Microsoft 365 Defender

Stop attacks with automated, cross-domain security and built-in AI.

Two Microsoft employees working together on a laptop and a desktop monitor.

Microsoft 365 E5 benefit with Azure Sentinel

Microsoft 365 E5 and Microsoft 365 E5 Security customers can get Azure credits towards up to 100 MB per user per month of Microsoft 365 data ingestion, saving a typical 3,500-seat deployment $1,500 per month.

Learn more

Stop attacks across Microsoft 365 services

As threats become more complex and persistent, alerts increase, and security teams are overwhelmed. Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

Stop attacks before they happen

Reduce your attack surface and eliminate persistent threats.

Detect and automate across domains

Integrate threat data for rapid and complete response.

Hunt across all your data

Leverage time saved to apply your unique expertise.

View interactive guide

Microsoft 365 Defender capabilities

A Microsoft 365 Security window displaying an incident overview.

Prevent cross-domain attacks and persistence

Automatically prevent threats from accessing your organization and stop attacks before they happen. Understand attacks and context across domains to eliminate lie-in-wait and persistent threats and protect against current and future breaches—all with help from Microsoft 365 Defender.

Watch video

A person with chin-length hair reaching out to use a touchscreen device.

Reduce signal noise

View prioritized incidents in a single dashboard to reduce confusion, clutter, and alert fatigue. Use the automated investigation capabilities of Microsoft 365 Defender to spend less time on detection and response so you can focus on triaging critical alerts and responding to threats.

Watch video

A person using a laptop in a shared work environment

Auto-heal affected assets

Take care of routine and complex remediation with Microsoft 365 Defender. Detection, investigation, and response occur automatically at the domain level within each Microsoft 365 security product. Return affected assets to a safe state in the broader context of an incident and automatically remediate seemingly isolated attacks across the portfolio.

Watch video

A Microsoft 365 Security incidents queue with a list of incidents

Hunt threats across domains

Search across all your Microsoft 365 data with Microsoft 365 Defender. Leverage your organizational knowledge with custom queries. Protect your organization against internal threats and develop custom detection and response tools for long-term protection and an improved Secure Score.

Watch video

Protect your Microsoft 365 environment

Leverage the best-in-class Microsoft 365 security portfolio to automatically analyze data across domains.

Identities

Manage and secure hybrid identities and simplify employee, partner, and customer access.

Learn about Azure Active Directory

Learn about Microsoft Defender for Identity

Endpoints

Deliver preventive protection, post-breach detection, automated investigation, and response for endpoints.

Learn about Microsoft Defender for Endpoint

Cloud apps

Get visibility, control data, and detect threats across cloud services and apps.

Learn about Microsoft Cloud App Security

Email and documents

Secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.

Learn about Microsoft Defender for Office 365

Industry recognition

Forrester EDR Wave

Forrester names Microsoft a leader in The Forrester Wave™: Enterprise Detection And Response, Q1 2020.

Gartner Magic Quadrant for Endpoint Protection Platforms

Microsoft named a Leader in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms.

Leader in MITRE ATT&CK

Microsoft 365 Defender leads in real-world detection in MITRE ATT&CK evaluation.

Gartner Magic Quadrant for Cloud Access Security Broker

Microsoft named a Leader in the 2020 Magic Quadrant for Cloud Access Security Broker.

Read the blog

SIEM and XDR

Protecting your enterprise means bringing together insights from all your security tools. Microsoft 365 Defender integrates with cloud-native security information and event manager (SIEM), Azure Sentinel.

Azure Sentinel delivers intelligent security analytics for your entire enterprise from a single console. Connect with data from your Microsoft products and all other sources, and take advantage of AI to make your threat detection and response smarter and faster. Eliminate security infrastructure setup and maintenance and scale to meet your security needs.

Azure Sentinel also connects to Azure Defender, a built-in tool that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Azure Defender protects your hybrid data, cloud-native services, and servers from threats and seamlessly integrates with your existing security solutions while leveraging Microsoft’s vast threat intelligence.

Watch the video

Azure Sentinel

Azure Defender

Learn more about Microsoft 365 Defender

Blog series

Stay up to date with the latest news and features about Microsoft 365 Defender.

Read the blog

Licensing

Microsoft 365 Defender is included with some Microsoft 365 and Office 365 Security and Enterprise licenses.

Learn more

Tech community

Learn best practices, get updates, and engage with product teams in the Microsoft 365 Defender tech community.

More on Microsoft Security

Microsoft Security solutions

Security blog

Technical guidance

Twitter