Zero Trust with Microsoft Defender XDR

Applies to:

  • Microsoft Defender XDR

Microsoft Defender XDR contributes to a strong Zero Trust strategy and architecture by providing extended detection and response (XDR). Microsoft Defender XDR works together with other Microsoft XDR tools and services and can be integrated with Microsoft Sentinel as a security information and event management (SIEM) source for a complete XDR/SIEM solution.

Microsoft Defender XDR is an XDR solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoints, email, applications, and identities.

Diagram that shows the Microsoft Defender XDR in the Zero Trust architecture.

In the illustration: Microsoft Defender XDR provides XDR capabilities for protecting:

  • Endpoints, including laptops and mobile devices
  • Data in Office 365, including email
  • Cloud apps, including other SaaS apps that your organization uses
  • On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers

Microsoft Defender XDR helps you apply the principles of Zero Trust in the following ways:

Zero Trust principle Met by
Verify explicitly Microsoft Defender XDR provides XDR across users, identities, devices, apps, and emails.
Use least privileged access If used with Microsoft Entra ID Protection, Microsoft Defender XDR blocks users based on the level of risk posed by an identity. Microsoft Entra ID Protection is licensed separately from Microsoft Defender XDR and is included with Microsoft Entra ID P2.
Assume breach Microsoft Defender XDR continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints.

To add Microsoft Defender XDR to your Zero Trust strategy and architecture, go to Pilot and deploy Microsoft Defender XDR for a methodical guide to piloting and deploying Microsoft Defender XDR components. The following table summarizes what these topics include.

Includes Prerequisites Doesn't include
Set up the evaluation and pilot environment for all components:
  • Defender for Identity
  • Defender for Office 365
  • Defender for Endpoint
  • Microsoft Defender for Cloud Apps

Protect against threats

Investigate and respond to threats
See the guidance for the architecture requirements for each component of Microsoft Defender XDR. Microsoft Entra ID Protection isn't included in this solution guide. It's included in Step 1. Configure Zero Trust identity and device access protection.

Next steps

Learn more about Zero Trust for Microsoft Defender XDR services:

Learn more about other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture with the Zero Trust deployment plan with Microsoft 365.

Learn more about Zero Trust and how to build an enterprise-scale strategy and architecture with the Zero Trust Guidance Center.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.