Microsoft 365 Defender

Stop attacks with automated, cross-domain security and built-in AI.

Two Microsoft employees working together on a laptop and a desktop monitor.

Stop attacks across Microsoft 365 services

As threats become more complex and persistent, alerts increase, and security teams are overwhelmed. Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

Stop attacks before they happen

Reduce your attack surface and eliminate persistent threats.

Detect and automate across domains

Integrate threat data for rapid and complete response.

Hunt across all your data

Leverage time saved to apply your unique expertise.

Microsoft 365 Defender capabilities

Protect your Microsoft 365 environment

Leverage the best-in-class Microsoft 365 security portfolio to automatically analyze data across domains.


Manage and secure hybrid identities and simplify employee, partner, and customer access.


Deliver preventive protection, post-breach detection, automated investigation, and response for endpoints.

Cloud apps

Get visibility, control data, and detect threats across cloud services and apps.

Email and documents

Secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.

Industry recognition

Screenshot from video.


Protecting your enterprise means bringing together insights from all your security tools. Microsoft 365 Defender integrates with cloud-native security information and event manager (SIEM), Azure Sentinel.


Azure Sentinel delivers intelligent security analytics for your entire enterprise from a single console. Connect with data from your Microsoft products and all other sources, and take advantage of AI to make your threat detection and response smarter and faster. Eliminate security infrastructure setup and maintenance and scale to meet your security needs.


Azure Sentinel also connects to Azure Defender, a built-in tool that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Azure Defender protects your hybrid data, cloud-native services, and servers from threats and seamlessly integrates with your existing security solutions while leveraging Microsoft’s vast threat intelligence.

Learn more about Microsoft 365 Defender

Blog series

Stay up to date with the latest news and features about Microsoft 365 Defender.


Microsoft 365 Defender is included with some Microsoft 365 and Office 365 Security and Enterprise licenses.

Tech community

Learn best practices, get updates, and engage with product teams in the Microsoft 365 Defender tech community.