- Integrate with other Microsoft solutions
- Microsoft 365 Defender
Integrate with other Microsoft solutions
Microsoft Defender for Endpoint directly integrates with various Microsoft solutions.
Microsoft Defender for Cloud
Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
The Microsoft Defender for Endpoint connector lets you stream alerts from Microsoft Defender for Endpoint into Microsoft Sentinel. This will enable you to more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.
Azure Information Protection
We recently deprecated the Azure Information Protection integration as our Endpoint DLP capabilities incorporate an improved discovery and protection solution for sensitive data stored on endpoint devices that facilitates greater visibility and integration between solutions. This was announced in the following blog. We recommend that customers move to using Endpoint DLP.
Microsoft Defender for Endpoint’s dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources.
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps leverages Microsoft Defender for Endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored devices.
Microsoft Defender for Identity
Suspicious activities are processes running under a user context. The integration between Microsoft Defender for Endpoint and Microsoft Defender for Identity provides the flexibility of conducting cyber security investigation across activities and identities.
Microsoft Defender for Office
Defender for Office 365 helps protect your organization from malware in email messages or files through Safe Links, Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Microsoft Defender for Office 365 and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
Defender for Office 365 data is displayed for events within the last 30 days. For alerts, Defender for Office 365 data is displayed based on first activity time. After that, the data is no longer available in Defender for Office 365.
Skype for Business
The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal.
Microsoft 365 Defender
With Microsoft 365 Defender, Microsoft Defender for Endpoint, and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.