Trace Id is missing
Skip to main content
Microsoft Security

Microsoft Defender XDR

Elevate your security with unified visibility, investigation, and response across the cyberattack chain with an industry-leading extended detection and response (XDR) solution.

A person smiling while using a laptop.

Supercharge your SecOps effectiveness with XDR

Get incident-level visibility across the cyberattack chain with Microsoft Defender XDR (formerly Microsoft 365 Defender). Take your SOC team to the next level with automatic disruption of advanced cyberattacks and accelerated response across endpoints, identities, email, collaboration tools, software as a service (SaaS) applications, cloud workloads, and data.

Endpoints

Discover and secure endpoint and network devices across your multiplatform enterprise.

Identities

Manage and secure hybrid identities and simplify employee, partner, and customer access.

Cloud apps

Get visibility, control data, and detect cyberthreats across cloud services and apps.

Email and collaboration tools

Protect your email and collaboration tools from advanced cyberthreats, such as phishing and business email compromise.

Microsoft Defender XDR key capabilities

Unify security with XDR.

A Microsoft Defender XDR incident queue with incident

Automatically disrupt advanced cyberattacks at machine speed

Stop lateral movement of advanced cyberattacks, such as ransomware, with AI to limit a cyberattacker’s progress early on, and give your SOC team full control to investigate and remediate cyberthreats

A Microsoft 365 Security window displaying an incident overview.

Enable rapid response with XDR-prioritized incidents

Remediate cyberthreats quickly and eliminate the need to sift through random information. Get a complete view of the cyberattack chain and prioritized investigation and response at the incident level.

Reinvent SOC productivity with Security Copilot

Respond to cyberthreats at machine speed and scale with guided response actions, enable any analyst to build complex queries using natural language, and reverse engineer and understand adversarial scripts in seconds. Security Copilot is now embedded in Microsoft Defender XDR for early access customers.

Auto-heal affected assets

Reduce your workload with automated self-healing of menial tasks, such as device cleanup. Build your own automated response to recurring alerts in your environment using custom detection combined with Kusto Query Language (KQL) queries.

A Microsoft 365 Security incidents queue with a list of incidents

Proactively hunt for cyberthreats

Hunt for cyberthreats across all workloads and uncover potential blind spots in your environment with a guided, step-by-step experience. Create custom queries to locate information across all XDR data.

Manage multitenant environments more effectively

Multitenant support in Microsoft Defender XDR streamlines incident management and cyberthreat hunting across multiple tenants with a consolidated view of incidents, device inventory, vulnerability management, and advanced hunting.

Back to Tabs

See Security Copilot in Microsoft Defender XDR

Watch how Security Copilot helps you investigate and complete complex tasks such as cyberthreat hunting, reverse-engineering malware, and incident reporting.

Microsoft 365 E5, A5, F5, and G5 customers can save on Microsoft Sentinel

Unified security operations platform

Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).

Animation of microsoft defender dashboard homepage

Unified portal

Detect and disrupt cyberthreats in near real time and streamline investigation and response.

Back to tabs
A person holding a tablet displaying the e-book titled Three Reasons to Shift to Integrated Threat Protection

Three Reasons to Shift to Integrated Threat Protection

Learn how to make your security operations center more proactive, efficient, and cost-effective with integrated SIEM and XDR.

Security operations maturity self-assessment tool

Find out if your security operations center is prepared to detect, respond, and recover from cyberthreats.

A person using a tablet and pen.

Industry recognition

Microsoft Security is a recognized industry leader.

Forrester logo.

Forrester XDR Wave

Microsoft Defender is named a Leader in The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021.1,2

MITRE Att&ck logo.

Leader in MITRE ATT&CK

Microsoft Defender XDR (formerly Microsoft 365 Defender) demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations.3

What our customers are saying

G&J Pepsi
“Having a strong security posture focused on protecting physical security and the security of devices, identities, and data is critical to company stability and were key components to a successful defense against cyberattacks.” 

- Eric McKinney, Enterprise Infrastructure Director at G&J Pepsi-Cola Bottlers

The Total Economic Impact™ of Microsoft Defender XDR (formerly Microsoft 365 Defender)

A 2022 study found a return on investment of 242 percent over three years and a net present value of USD$17 million with Microsoft 365 Defender.4

Four people seated in a conference room having a meeting.

Related products

Use best-in-class Microsoft security products to prevent and detect cyberattacks across your Microsoft 365 workloads.

Documentation and training for Microsoft Defender XDR

Overview

Microsoft Defender XDR infographic

Get an overview of how XDR helps stop cyberattacks and coordinates responses across assets.

Licensing

Understand your plan options

Get an overview of all plans that include Microsoft Defender XDR capabilities. 

Blog

Microsoft Defender XDR Blog

Learn best practices, get updates, and engage with product teams in the Microsoft Defender XDR tech community.

Pilot

Evaluate and pilot Microsoft Defender XDR

Use technical guidance to get started and pilot Microsoft Defender XDR.

Protect everything

Make your future more secure. Explore your security options today.

Frequently asked questions

  • Microsoft Defender XDR (formerly Microsoft 365 Defender) is an industry-leading XDR platform. It delivers a unified investigation and response experience and provides native protection across endpoints, IoT devices, hybrid identities, email and collaboration tools, and cloud applications with centralized visibility, powerful analytics, and automatic cyberattack disruption.

    Gain a broader set of protections with Microsoft Defender XDR, including email security and identity and access management as critical preventative solutions. Benefit from auto-healing capabilities for common issues and scale your security operations center (SOC) team with XDR-automated disruption to help protect against advanced cyberattacks more effectively, while safeguarding business continuity.

  • Microsoft Defender XDR is an XDR platform that provides security across your multiplatform endpoints, hybrid identities, emails, collaboration tools, and cloud apps. It uses incident-level visibility across the cyberattack chain, automatic cyberattack disruption, and unified security and access management to accelerate responses to sophisticated cyberattacks. Microsoft Sentinel complements these capabilities with SIEM and security orchestration, automation, and response (SOAR) capabilities to ingest logs from your entire digital estate—providing further automation, response, and cyberthreat tracking across systems.

  • Microsoft Defender XDR is the unified portal experience encompassing various security solutions. Access the Microsoft Defender XDR portal and XDR features with any of these licenses:

    • Microsoft 365 E5 or A5
    • Microsoft 365 E3
    • Microsoft 365 E3 with the Microsoft Enterprise Mobility + Security E5 add-on
    • Microsoft 365 A3 with the Microsoft 365 A5 security add-on
    • Microsoft Enterprise Mobility + Security E5 or A5
    • Microsoft Defender for Endpoint (Plan 1 and 2)
    • Microsoft Defender for Identity
    • Microsoft Defender for Cloud Apps
    • Microsoft Defender for Office 365 (Plans 1 and 2)
    • Microsoft Defender Vulnerability Management
       

    For more information, see the Microsoft 365 Enterprise service plans.

  • [1] Forrester, Forrester New Wave, Forrester Wave, and The Total Economic Impact are trademarks of Forrester Research, Inc.
  • [2] The Forrester New Wave™: Extended Detection and Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
  • [3] MITRE Engenuity ATT&CK® Evaluations: Enterprise, Wizard Spider + Sandworm Enterprise Evaluation 2023, The MITRE Corporation and MITRE Engenuity.
  • [4] The Total Economic Impact™ of Microsoft Defender XDR (formerly Microsoft 365 Defender), a commissioned study conducted by Forrester Consulting, April 2022.

Follow Microsoft