Microsoft Defender XDR is a unified experience where you can monitor and manage security across your enterprise. With the integrated alerts across identities, endpoints, data, apps, email, and collaboration tools - investigating and responding to threats now happen in a central location.
Watch this short video to learn how Microsoft Defender XDR helps to prevent, detect, investigate, and remediate threats across Microsoft 365.
Whether you're new to the Microsoft suite of security products or familiar with individual workflows, this topic will guide you in the simple steps you need to take to get started with Microsoft Defender XDR.
In general, you'll need to take the following steps to get started:
Step 1: Turn on Microsoft Defender XDR
You'll first need to turn on the service by making sure you have the right license in place and roles are assigned so that you can access the portal.
You'll then go through some simple settings and then you can confirm that the service is on.
Step 2: Deploy supported services
After completing the initial steps, you'll need to deploy the supported services that come with Microsoft Defender XDR. Deploying services effectively increases your visibility in the signals from assets across your network.
Key capabilities
Turning on Microsoft Defender XDR and deploying services will give you access to the following key capabilities:
Capability
Description
Microsoft Defender for Endpoint
Endpoint protection suite built around powerful behavioral sensors, cloud analytics, and threat intelligence
Microsoft Defender for Office 365
Advanced protection for your apps and data in Office 365, including email and other collaboration tools
Microsoft Defender for Identity
Defend against advanced threats, compromised identities, and malicious insiders using correlated Active Directory signals
Microsoft Defender for Cloud Apps
Identify and combat cyberthreats across your Microsoft and third-party cloud services
Understand what Microsoft Defender XDR is and how it can help to improve your security posture by empowering your Security Operations Center (SOC) or security teams with the tools they need to identify, control, and remediate security threats.