Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
An image oft two male developers working and collaborating in an casual enterprise office.
  • News
  • 4 min read

Microsoft delivers unified SIEM and XDR to modernize security operations

By , Corporate Vice President, Microsoft Threat Protection

Tags

Content types

Products and services

Topics

The threat landscape continues to increase in both complexity and the level of sophistication of the attacks we observe. Attackers target the most vulnerable resources in an organization and then traverse laterally to target high-value assets. No longer can you expect to stay safe by protecting individual areas such as email or endpoints. Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers.

At today’s virtual Ignite conference, Microsoft is announcing a unique approach that empowers security professionals to get ahead of today’s complex threat landscape with integrated SIEM and XDR tools from a single vendor so you get the best of both worlds – end-to-end threat visibility across all of your resources; correlated, prioritized alerts based on the deep understanding Microsoft has of specific resources and AI that stitches that signal together; and coordinated action across the organization. With the combination of SIEM and XDR, defenders are now armed with more context and automation than ever and can leverage the time saved to apply their unique expertise within their own environment to proactively hunt and implement threat preventions.

As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. With Microsoft Defender we are both rebranding our existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.

Microsoft Defender is delivered in two tailored experiences, Microsoft 365 Defender for end-user environments and Azure Defender for cloud and hybrid infrastructure.

Microsoft 365 Defender

Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. It uses artificial intelligence to reduce the SOC’s work items, and in a recent test we consolidated 1,000 alerts to just 40 high-priority incidents. Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.

Today, we are making the following branding changes to unify the Microsoft 365 Defender technologies:

  • Microsoft 365 Defender (previously Microsoft Threat Protection).
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection).
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection).

New features within Microsoft 365 Defender will also be available:

  • Extending mobile threat defense capabilities in Microsoft Defender for Endpoint to iOS (now in Preview) and Android support now moves to GA. As a result, Microsoft now delivers endpoint protection across all major OS platforms. Learn more about the latest in our endpoint security journey.
  • Extension of current macOS support with the addition of threat and vulnerability management. You can learn more here.
  • Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information. Customers can customize prioritized account workflows to offer these users an added layer of protection. Learn more here.
An image of the Microsoft 365 Defender dashboard.

Microsoft 365 Defender

Azure Defender

Azure Defender delivers XDR left capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.

Aligned with the Microsoft 365 brand changes, today we are announcing brand changes for these capabilities under Azure Defender, for example:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition).
  • Azure Defender for IoT (previously Azure Security Center for IoT).
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL).

We are also announcing new features will also be available within Azure Defender:

  • To help defenders identify and mitigate unprotected resources we are delivering a new unified experience for Azure Defender that makes it easy to see which resources are protected and which need protection. This updated experience can be accessed here and will be made broadly available later this month.
  • Added protection for SQL servers on-premises and in multi-cloud environments as well as virtual machines in other clouds, and improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
  • Support for operational technology networks with the integration of CyberX into Azure Defender for IoT.
An image of Defender.

Defender

Azure Sentinel

The XDR capabilities of Microsoft Defender delivered through Azure Defender and Microsoft 365 Defender provides rich insights and prioritized alerts, but to gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, we connect Microsoft Defender to Azure Sentinel, our cloud-native SIEM.

Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise.

Today, we are announcing new features within Azure Sentinel:

  • The new entity behavior analytics view makes it easier to diagnose compromised accounts or malicious insiders.
  • Simplify management of threat intelligence by including the ability to search, add, and track threat indictors, perform threat intelligence lookups, and create watchlists. To learn more about these in detail, check out the Azure Sentinel blog.
An image of Azure Sentinel.

Azure Sentinel

Modernize your security operations

Some vendors deliver XDR, some deliver SIEM. Microsoft believes that defenders can benefit from using deeply integrated SIEM and XDR for end-to-end visibility and prioritized actionable insights across all your enterprise assets. We are committed to delivering the best-integrated experience with the broadest coverage of resources to help simplify your world.

Thank you for your continued partnership and invaluable input on this journey to deliver the most comprehensive threat protection to our global customers.

Infographic of Microsoft 365 Defender and Azure Defender

YouTube video: Microsoft Defender, Extended Detection and Response (XDR) | Microsoft Ignite 2020

Stay healthy. Stay safe.

-Rob & our entire Microsoft Security Team

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Rob Lefferts

Corporate Vice President, Microsoft Threat Protection

See Rob Lefferts posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads