Microsoft 365 Defender

Help stop attacks with automated, cross-domain threat protection and built-in AI for your enterprise.

A person smiling while using a laptop.

Stop attacks across Microsoft 365 services

As threats become more complex, help secure your users with integrated threat protection, detection, and response across endpoints, email, identities, applications, and data.

Identities

Manage and secure hybrid identities and simplify employee, partner, and customer access.

Endpoints

Use leading threat detection, post-breach detection, automated investigation, and response for endpoints.

Cloud apps

Get visibility, control data, and detect threats across cloud services and apps.

Email and documents

Protect all of Office 365 against advanced threats, such as phishing and business email compromise.

Capabilities

Prevent cross-domain

Prevent cross-domain attacks and persistence

Automatically prevent threats from breaching your organization and stop attacks before they happen. Understand attacks and context across domains to eliminate lie-in-wait and persistent threats and protect against current and future breaches.

Methven-Incident Reduce signal noise

Reduce signal noise

View prioritized incidents in a single dashboard to reduce confusion, clutter, and alert fatigue. Use automated investigation capabilities to spend less time on threat detection and focus on triaging critical alerts and responding to threats.

Auto-heal

Auto-heal affected assets

Handle routine and complex remediation with automatic threat detection, investigation, and response across asset types. Then return affected resources to a safe state and automatically remediate isolated attacks.

Sandgate-AdvHunting

Hunt threats across domains

Search across all your Microsoft 365 data with custom queries to proactively hunt for threats. Use your organizational expertise and knowledge of internal behaviors to investigate and uncover the most sophisticated breaches, root causes, and vulnerabilities.

Prevent cross-domain

Prevent cross-domain attacks and persistence

Automatically prevent threats from breaching your organization and stop attacks before they happen. Understand attacks and context across domains to eliminate lie-in-wait and persistent threats and protect against current and future breaches.

Methven-Incident Reduce signal noise

Reduce signal noise

View prioritized incidents in a single dashboard to reduce confusion, clutter, and alert fatigue. Use automated investigation capabilities to spend less time on threat detection and focus on triaging critical alerts and responding to threats.

Auto-heal

Auto-heal affected assets

Handle routine and complex remediation with automatic threat detection, investigation, and response across asset types. Then return affected resources to a safe state and automatically remediate isolated attacks.

Sandgate-AdvHunting

Hunt threats across domains

Search across all your Microsoft 365 data with custom queries to proactively hunt for threats. Use your organizational expertise and knowledge of internal behaviors to investigate and uncover the most sophisticated breaches, root causes, and vulnerabilities.

Integrated threat protection with SIEM and XDR

Microsoft empowers your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Combine security information and event management (SIEM) and extended detection and response (XDR) to increase efficiency and effectiveness while securing your digital estate.
 

Learn more about threat protection

Microsoft 365 Defender
 

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

The homepage on Microsoft 365 Defender showing active threats and more.

Microsoft 365 Defender
 

Prevent and detect attacks across your Microsoft 365 workloads with built-in XDR capabilities.

Industry recognition

What our customers are saying

Related products

Use best-in-class Microsoft security products to prevent and detect attacks across your Microsoft 365 workloads. 

Documentation and training for Microsoft 365 Defender

Protect everything

Make your future more secure. Explore your security options today.

1. Forrester Wave™: Endpoint Detection and Response Providers, Q2 2022, Allie Mellen, April 2022.
2. MITRE Engenuity ATT&CK® Evaluations, Wizard Spider + Sandworm Enterprise Evaluation 2022, The MITRE Corporation and MITRE Engenuity
3. Gartner, Magic Quadrant for Endpoint Protection Platforms, 5 May 2021, Paul Webber, Peter Firstbrook, Rob Smith, Mark Harris, Prateek Bhajanka
GARTNER and Magic Quadrant are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and are used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.