Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
Important
Some information relates to prereleased product that may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft Threat Intelligence is fully integrated into the Microsoft Defender portal, delivering threat intelligence directly within investigation workflows. Microsoft Threat Intelligence helps streamline security analyst triage, incident response, threat hunting, and vulnerability management by surfacing critical threat information where analysts need it most.
Important
The legacy standalone Microsoft Threat Intelligence portal and the Intel Explorer experience will be retired on August 1, 2026. All Microsoft Threat Intelligence capabilities are now available in the Microsoft Defender portal. Read the Microsoft Threat Intelligence convergence announcement.
Threat intelligence experiences in the Defender portal
Microsoft Threat Intelligence capabilities are available through two primary experiences in the Microsoft Defender portal:
Entity enrichments (Preview)
Entity pages for IP addresses, domains, URLs, and files are enriched with Microsoft Threat Intelligence data through the Threat Intelligence Insights tab. These enrichments surface reputation data, attributed threat reports, sandbox analysis results, and infrastructure relationship data directly in the entity page, enabling in-context investigation without switching tools.
For more information, see View threat intelligence in entity pages.
Intelligence explorer
The Intelligence explorer provides access to the full Microsoft Threat Intelligence research experience, including:
- Intel profiles — Curated content organized by threat actors, their tools, and known vulnerabilities.
- Intel explorer — Search and investigate threat intelligence artifacts, indicators of compromise (IOCs), and related analyses.
Access the Intelligence explorer from the Threat intelligence navigation menu in the Defender portal.
Threat analytics
Threat analytics is the in-product threat intelligence solution from expert Microsoft security researchers. Threat analytics reports help security teams track active threat actors and campaigns, understand popular and new attack techniques, and assess critical vulnerabilities. Each report provides analysis of tracked threats, guidance on defenses, and data from your network indicating whether the threat is active in your environment.
For more information, see Threat analytics in Microsoft Defender XDR.
Get started
Publicly available Microsoft Threat Intelligence data—including entity enrichments on entity pages—is accessible to all Microsoft Defender XDR customers at no extra cost.
To access threat intelligence in the Microsoft Defender portal:
- Go to the Microsoft Defender portal and sign in.
- Use the Threat intelligence navigation menu to access Intelligence explorer and Intel profiles.
- Investigate entities enriched with threat intelligence by selecting IP addresses, domains, URLs, or files from incidents, alerts, or search results.
Related content
- View threat intelligence in entity pages
- Threat analytics in Microsoft Defender XDR
- IP address entity page
- What is Microsoft Threat Intelligence?
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.