Microsoft 365 Defender

microsoft

Unified enterprise defense suite that provides integrated threat protection across endpoints, identities, email, and applications.

What is Microsoft 365 Defender?

Microsoft 365 Defender coordinates detection and response across Defender for Endpoint, Defender for Identity, Defender for Office 365, and Defender for Cloud Apps. Cross-domain correlation connects related alerts into incidents, and automated investigation and response can remediate threats without human intervention.

In Microsoft 365

Microsoft 365 Defender is accessed through the security.microsoft.com portal. It provides a unified view of security across M365 workloads. Identity-related alerts from Entra ID Identity Protection and Defender for Identity appear alongside endpoint and email threats.

Examples

  • 1Correlated incident spanning phishing email and endpoint compromise
  • 2Automated response disabling compromised user
  • 3Threat hunting across identities and endpoints

Related TrueConfig Controls

These controls help implement and verify microsoft 365 defender in your Microsoft 365 environment.

LOG-03Stream All Security Events to SIEM in Real-TimeLOG-04Configure Privileged Operation AlertsLOG-05Admin Activity Anomaly DetectionGOV-04Automate Threat Response with SOAR

Frequently Asked Questions

What is Microsoft 365 Defender?
Unified enterprise defense suite that provides integrated threat protection across endpoints, identities, email, and applications.
How does Microsoft 365 Defender work in Microsoft 365?
Microsoft 365 Defender is accessed through the security.microsoft.com portal. It provides a unified view of security across M365 workloads. Identity-related alerts from Entra ID Identity Protection and Defender for Identity appear alongside endpoint and email threats.
What are examples of Microsoft 365 Defender?
Examples of Microsoft 365 Defender include: Correlated incident spanning phishing email and endpoint compromise, Automated response disabling compromised user, Threat hunting across identities and endpoints.
Which TrueConfig controls relate to Microsoft 365 Defender?
TrueConfig controls related to Microsoft 365 Defender include: LOG-03, LOG-04, LOG-05, GOV-04. These controls help implement and verify microsoft 365 defender in your environment.

Related Terms

Microsoft Defender for Identity

Cloud-based security solution that uses on-premises Active Directory signals to detect advanced threats.

← Back to GlossaryBrowse Controls →