Deploy supported services
Want to experience Microsoft Defender XDR? Learn more about how you can evaluate and pilot Microsoft Defender XDR.
- Microsoft Defender XDR
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft Defender XDR integrates various Microsoft security services to provide centralized detection, prevention, and investigation capabilities against sophisticated attacks. This article describes the supported services, their licensing requirements, the advantages and limitations associated with deploying one or more services, and links to how you can fully deploy them individually.
A Microsoft 365 E5, E5 Security, A5, or A5 Security license or a valid combination of licenses provides access to the following supported services and entitles you to use Microsoft Defender XDR. See licensing requirements
|Microsoft Defender for Endpoint||Endpoint protection suite built around powerful behavioral sensors, cloud analytics, and threat intelligence|
|Microsoft Defender for Office 365||Advanced protection for your apps and data in Office 365, including email and other collaboration tools|
|Microsoft Defender for Identity||Defend against advanced threats, compromised identities, and malicious insiders using correlated Active Directory signals|
|Microsoft Defender for Cloud Apps||Identify and combat cyberthreats across your Microsoft and third-party cloud services|
Deployed services and functionality
Microsoft Defender XDR provides better visibility, correlation, and remediation as you deploy more supported services.
Benefits of full deployment
To get the complete benefits of Microsoft Defender XDR, we recommend deploying all supported services. Here are some of the key benefits of full deployment:
- Incidents are identified and correlated based on alerts and event signals from all available sensors and service-specific analysis capabilities
- Automated investigation and remediation (AIR) playbooks apply across various entity types, including devices, mailboxes, and user accounts
- A more comprehensive advanced hunting schema can be queried for event and entity data from devices, mailboxes, and other entities
Limited deployment scenarios
Each supported service that you deploy provides an extremely rich set of raw signals as well as correlated information. While limited deployment doesn't cause Microsoft Defender XDR functionality to turn off, its ability to provide comprehensive visibility across your endpoints, apps, data, and identities is affected. At the same time, any remediation capabilities only apply to entities that can be managed by the services you've deployed.
The table below lists how each supported service provides additional data, opportunities to obtain additional insight by correlating the data, and better remediation and response capabilities.
|Service||Data (signals & correlated info)||Remediation & response scope|
|Microsoft Defender for Endpoint||
|Microsoft Defender for Office 365||
|Microsoft Defender for Identity||
|Microsoft Defender for Cloud Apps||
Deploy the services
Deploying each service typically requires provisioning to your tenant and some initial configuration. See the following table to understand how each of these services is deployed.
|Service||Provisioning instructions||Initial configuration|
|Microsoft Defender for Endpoint||Microsoft Defender for Endpoint deployment guide||See provisioning instructions|
|Microsoft Defender for Office 365||None, provisioned with Office 365||Configure Microsoft Defender for Office 365 policies|
|Microsoft Defender for Identity||Quickstart: Create your Microsoft Defender for Identity instance||See provisioning instructions|
|Microsoft Defender for Cloud Apps||None||Quickstart: Get started with Microsoft Defender for Cloud Apps|
Once you've deployed the supported services, turn on Microsoft Defender XDR.
- Microsoft Defender XDR overview
- Turn on Microsoft Defender XDR
- Setup guides for Microsoft Defender XDR
- Microsoft Defender for Endpoint overview
- Microsoft Defender for Office 365 overview
- Microsoft Defender for Cloud Apps overview
- Microsoft Defender for Identity overview
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.