Use Microsoft Defender for Office 365 together with Microsoft Defender for Endpoint

Important

The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.

Microsoft Defender for Office 365 can be configured to work with Microsoft Defender for Endpoint.

Integrating Microsoft Defender for Office 365 with Microsoft Defender for Endpoint can help your security operations team monitor and take action quickly if users' devices are at risk. For example, once integration is enabled, your security operations team will be able to see the devices that are potentially affected by a detected email message, as well as how many recent alerts were generated for those devices in Microsoft Defender for Endpoint.

The following image depicts what the Devices tab looks like when you have Microsoft Defender for Endpoint integration enabled:

When Microsoft Defender for Endpoint is enabled, you can see a list of devices with alerts.

In this example, you can see that the recipients of the detected email message have four devices and one has an alert. Clicking the link for a device opens its page in Microsoft 365 Defender (formerly the Microsoft Defender security center).

Tip

The Microsoft 365 Defender portal replaces the Microsoft Defender Security Center. See Microsoft Defender for Endpoint in Microsoft 365 Defender.

Requirements

To integrate Microsoft Defender for Office 365 with Microsoft Defender for Endpoint

Integrating Microsoft Defender for Office 365 with Microsoft Defender for Endpoint is set up in both Defender for Endpoint and Defender for Office 365.

  1. As a global administrator or a security administrator,https://security.microsoft.com/threatexplorer.

  2. In the navigation pane, choose Email & collaboration > Explorer.

  3. On the Explorer page, in the upper right corner of the screen, click MDE Settings.

  4. In the Microsoft Defender for Endpoint connection flyout that appears, turn on Connect to Microsoft Defender for Endpoint (Toggle on) and then click Close icon Close.

    MDE Connection

  5. Back in the navigation pane, choose Settings. On the Settings page, choose Endpoints

  6. On the Endpoints page that opens, choose Advanced features.

  7. Scroll down to Office 365 Threat Intelligence connection, and turn it on (Toggle on).

    When you're finished, click Save preferences.

Threat investigation and response capabilities in Office 365

Microsoft Defender for Office 365

Microsoft Defender for Endpoint