Overview of Microsoft Defender

Sometimes I feel a bit lost when it comes to Microsoft Defender. Maybe there are others like me out there too. So, thought to put together an overview of Microsoft Defender products by using available Microsoft documentations on the web.

Microsoft Defender Products

Microsoft Defender for Cloud

Microsoft Defender for Cloud is Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for Azure, on-premises, and multi-cloud resources.

Microsoft Defender for Servers: Microsoft Defender for Servers protects Windows and Linux machines running on Azure, AWS, GCP and on-premises. It integrates with Defender for Endpoint to provide endpoint detection and response (EDR) and various other threat protection features.

Microsoft Defender for Storage: Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit storage accounts (Blob, Files). It uses advanced threat detection capabilities and Microsoft Threat Intelligence data to provide contextual security alerts.

Microsoft Defender for SQL: Discovers and mitigates potential database vulnerabilities and provides advanced threat protection to protect SQL servers from threats such as SQL injection, brute-force attacks, and privilege abuse.

Microsoft Defender for Containers: Cloud-native solution to improve, monitor, and maintain the security of AKS clusters, containers, and their applications.

Microsoft Defender for App Service: Defender for Cloud is natively integrated with App Service provided that it is hosted on a supported App Service Plan and Defender for Cloud’s enhanced protections is enabled on the subscription. Optionally individual Microsoft Defender plans, like Microsoft Defender for App Service can be enabled as well.

Microsoft Defender for Key Vault: Provides advanced threat protection for Azure Key Vault by providing additional layer of security intelligence.

Microsoft Defender for DNS: Provides an additional layer of protection for resources that use Azure DNS’s Azure-provided name resolution capability.

Microsoft Defender for Resource Manager: Monitors the resource management operations in your organization, whether they’re performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients.

Microsoft Defender for open-source relational databases: Provides threat protections for Azure Database for PostgreSQL, MySQL and MariaDB.

Microsoft 365 Defender

Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Microsoft Defender for Endpoint: Enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Microsoft Defender for Office 365: Protects organizations from malicious threats posed by email messages, links (URLs), and collaboration tools.

Microsoft Defender for Identity: Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions.

Microsoft Defender for Cloud Apps: Microsoft Defender for Cloud Apps (previously known as Microsoft Cloud App Security) is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.

Microsoft 365 Defender for Businesses: It is an endpoint security solution, designed especially for the small- and medium-sized business (up to 300 employees).

Microsoft Defender Vulnerability Management: Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices.

Microsoft Defender capabilities in Windows

Microsoft Defender Antivirus: Microsoft Defender Antivirus is available in Windows 10 and Windows 11, and in versions of Windows Server. It is a major component of the next-generation protection in Microsoft Defender for Endpoint.

Windows Defender Firewall: Windows Defender Firewall is a stateful host firewall that helps secure the devices.

Windows Defender Application Control: Mitigates security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel).

Microsoft Defender Application Guard: Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. It allows to define domains and network ranges that host trusted applications, files and websites. Any resource that is not trusted is opened in an isolated Hyper-v container or sandbox. Application Guard is not supported for VDI deployment.

Microsoft Defender Smartscreen: Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files on Windows clients.

Microsoft Defender for IoT

Microsoft Defender for IoT for end-user organizations: Microsoft Defender for IoT is a unified security solution built specifically to identify IoT and OT devices, vulnerabilities, and threats. Defender for IoT provides agentless, network layer monitoring, and integrates with both industrial equipment and security operation center (SOC) tools.

Microsoft Defender for IoT for device builders: Microsoft Defender for IoT provides lightweight security agents so that security can be directly built into the new IoT/OT initiatives. The micro agent provides endpoint visibility into security posture management and threat detection, and integrates with other Microsoft tools for unified security management.

Microsoft Defender Threat Intelligence

Microsoft Defender Threat Intelligence is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering threat intelligence.

Thanks for reading, give it a 👏 if you like it. Please leave a comment and let me know if you have any feedback.