Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
- Microsoft Defender XDR
Microsoft Defender XDR contributes to a strong Zero Trust strategy and architecture by providing extended detection and response (XDR). Microsoft Defender XDR works together with other Microsoft XDR tools and services and can be integrated with Microsoft Sentinel as a security information and event management (SIEM) source for a complete XDR/SIEM solution.
Microsoft Defender XDR is an XDR solution that automatically collects, correlates, and analyzes signal, threat, and alert data from across your Microsoft 365 environment, including endpoints, email, applications, and identities.
In the illustration: Microsoft Defender provides XDR capabilities for protecting:
- Endpoints, including laptops and mobile devices
- Data in Office 365, including email
- Cloud apps, including other SaaS apps that your organization uses
- On-premises Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS) servers
Microsoft Defender helps you apply the principles of Zero Trust in the following ways:
| Zero Trust principle | Met by |
|---|---|
| Verify explicitly | Microsoft Defender provides XDR across users, identities, devices, apps, and emails. |
| Use least privileged access | If used with Microsoft Entra ID Protection, Microsoft Defender blocks users based on the level of risk posed by an identity. Microsoft Entra ID Protection is licensed separately from Microsoft Defender and is included with Microsoft Entra ID P2. |
| Assume breach | Microsoft Defender continuously scans the environment for threats and vulnerabilities. It can implement automated remediation tasks, including automated investigations and isolating endpoints. |
To add Microsoft Defender to your Zero Trust strategy and architecture, go to Pilot and deploy Microsoft Defender for a methodical guide to piloting and deploying Microsoft Defender components. The following table summarizes what these topics include.
| Includes | Prerequisites | Doesn't include |
|---|---|---|
Set up the evaluation and pilot environment for all components:
Protect against threats Investigate and respond to threats |
See the guidance for the architecture requirements for each component of Microsoft Defender. | Microsoft Entra ID Protection isn't included in this solution guide. It's included in Step 1. Configure Zero Trust identity and device access protection. |
Next steps
Learn more about Zero Trust for Microsoft Defender services:
Learn more about other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture with the Zero Trust deployment plan with Microsoft 365.
Learn more about Zero Trust and how to build an enterprise-scale strategy and architecture with the Zero Trust Guidance Center.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.