Zero Trust with Microsoft 365 Defender
Note
Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.
Applies to:
- Microsoft 365 Defender
Microsoft 365 Defender contributes to a strong Zero Trust strategy and architecture by providing extended detection and response (XDR). Microsoft 365 Defender works together with other Microsoft XDR tools and services and can be integrated with Microsoft Sentinel as a security information and event management (SIEM) source for a complete XDR/SIEM solution.
Microsoft 365 Defender is an XDR solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoint, email, applications, and identities.
In the illustration: Microsoft 365 Defender provides XDR capabilities for protecting:
- Endpoints, including laptops and mobile devices
- Data in Office 365, including email
- Cloud apps, including other SaaS apps that your organization uses
- On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers
Microsoft 365 Defender helps you apply the principles of Zero Trust in the following ways:
| Zero Trust principle | Met by |
|---|---|
| Verify explicitly | Microsoft 365 Defender provides XDR across users, identities, devices, apps, and emails. |
| Use least privileged access | If used with Azure Active Directory (Azure AD) Identity Protection, Microsoft 365 Defender blocks users based on the level of risk posed by an identity. Azure AD Identity Protection is licensed separately from Microsoft 365 Defender and is included with Azure AD Premium P2. |
| Assume breach | Microsoft 365 Defender continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints. |
To add Microsoft 365 Defender to your Zero Trust strategy and architecture, go to Evaluate and pilot Microsoft 365 Defender for a methodical guide to piloting and deploying Microsoft 365 Defender components. The following table summarizes what these topics include.
| Includes | Prerequisites | Doesn't include |
|---|---|---|
Set up the evaluation and pilot environment for all components:
Protect against threats Investigate and respond to threats |
See the guidance for the architecture requirements for each component of Microsoft 365 Defender. | Azure AD Identity Protection is not included in this solution guide. It is included in Step 1. Configure Zero Trust identity and device access protection. |
Next steps
Learn more about Zero Trust for Microsoft 365 Defender services:
Learn more about other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture with the Zero Trust deployment plan with Microsoft 365.
Learn more about Zero Trust and how to build an enterprise-scale strategy and architecture with the Zero Trust Guidance Center.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft 365 Defender Tech Community.
Feedback
Submit and view feedback for