Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Here’s a list of the different Microsoft 365 Defender products and solutions that Microsoft 365 Defender coordinates with:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender Vulnerability Management
  • Azure Active Directory Identity Protection
  • Microsoft Data Loss Prevention
  • App Governance

Microsoft 365 Defender protection

Microsoft 365 Defender services protect:

Endpoints with Defender for Endpoint – Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.

Compare flexible purchase options

Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5.

Microsoft Defender for Endpoint P1

Included with Microsoft 365 E3

Microsoft Defender for Endpoint P1 offers a foundational set of capabilities, including industry-leading antimalware, attack surface reduction, and device-based conditional access.

  • Unified security tools and centralized management
  • Next-generation antimalware
  • Attack surface reduction rules
  • Device control (such as USB)
  • Endpoint firewall
  • Network protection
  • Web control / category-based URL blocking
  • Device-based conditional access
  • Controlled folder access
  • APIs, SIEM connector, custom threat intelligence
  • Application control

Microsoft Defender for Endpoint P2

Included with Microsoft 365 E5
Microsoft Defender for Endpoint P2 offers the complete set of capabilities, including everything in P1, plus endpoint detection and response, automated investigation and incident response, and threat and vulnerability management.

Includes everything in Endpoint P1, plus:

  • Endpoint detection and response
  • Automated investigation and remediation
  • Threat and vulnerability management
  • Threat intelligence (threat analytics)
  • Sandbox (deep analysis)
  • Microsoft Threat Experts
Assets with Defender Vulnerability Management – Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.

Email and collaboration with Defender for Office 365 – Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.

Identities with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection –

Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure AD Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.
Microsoft Defender for Identity

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

Defender for Identity enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to:

Monitor users, entity behavior, and activities with learning-based analytics
Protect user identities and credentials stored in Active Directory
Identify and investigate suspicious user activities and advanced attacks throughout the kill chain

Provide clear incident information on a simple timeline for fast triage

Applications with Microsoft Defender for Cloud Apps – Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is now part of Microsoft 365

image (2)
The Microsoft 365 Defender portal allows security admins to perform their security tasks in one location. This will simplify workflows, and add the functionality of the other Microsoft 365 Defender services. Microsoft 365 Defender will be the home for monitoring and managing security across your Microsoft identities, data, devices, apps, and infrastructure.

Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.

Microsoft Defender for Cloud Apps natively integrates with leading Microsoft solutions and is designed with security professionals in mind. It provides simple deployment, centralized management, and innovative automation capabilities.

Get started
Microsoft 365 Defender licensing requirements must be met before you can enable the service in the Microsoft 365 Defender portal at

Technology Solutions Worldwide is a global organization that is focused on the constant improvement both in quality and satisfaction. Equally as important is to know that we have offices all over North America, Central America, South America, and the Caribbean.



For any inquiries, please call: (800) 998-2792

Email –