Security operations capabilities

These are the capabilities that you can use for your security operations.


Capability Description More information
Microsoft Sentinel A scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel documentation
Microsoft Defender for Cloud A unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as-on premises. Microsoft Defender for Cloud documentation
Azure Active Directory (Azure AD) Identity Protection Azure AD Identity Protection enables you to detect potential vulnerabilities affecting your organization's identities and configure automated remediation policy to low, medium, and high sign-in risk and user risk. What is Azure Active Directory Identity Protection?
Microsoft Defender for Identity A cloud-based security solution that leverages your on-premises Active Directory Domain Services signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Defender for Identity empowers SecOp analysts and security professionals to detect advanced attacks in hybrid environments. Defender for Identity documentation
Microsoft Defender for Office 365 Safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. Defender for Office 365 documentation
Microsoft Defender for Endpoint An endpoint protection platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Defender for Endpoint documentation
Microsoft Defender for Cloud Apps A cloud access security broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Microsoft Defender for Cloud Apps documentation
App governance add-on to Microsoft Defender for Cloud Apps A security and policy management capability designed for OAuth-enabled apps that access Microsoft 365 data through Microsoft Graph APIs. App governance add-on
Azure Monitor Maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. Azure Monitor documentation
Microsoft 365 Defender portal Combines protection, detection, investigation, and response to email, collaboration, identity, and device threats, in a central portal. It includes information from Defender for Office 365, Defender for Endpoint, Defender for Identity, and Microsoft Defender for Cloud Apps for quick access to information, simpler layouts, and bringing related information together for easier alert detection, threat visibility, proactive hunting, and incident response. Microsoft 365 Defender portal documentation

See also

Key Microsoft security resources

Resource Description
2021 Microsoft Digital Defense Report A report that encompasses learnings from security experts, practitioners, and defenders at Microsoft to empower people everywhere to defend against cyberthreats.
Microsoft Cybersecurity Reference Architectures A set of visual architecture diagrams that show Microsoft’s cybersecurity capabilities and their integration with Microsoft cloud platforms such as Microsoft 365 and Microsoft Azure and third-party cloud platforms and apps.
Minutes matter infographic download An overview of how Microsoft's SecOps team does incident response to mitigate ongoing attacks.
Azure Cloud Adoption Framework security operations Strategic guidance for leaders establishing or modernizing a security operation function.
Microsoft cloud security for IT architects model Security across Microsoft cloud services and platforms for identity and device access, threat protection, and information protection.
Microsoft security documentation Additional security guidance from Microsoft.