Microsoft 365 Defender cross-product features include:Ĭross-product single pane of glass in the Microsoft 365 Defender portal - A central view for all information on detections, impacted assets, automated actions taken, and related evidence in a single queue and a single pane in Microsoft 365 Defender portal.Ĭombined incidents queue - To help security professionals focus on what is critical by ensuring the full attack scope, impacted assets and automated remediation actions are grouped together and surfaced in a timely manner.Īutomatic response to threats - Critical threat information is shared in real time between the Microsoft 365 Defender products to help stop the progression of an attack.įor example, if a malicious file is detected on an endpoint protected by Defender for Endpoint, it will instruct Defender for Office 365 to scan and remove the file from all e-mail messages. Here's an example of query-based hunting on top of email and endpoint raw data. Here's an example of the list of related alerts for an incident. Here's an example of how the Microsoft 365 Defender portal correlates all related alerts across products into a single incident. Enable security teams to perform detailed and effective threat hunting across endpoint and Office data.Automate response to compromise by triggering self-healing for impacted assets through automated remediation.Narrate the full story of the attack across product alerts, behaviors, and context for security teams by joining data on alerts, suspicious events and impacted assets to 'incidents'.
Help protect against attacks and coordinate defensive responses across the services through signal sharing and automated actions.Microsoft 365 Defender's unique cross-product layer augments the individual service components to: Applications with Microsoft Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.Azure AD Identity Protection automates the detection and remediation of identity-based risks in your cloud-based Azure AD. Identities with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection - Defender for Identity uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Email and collaboration with Defender for Office 365 - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
In this interactive guide, you'll learn how to protect your organization with Microsoft 365 Defender. Microsoft Defender Vulnerability Management Microsoft 365 Defender services Microsoft Defender for Endpoint Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
With the integrated Microsoft 365 Defender solution, security professionals can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.