Zero Trust with Microsoft Defender XDR
Applies to:
- Microsoft Defender XDR
Microsoft Defender XDR contributes to a strong Zero Trust strategy and architecture by providing extended detection and response (XDR). Microsoft Defender XDR works together with other Microsoft XDR tools and services and can be integrated with Microsoft Sentinel as a security information and event management (SIEM) source for a complete XDR/SIEM solution.
Microsoft Defender XDR is an XDR solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities.
In the illustration: Microsoft Defender XDR provides XDR capabilities for protecting:
- Endpoints, including laptops and mobile devices
- Data in Office 365, including email
- Cloud apps, including other SaaS apps that your organization uses
- On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers
Microsoft Defender XDR helps you apply the principles of Zero Trust in the following ways:
| Zero Trust principle | Met by |
|---|---|
| Verify explicitly | Microsoft Defender XDR provides XDR across users, identities, devices, apps, and emails. |
| Use least privileged access | If used with Microsoft Entra ID Protection, Microsoft Defender XDR blocks users based on the level of risk posed by an identity. Microsoft Entra ID Protection is licensed separately from Microsoft Defender XDR and is included with Microsoft Entra ID P2. |
| Assume breach | Microsoft Defender XDR continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints. |
To add Microsoft Defender XDR to your Zero Trust strategy and architecture, go to Evaluate and pilot Microsoft Defender XDR for a methodical guide to piloting and deploying Microsoft Defender XDR components. The following table summarizes what these topics include.
| Includes | Prerequisites | Doesn't include |
|---|---|---|
Set up the evaluation and pilot environment for all components:
Protect against threats Investigate and respond to threats |
See the guidance for the architecture requirements for each component of Microsoft Defender XDR. | Microsoft Entra ID Protection is not included in this solution guide. It is included in Step 1. Configure Zero Trust identity and device access protection. |
Next steps
Learn more about Zero Trust for Microsoft Defender XDR services:
Learn more about other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture with the Zero Trust deployment plan with Microsoft 365.
Learn more about Zero Trust and how to build an enterprise-scale strategy and architecture with the Zero Trust Guidance Center.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for