Microsoft Defender XDR Deployment

Microsoft Defender XDR services protect:

• Endpoints with Defender for Endpoint - Microsoft Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.

• Assets with Defender Vulnerability Management - Microsoft Defender Vulnerability Management delivers continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization.

• Email and collaboration with Defender for Office 365 - Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.

• Identities with Defender for Identity and Microsoft Entra ID Protection - Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Entra ID Protection uses the learnings Microsoft acquired from their position in organizations with Microsoft Entra ID, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users.

• Applications with Defender for Cloud Apps - Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

Any of these licenses give you access to Microsoft Defender XDR features via the Microsoft Defender portal without any additional cost:

• Microsoft 365 E5 or A5
• Microsoft 365 E3 with the Microsoft 365 E5 Security add-on
• Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on
• Microsoft 365 A3 with the Microsoft 365 A5 Security add-on
• Windows 10 Enterprise E5 or A5
• Windows 11 Enterprise E5 or A5
• Enterprise Mobility + Security (EMS) E5 or A5
• Office 365 E5 or A5
• Microsoft Defender for Endpoint
• Microsoft Defender for IoT - Enterprise IoT protection (includes protection for enterprise IoT devices with the Microsoft 365 E5 (ME5) or E5 Security license)
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps or Cloud App Discovery
• Microsoft Defender for Office 365 (Plan 2)
• Microsoft 365 Business Premium
• Microsoft Defender for Business

Note

• Automatic attack disruption requires Microsoft Defender for Endpoint Plan 2. For more information, see Configure automatic attack disruption capabilities.
• Threat analytics also requires Defender for Endpoint Plan 2. For more information, see Threat analytics in Microsoft Defender XDR.

1. Turn on Microsoft Defender XDR

Onboarding to Microsoft Defender XDR is simple. From the navigation menu, select any item, such as Incidents & alerts, Hunting, Action center, or Threat analytics to initiate the onboarding process.

XDR Settings

Data Center Location