Microsoft Defender Threat Intelligence

Help protect your organization from modern adversaries and threats such as ransomware.

Start free trial
Three people working together at a desk.

Stop Ransomware with Microsoft Security

Don’t just react to threats. Get ahead of them. Watch this digital event to learn how to safeguard your organization from today’s attacks – and be ready for tomorrow’s.

Watch now

Uncover your adversaries

Expose and eliminate modern threats and their infrastructure using dynamic cyberthreat intelligence.

Identify attackers and their tools

Understand your adversaries and their online infrastructures to identify your potential threat exposures using a complete map of the internet.

Accelerate threat detection and remediation

Discover the full scope of an attack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block IP addresses or domains.

Enhance your security tools and workflows

Extend the reach and visibility of your existing security investments. Use the raw cyberthreat intelligence from your security tools and workflows, via an API, to gain more context and understand threats more deeply.

Be more efficient

Save up to 60 percent by using Microsoft Security rather than multiple point solutions.1

Microsoft Defender Threat Intelligence

Gain an unparalleled view of the ever-changing threat landscape. Defender Threat Intelligence maps the entire internet to expose threat actors and their infrastructures. Get the cyberthreat intelligence you need to block an entire attack and keep your organization safe from complex threats such as ransomware.

Watch the video

Capabilities

Uncover and help eliminate threats with Defender Threat Intelligence.

A list of components on hosts in Microsoft Defender Threat Intelligence.

Get continuous threat intelligence

Scan the internet to create a complete picture of day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.

A document titled Risk IQ: Fingerprinting Sliver C2 Servers in Microsoft Defender Threat Intelligence.

Expose adversaries and their methods

Understand the group behind an online attack, their methods, and how they typically operate.

An Incidents list in Microsoft Sentinel organized by severity.

Enhance alert investigations

Enrich Microsoft Sentinel and Microsoft 365 Defender incident data with external threat intelligence to uncover the full scale of a threat or attack.

A list of Host Pairs for a website in Microsoft Defender Threat Intelligence.

Accelerate incident response

Investigate and remove malicious infrastructure such as domains and IPs and all the known tools and resources operated by an attacker or threat family.

A project named Franken-Phish and a list of related artifacts in Microsoft Defender Threat Intelligence.

Hunt threats as a team

Easily collaborate on investigations across teams using the Defender Threat Intelligence workbench and share knowledge of threats with Intel Profiles.

A list of components on IPs on Microsoft Defender Threat Intelligence.

Expand prevention and improve security posture

Automatically uncover malicious entities and help stop outside threats by blocking internal resources from accessing dangerous internet resources.

A list of components on hosts in Microsoft Defender Threat Intelligence.

Get continuous threat intelligence

Scan the internet to create a complete picture of day-to-day changes. Create threat intelligence for your own business to understand and reduce exposure.

A document titled Risk IQ: Fingerprinting Sliver C2 Servers in Microsoft Defender Threat Intelligence.

Expose adversaries and their methods

Understand the group behind an online attack, their methods, and how they typically operate.

An Incidents list in Microsoft Sentinel organized by severity.

Enhance alert investigations

Enrich Microsoft Sentinel and Microsoft 365 Defender incident data with external threat intelligence to uncover the full scale of a threat or attack.

A list of Host Pairs for a website in Microsoft Defender Threat Intelligence.

Accelerate incident response

Investigate and remove malicious infrastructure such as domains and IPs and all the known tools and resources operated by an attacker or threat family.

A project named Franken-Phish and a list of related artifacts in Microsoft Defender Threat Intelligence.

Hunt threats as a team

Easily collaborate on investigations across teams using the Defender Threat Intelligence workbench and share knowledge of threats with Intel Profiles.

A list of components on IPs on Microsoft Defender Threat Intelligence.

Expand prevention and improve security posture

Automatically uncover malicious entities and help stop outside threats by blocking internal resources from accessing dangerous internet resources.

Join the Microsoft Defender Threat Intelligence Community

Register for free to help protect your organization while contributing to community defense.

Learn more
Sign in

How Microsoft Defender Threat Intelligence works

Microsoft tracks more than 65 trillion signals daily, helping security teams identify vulnerabilities with greater efficacy and stay ahead of today's threats.

Integrated threat protection with SIEM and XDR

Empower your defenders to effectively secure your digital estate by combining extended detection and response (XDR) and security information and event management (SIEM).

Microsoft 365 Defender

Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.

Learn more about Microsoft 365 Defender
An overview dashboard in Microsoft 365 Defender showing active threats, active incidents, users at risk, devices at risk, and more.

Microsoft 365 Defender

Get unified security and visibility across endpoints, identities, emails, and cloud apps with an industry-leading XDR solution.

Learn more about Microsoft 365 Defender

Related products

Use best-in-class Microsoft security products to help prevent and detect attacks across your organization.

Learn more
A person having a conversation at their desk.

Microsoft Sentinel

See and stop threats across your entire enterprise with intelligent security analytics.

Learn more
A person sitting at their desk typing on a laptop connected to a desktop monitor.

Microsoft Defender for Cloud

Increase protection in your multicloud and hybrid environments.

Learn more
A person working at their desk across two monitors.

Microsoft Defender External Attack Surface Management

Understand your security posture beyond the firewall.

Learn more

Additional resources

Announcement

Read the threat intelligence blog

Learn about the new threat intelligence offerings from Microsoft.

Learn more

Infographic

Help protect your business with threat intelligence

Learn how to use internet threat intelligence to defend your organization against attacks.

Learn more

Documentation

Best practices and implementation

Get started with threat intelligence solutions for your organization today.

Learn more

Infographic

The scale and scope of cybercrime in 60 seconds

During a cyberattack, every second counts. We’ve condensed a year’s worth of cybersecurity research into one 60-second window.

Learn more

Protect everything

Make your future more secure. Explore your security options today.

Start free trial

Microsoft Defender Threat Intelligence is a complete threat intelligence platform. It helps security professionals analyze and act upon signals collected from the internet by a global collection network and processed by security experts and machine learning. These data sets show the infrastructure connections across the global threat landscape, uncovering an organization’s external attack surface and enabling teams to investigate the tools and systems used to attack it. Defender Threat Intelligence provides external context for internal security incidents via SIEM and XDR capabilities in Microsoft Sentinel and Microsoft 365 Defender.