Microsoft Defender for Endpoint 和其他 Microsoft 解决方案Microsoft Defender for Endpoint and other Microsoft solutions

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

与其他 Microsoft 解决方案集成Integrate with other Microsoft solutions

Microsoft Defender for Endpoint 直接与各种 Microsoft 解决方案集成。Microsoft Defender for Endpoint directly integrates with various Microsoft solutions.

Azure 安全中心Azure Security Center

Microsoft Defender for Endpoint 提供了全面的服务器保护解决方案,包括终结点检测和响应 (Windows Server 上的 EDR) 功能。Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.

Azure SentinelAzure Sentinel

Microsoft Defender for Endpoint 连接器允许你将来自 Microsoft Defender for Endpoint 的警报流式传输至 Azure Sentinel。The Microsoft Defender for Endpoint connector lets you stream alerts from Microsoft Defender for Endpoint into Azure Sentinel. 这将使您能够更全面分析整个组织的安全事件,并生成有效且即时响应的手册。This will enable you to more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.

Azure 信息保护Azure Information Protection

我们最近弃用 Azure 信息保护集成,因为我们的 Endpoint DLP 功能包含针对存储在终结点设备上敏感数据的改进的发现和保护解决方案,以便提高解决方案的可见性和集成。We recently deprecated the Azure Information Protection integration as our Endpoint DLP capabilities incorporate an improved discovery and protection solution for sensitive data stored on endpoint devices that facilitates greater visibility and integration between solutions. 这是在下面的博客中 宣布的This was announced in the following blog. 我们建议客户开始使用 Endpoint DLP。We recommend that customers move to using Endpoint DLP.

条件访问Conditional Access

Microsoft Defender for Endpoint 的动态设备风险评分已集成到条件访问评估中,确保只有安全设备有权访问资源。Microsoft Defender for Endpoint's dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources.

Microsoft Cloud App SecurityMicrosoft Cloud App Security

Microsoft Cloud App Security 利用 Microsoft Defender for Endpoint 终结点信号,直接查看云应用程序使用情况,包括从所有 Microsoft Defender for Endpoint 受监视设备使用不受支持的云服务 (卷影 IT) 。Microsoft Cloud App Security leverages Microsoft Defender for Endpoint endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored devices.

Microsoft Defender for IdentityMicrosoft Defender for Identity

可疑活动是用户上下文中运行的进程。Suspicious activities are processes running under a user context. Microsoft Defender for Endpoint 和 Azure ATP 之间的集成提供了跨活动和标识进行网络安全调查的灵活性。The integration between Microsoft Defender for Endpoint and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities.

Microsoft Defender for OfficeMicrosoft Defender for Office

Defender for Office 365 通过 ATP 安全链接、ATP 安全附件、高级防钓鱼和欺骗智能功能帮助保护你的组织免受电子邮件或文件中恶意软件的攻击。Defender for Office 365 helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. Office 365 ATP 和 Microsoft Defender for Endpoint 之间的集成使安全分析师能够前往上游调查攻击的入口点。The integration between Office 365 ATP and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. 通过威胁情报共享,可以包含和阻止攻击。Through threat intelligence sharing, attacks can be contained and blocked.


针对过去 30 天内的事件显示 Defender for Office 365 数据。Defender for Office 365 data is displayed for events within the last 30 days. 对于警报,将基于第一次活动时间显示 Defender for Office 365 数据。For alerts, Defender for Office 365 data is displayed based on first activity time. 此后,数据在 Defender for Office 365 中不再可用。After that, the data is no longer available in Defender for Office 365.

Skype for BusinessSkype for Business

Skype for Business 集成为分析员提供了一种通过门户中的简单按钮与可能受到威胁的用户或设备所有者进行通信的方法。The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal.

Microsoft 365 DefenderMicrosoft 365 Defender

借助 Microsoft 365 Defender,Microsoft Defender for Endpoint 和各种 Microsoft 安全解决方案形成统一的攻破前和入侵后企业防御套件,可跨终结点、标识、电子邮件和应用程序进行本机集成,以检测、预防、调查和自动响应复杂的攻击。With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.

详细了解 Microsoft 365 DefenderLearn more about Microsoft 365 Defender