What's new in Microsoft 365 Defender


The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.

Want to experience Microsoft 365 Defender? You can evaluate it in a lab environment or run your pilot project in production.

The following features are in preview or generally available (GA) in the latest release of Microsoft 365 Defender.

RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:


For more information on what's new with other Microsoft Defender security products see:

August 2021

  • (Preview) Microsoft Defender for Office 365 data available in advanced hunting
    New columns in email tables can provide more insight into email-based threats for more thorough investigations using advanced hunting. You can now include the AuthenticationDetails column in EmailEvents, FileSize in EmailAttachmentInfo, and ThreatTypes and DetectionMethods in EmailPostDeliveryEvents tables.

  • (Preview) Incident graph
    A new Graph tab on the Summary tab of an incident shows the full scope of the attack, how the attack spread through your network over time, where it started, and how far the attacker went.

July 2021

  • Professional services catalog
    Enhance the detection, investigation, and threat intelligence capabilities of the platform with supported partner connections.

June 2021

  • (Preview) View reports per threat tags
    Threat tags help you focus on specific threat categories and review the most relevant reports.
  • (Preview) Streaming API
    Microsoft 365 Defender supports streaming all the events available through Advanced Hunting to an Event Hubs and/or Azure storage account.
  • (Preview) Take action in advanced hunting
    Quickly contain threats or address compromised assets that you find in advanced hunting.
  • (Preview) In-portal schema reference
    Get information about advanced hunting schema tables directly in the security center. In addition to table and column descriptions, this reference includes supported event types (ActionType values) and sample queries.
  • (Preview) DeviceFromIP() function
    Get information about which devices have been assigned a specific IP address or addresses at a given time range.

May 2021

April 2021

  • Microsoft 365 Defender
    The improved Microsoft 365 Defender portal is now available. This new experience brings together Defender for Endpoint, Defender for Office 365, Defender for Identity, and more into a single portal. This is the new home to manage your security controls. Learn what's new.

  • Microsoft 365 Defender threat analytics report
    Threat analytics helps you respond to and minimize the impact of active attacks. You can also learn about attack attempts blocked by Microsoft 365 Defender solutions and take preventive actions that mitigate the risk of further exposure and increase resiliency. As part of the unified security experience, threat analytics is now available for Microsoft Defender for Endpoint and Microsoft Defender for Office E5 license holders.

March 2021

  • CloudAppEvents table
    Find information about events in various cloud apps and services covered by Microsoft Cloud App Security. This table also includes information previously available in AppFileEvents.

February 2021