![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 71%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Microsoft 365 Defender | Other | Windows
An integrated threat protection solution designed to detect, investigate, and respond to cyber threats across Microsoft 365 services.
The available information only describes individual Defender and Purview capabilities, not a specific “Defender & Purview bolt-on” SKU or add-on package. From the context, the relevant integrated functionality between Microsoft Defender and Microsoft Purview includes:
- Unified security operations and XDR
- Microsoft Defender XDR provides cross-product threat detection, investigation, and hunting across Defender for Endpoint, Office 365, Identity, Cloud Apps, and Defender for Cloud. New capabilities are regularly added, such as:
- Microsoft Security Copilot agents for dynamic threat detection, threat intelligence briefings, and natural-language threat hunting in Defender. These enhance SOC workflows by uncovering hidden threats, generating threat intel briefings, and allowing natural language hunting across Defender and Microsoft Sentinel data.
- New advanced hunting schema tables (for example,
CampaignInfoandFileMaliciousContentInfo) and the hunting graph to visualize and explore threats.
- Defender for Endpoint enhancements
- Defender for Endpoint adds endpoint-focused capabilities that can be part of a broader security stack:
- Predictive shielding response actions like GPO hardening and Safeboot hardening, which proactively reduce attack surface.
- Custom data collection to extend telemetry for threat hunting and monitoring.
- A Defender deployment tool for streamlined onboarding of Windows and Linux devices.
- Purview data security and compliance capabilities
- Microsoft Purview provides data governance, protection, and insider risk capabilities that can surface into Defender:
- Information Barriers to prevent specific users or groups from communicating or discovering each other, supporting regulatory and internal separation-of-duties scenarios.
- Information Protection integration with SharePoint Online, where sensitivity labels on document libraries automatically protect downloaded files and keep access aligned with SharePoint permissions.
- A unified Purview portal with solution cards and related portals (including Microsoft Defender) to manage data governance, risk, and security solutions in one place.
- Data flows between Purview Data Map and Defender for Cloud Apps, enabling visibility into SaaS usage and data assets for governance and protection.
- Insider risk integration with Defender XDR
- Microsoft Purview Insider Risk Management can share user risk details and alert severity with Microsoft Defender XDR:
- When “Share user risk details with other security solutions” is enabled in Purview Insider Risk Management, authorized analysts in the Defender portal can investigate insider risk alerts and see user risk details on user entity pages.
- This creates a combined view of insider risk signals (from Purview) and threat/endpoint/email/identity signals (from Defender XDR).
- Defender Threat Intelligence convergence
- Microsoft Defender Threat Intelligence (Defender TI) is being discontinued and merged into Microsoft Defender and Microsoft Sentinel for a unified experience:
- Defender TI aggregates and enriches threat infrastructure data (DNS, WHOIS, malware, SSL certificates, actor profiles, vulnerabilities) to streamline triage, hunting, and incident response.
- As it converges into Defender XDR and Sentinel, these enriched threat intelligence capabilities become part of the unified security operations experience.
In practice, the “bolt-on” effect comes from:
- Defender XDR unifying threat detection, hunting, and response across Defender products and Sentinel.
- Purview providing data security, governance, and insider risk signals that can be surfaced and investigated in Defender.
- Shared data flows and portals (Purview portal and Defender portal) that let security and compliance teams work across both stacks.
References:
- What's new in Microsoft Defender XDR
- New features in Microsoft Defender for Endpoint
- What is Microsoft Defender Threat Intelligence (Defender TI)?
- Learn about the new Microsoft Purview portal
- How data flows in Microsoft Purview
- Microsoft Purview service description
- Investigate insider risk threats in the Microsoft Defender portal