Microsoft Defender XDR
Elevate your security with unified visibility, investigation, and response across the cyberattack chain with an industry-leading extended detection and response (XDR) solution.
Supercharge your SecOps effectiveness with XDR
Get incident-level visibility across the cyberattack chain with Microsoft Defender XDR (formerly Microsoft 365 Defender). Take your SOC team to the next level with automatic disruption of advanced cyberattacks and accelerated response across endpoints & IoT, hybrid identities, email & collaboration tool, software as a service (SaaS) applications, cloud workloads, and data.
Endpoints
Discover and secure endpoint and network devices across your multiplatform enterprise.
Identities
Manage and secure hybrid identities and simplify employee, partner, and customer access.
SaaS apps
Get visibility, control data, and detect cyberthreats across cloud services and apps.
Email and collaboration tools
Protect your email and collaboration tools from advanced cyberthreats, such as phishing and business email compromise.
Microsoft Defender XDR key capabilities
Unify security with XDR.
Automatically disrupt advanced cyberattacks at machine speed
Stop lateral movement of advanced cyberattacks, such as ransomware, with AI to limit a cyberattacker’s progress early on, and give your SOC team full control to investigate and remediate cyberthreats.
Enable rapid response with XDR-prioritized incidents
Remediate cyberthreats quickly and eliminate the need to sift through random information. Get a complete view of the cyberattack chain and prioritized investigation and response at the incident level.
Reinvent SOC productivity with Microsoft Copilot for Security
Respond to cyberthreats at machine speed and scale with guided response actions, enable any analyst to build complex queries using natural language, and reverse engineer and understand adversarial scripts in seconds. Copilot is now embedded in Microsoft Defender XDR.
Auto-heal affected assets
Reduce your workload with automated self-healing of menial tasks, such as device cleanup. Build your own automated response to recurring alerts in your environment using custom detection combined with Kusto Query Language (KQL) queries.
Proactively hunt for cyberthreats
Hunt for cyberthreats across all workloads and uncover potential blind spots in your environment with a guided, step-by-step experience. Create custom queries to locate information across all XDR data.
Manage multitenant environments more effectively
Multitenant support in Microsoft Defender XDR streamlines incident management and cyberthreat hunting across multiple tenants with a consolidated view of incidents, device inventory, vulnerability management, and advanced hunting.
See Copilot in Microsoft Defender XDR
Microsoft 365 E5, A5, F5, and G5 customers can save on Microsoft Sentinel
Unified security operations platform
Secure your digital estate with the only security operations (SecOps) platform that unifies the full capabilities of extended detection and response (XDR) and security information and event management (SIEM).
Unified portal
Detect and disrupt cyberthreats in near real time and streamline investigation and response.
Microsoft Defender XDR
Achieve unified security and visibility across your clouds, platforms, and endpoints.
Microsoft Sentinel
Aggregate security data and correlate alerts from virtually any source with cloud-native SIEM.
See what’s new in cyberthreat protection and AI
Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity with our library of webcasts, e-books, and analyst reports.
Security operations maturity self-assessment tool
Find out if your security operations center is prepared to detect, respond, and recover from cyberthreats.
Industry recognition
Microsoft Security is a recognized industry leader.
?resMode=sharp2&op_usm=1.5,0.65,15,0&wid=740&hei=415&qlt=75&fit=constrain){kind=logo}
Leader in MITRE ATT&CK
Microsoft Defender XDR (formerly Microsoft 365 Defender) demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations.3
What our customers are saying
“Having a strong security posture focused on protecting physical security and the security of devices, identities, and data is critical to company stability and were key components to a successful defense against cyberattacks.”
- Eric McKinney, Enterprise Infrastructure Director, G&J Pepsi-Cola Bottlers
The Total Economic Impact™ Of Microsoft Defender XDR (formerly Microsoft 365 Defender)
A 2022 study found a return on investment of 242% over three years and a net present value of USD$17 million with Microsoft 365 Defender.4
Related products
Use best-in-class Microsoft security products to prevent and detect cyberattacks across your Microsoft 365 workloads.
Microsoft Defender for Endpoint
Deliver preventive protection, post-breach detection, automated investigation, and response for endpoints.
Microsoft Defender for Identity
Manage and secure hybrid identities and simplify employee, partner, and customer access.
Microsoft Defender for Office 365
Help secure your email, documents, and collaboration tools with Microsoft Defender for Office 365.
Microsoft Defender for Cloud Apps
Get visibility, control data, and detect cyberthreats across cloud services and apps.
Microsoft Defender for IoT
Get real-time asset discovery, vulnerability management, and cyberthreat protection for your Internet of Things (IoT) and operational technologies (OT) infrastructure.
Microsoft Defender Vulnerability Management
Bridge the gap between teams with a single place to discover, prioritize, and remediate vulnerabilities and misconfigurations.
Documentation and training for Microsoft Defender XDR
Microsoft Defender XDR infographic
Get an overview of how XDR helps stop cyberattacks and coordinates responses across assets.
Understand your plan options
Get an overview of all plans that include Microsoft Defender XDR capabilities.
Microsoft Defender XDR Blog
Learn best practices, get updates, and engage with product teams in the Microsoft Defender XDR tech community.
Evaluate and pilot Microsoft Defender XDR
Use technical guidance to get started and pilot Microsoft Defender XDR.
Protect everything
Make your future more secure. Explore your security options today.
Frequently asked questions
-
Microsoft Defender XDR (formerly Microsoft 365 Defender) is an industry-leading XDR platform. It delivers a unified investigation and response experience and provides native protection across endpoints, IoT devices, hybrid identities, email and collaboration tools, and cloud applications with centralized visibility, powerful analytics, and automatic cyberattack disruption.
Gain a broader set of protections with Microsoft Defender XDR, including email security and identity and access management as critical preventative solutions. Benefit from auto-healing capabilities for common issues and scale your security operations center (SOC) team with XDR-automated disruption to help protect against advanced cyberattacks more effectively, while safeguarding business continuity.
-
Microsoft Defender XDR is an XDR platform that provides security across your multiplatform endpoints, hybrid identities, emails, collaboration tools, and cloud apps. It uses incident-level visibility across the cyberattack chain, automatic cyberattack disruption, and unified security and access management to accelerate responses to sophisticated cyberattacks. Microsoft Sentinel complements these capabilities with SIEM and security orchestration, automation, and response (SOAR) capabilities to ingest logs from your entire digital estate—providing further automation, response, and cyberthreat tracking across systems.
-
Microsoft Defender XDR is the unified portal experience encompassing various security solutions. Access the Microsoft Defender XDR portal and XDR features with any of these licenses:
- Microsoft 365 E5 or A5
- Microsoft 365 E3
- Microsoft 365 E3 with the Microsoft Enterprise Mobility + Security E5 add-on
- Microsoft 365 A3 with the Microsoft 365 A5 security add-on
- Microsoft Enterprise Mobility + Security E5 or A5
- Microsoft Defender for Endpoint (Plan 1 and 2)
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Office 365 (Plans 1 and 2)
- Microsoft Defender Vulnerability Management
For more information, see the Microsoft 365 Enterprise service plans.
-
Microsoft Defender XDR provides a unified XDR experience for the following products: Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender Vulnerability Management.
- [1] Forrester, Forrester New Wave, Forrester Wave, and The Total Economic Impact are trademarks of Forrester Research, Inc.
- [2] The Forrester New Wave™: Extended Detection And Response (XDR) Providers, Q4 2021, Allie Mellen, October 2021.
- [3] MITRE Engenuity ATT&CK® Evaluations: Enterprise, Wizard Spider + Sandworm Enterprise Evaluation 2023, The MITRE Corporation and MITRE Engenuity.
- [4] The Total Economic Impact™ Of Microsoft Defender XDR (formerly Microsoft 365 Defender), a commissioned study conducted by Forrester Consulting, April 2022.
Follow Microsoft Security