What's Microsoft 365 Defender?

Microsoft Defender

Microsoft 365 Defender is a suite of security technology to detect security risks, investigate attacks, and prevent harmful activities. It includes a number of security solutions including Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), and Microsoft Defender for Cloud Apps formally known as Microsoft Cloud App Security. But typically, when someone says "What's Microsoft 365 Defender?" they are referring to the Microsoft 365 Defender portal.

Microsoft Defender for Office 365

Microsoft Defender for Office 365

We won't go into all the features you can access for Microsoft Defender for Office 365 because it isn't all covered on the MS-500 test and quite simply, it's a lot. Plus, some of the sections I've broken into different articles. But let's cover some of the basics.

What is Defender for Office 365?

Every Office 365 subscription comes with some security functionality. Depending on your subscriptions is depending on how many additional security capabilities you'll receive. In Defender for Office 365, there are three main packages tied to your subscription type:

  • Exchange Online Protection (EOP)
  • Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
  • Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)

Exchange Online Protection

Exchange Online Protection is available to every license that has an Exchange Online mailbox license. In short, it's the basic security package you receive with a Microsoft 365 mailbox. It protects against spam, phishing attacks, malware, and bulk mail. It has spoof intelligence, impersonation detection, and quarantine capabilities. You also get access to the Audit logs and message trace.

Defender for Office P1

Defender for Office P1 has all the capabilities of Exchange Online Protection plus some more. For example, you'll get access to safe attachments, safe links, Defender for Office 365 protection for SharePoint Online, Teams, and OneDrive for Business. User and domain impersonation protection, alerts, and SIEM integration API for alerts and detections.

Defender for Office P2

Defender for Office P2 includes everything that Defender for Office P1 includes (including the Exchange Online Protection) plus more. You'll gain access to the Threat Explorer, Threat Trackers, and Campaign views. You'll also gain access to Automated Investigation and Response (AIR) capabilities.

What's Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint

Formally known as Windows Defender Advanced Threat Protection (ATP) then later known as Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender for Endpoint is Microsoft's complete endpoint security package. Microsoft Defender for Endpoint offers security for clients, servers, mobile devices, and network devices. Offering attack surface reduction, detection, and response to threats and automated investigation and remediation.

Microsoft Defender for Endpoint is available in the following licenses:

  • Microsoft Defender for Endpoint Plan 1 (P1)
  • Microsoft Defender for Endpoint Plan 2 (P2)
  • Microsoft Defender for Endpoint P1 is included as part of Microsoft 365 E3/A3 licenses
  • Microsoft Defender for Endpoint P2 is available as part of the following plans: Windows 11 Enterprise E5/A5, Windows 10 Enterprise E5/A5, Microsoft 365 E5/A5/G5 (which includes Windows 10 or Windows 11 Enterprise E5), Microsoft 365 E5/A5/G5/F5 Security, Microsoft 365 F5 Security & Compliance

What's Microsoft Defender for Identity?

Microsoft Defender for Identity

Formally known as Azure Advanced Threat Protection or Azure ATP for short. Microsoft Defender for Identity also replaces Microsoft Advanced Threat Analytics (ATA). Microsoft Defender for Identity is Microsoft 365's solution for your on-premises Active Directory security. It uses a variety of signals to detect advanced threats. It can detect compromised identities, and malicious actions targeting your organization. In short, you install a small piece of software on your Active Directory (AD) servers and then Microsoft will collect a lot of security-related information and show you alerts in the Microsoft 365 portal.

Microsoft Defender for Identity is available with the following licenses:

  • Enterprise Mobility + Security E5/A5 (EMS E5 & EMS A5)
  • Microsoft 365 E5/A5/G5
  • Microsoft 365 E5/A5/G5/F5 Security
  • Microsoft F5 Security & Compliance
  • Microsoft Defender for Identity (standalone license)

What's Microsoft Defender for Cloud Apps?

Microsoft Defender for Cloud Apps

Formally known as Microsoft Cloud App Security, Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB). In short, it will pull in data from other cloud apps/firewalls so you can see what cloud apps your users are using, how much they are using them, and apply policies to limit their use.

Microsoft Defender for Cloud Apps is available with the following licenses:

  • Microsoft 365 E5
  • Microsoft 365 E5 Security
  • Microsoft 365 E5 Compliance
  • Enterprise Mobility + Security E5 (EMS E5)
  • Microsoft Cloud App Security (standalone license)
  • Microsoft 365 Education A3/A5
  • Office 365 E5