-in-wait and persistent threats and protect against current and future breaches—all with help from Microsoft 365 Defender.

Reduce signal noise

View prioritized incidents in a single dashboard to reduce confusion, clutter, and alert fatigue. Use the automated investigation capabilities of Microsoft 365 Defender to spend less time on threat detection and response so you can focus on triaging critical alerts and responding to threats.

Auto-heal affected assets

Take care of routine and complex remediation with Microsoft 365 Defender. Threat detection, investigation, and response occur automatically at the domain level within each Microsoft 365 security product. Return affected assets to a safe state in the broader context of an incident and automatically remediate seemingly isolated attacks across the portfolio.

Hunt threats across domains

Search across all your Microsoft 365 data with Microsoft 365 Defender. Leverage your organizational knowledge with custom queries. Get Microsoft threat protection solutions for your organization against internal threats and develop custom detection and response tools for long-term protection and an improved Secure Score.

Some features vary by market

{"sites":[{"pages":[],"arialabel":null,"id":"site-1","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":1,"name":"Prevent cross-domain attacks and persistence","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RWSHQf","content":"<p>Automatically prevent threats from accessing your organization and stop attacks before they happen. Understand attacks and context across domains to eliminate lie-in-wait and persistent threats and protect against current and future breaches—all with help from Microsoft 365 Defender.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Prevent cross-domain attacks and persistence"},{"pages":[],"arialabel":null,"id":"site-2","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":2,"name":"Reduce signal noise","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RWSzpO","content":"<p>View prioritized incidents in a single dashboard to reduce confusion, clutter, and alert fatigue. Use the automated investigation capabilities of Microsoft 365 Defender to spend less time on threat detection and response so you can focus on triaging critical alerts and responding to threats.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Reduce signal noise"},{"pages":[],"arialabel":null,"id":"site-3","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":3,"name":"Auto-heal affected assets","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RWSwT1","content":"<p>Take care of routine and complex remediation with Microsoft 365 Defender. Threat detection, investigation, and response occur automatically at the domain level within each Microsoft 365 security product. Return affected assets to a safe state in the broader context of an incident and automatically remediate seemingly isolated attacks across the portfolio.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Auto-heal affected assets"},{"pages":[],"arialabel":null,"id":"site-4","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":4,"name":"Hunt threats across domains","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RWSCfl","content":"<p>Search across all your Microsoft 365 data with Microsoft 365 Defender. Leverage your organizational knowledge with custom queries. Get Microsoft threat protection solutions for your organization against internal threats and develop custom detection and response tools for long-term protection and an improved Secure Score.</p>","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Hunt threats across domains"}],"itemsCount":4}

Integrated threat protection with SIEM & XDR

Microsoft empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Combine SIEM and XDR to increase efficiency and effectiveness while securing your digital estate.

 

Learn more about threat protection

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

The homepage on Microsoft 365 Defender showing active threats and more.

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

Protect your Microsoft 365 environment

Leverage the best-in-class Microsoft 365 security portfolio to automatically analyze data across domains.

Identities

Manage and secure hybrid identities and simplify employee, partner, and customer access.

Endpoints

Deliver preventive protection, post-breach detection, automated investigation, and response for endpoints.

Cloud apps

Get visibility, control data, and detect threats across cloud services and apps.

Email and documents

Secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.

Industry recognition

Learn more about Microsoft 365 Defender

Blog series

Stay up to date with the latest news and features about Microsoft 365 Defender.

Licensing

Microsoft 365 Defender is included with some Microsoft 365 and Office 365 Security and Enterprise licenses.

Tech community

Learn best practices, get updates, and engage with product teams in the Microsoft 365 Defender tech community.

1. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.