Threat information sources for Microsoft Defender XDR

  • 12 minutes

As a security analyst, you need to be able to see the full view of a security threat or attack to understand where the attack originated, what resources were affected, and how it's currently impacting your organization. You need as much information as possible assembled from different sources to get a complete picture.

Here are the security products that provide threat information for incidents in the Microsoft Defender portal.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint helps you prevent, detect, investigate, and respond to threats on your devices across your organization's environment, for both pre-breach and post-breach.

With Microsoft Defender for Endpoint, you can:

  • Monitor and manage the device inventory in your organization.
  • Detect potential vulnerabilities with Threat and Vulnerability Management.
  • Provide next-generation protection for your devices with Microsoft Defender Antivirus, exploit protection, attack surface reduction, and more capabilities that prevent attacks in the first place.
  • Receive endpoint detections and alerts, including antivirus, endpoint detection and response (EDR), and attack surface reduction.
  • See detailed information about files, processes, and events observed on endpoints.

Microsoft Defender for Identity

Microsoft Defender for Identity uses signals from your on-premises Active Directory Domain Services (AD DS) to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Watch this three-and-a-half-minute video to understand how Microsoft Defender for Identity integrates with Microsoft Defender XDR.

Microsoft Defender for Office 365

Microsoft Defender for Office 365 helps safeguard your organization against malicious threats posed by email messages, links (URLs), and Microsoft 365 collaboration tools such as Microsoft Teams. It can help protect your organization against phishing emails and malicious email campaigns. With Microsoft Defender for Office 365, you can help protect your organization's email and gain insights that help you mitigate attacks.

Watch this short video for an overview of Microsoft Defender for Office 365.

With the integration of Microsoft Defender for Office 365 into Microsoft Defender XDR, you get to see and respond to alerts and data from a larger attack that includes email and collaboration tools.

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps provides you with visibility, control, and the analytics you need to identify and defeat security threats with Microsoft and third-party cloud services.

With the integration of Defender for Cloud Apps with Microsoft Defender XDR, your security team can detect unusual behavior across cloud apps to identify compromised users or rogue applications, analyze high-risk usage, and automatically remediate to limit the risk to your organization.