Microsoft Defender XDR On-Premise or IaaS/Paas Infrastructure (Azure/AWS/GCP)

User Win 10 Win Server 2016 Win Server 2019 Win 2008/2012 R2 MacOS Linux Servers iOS Android

Microsoft 365 Defender : Unified Defense Suite connecting via Endpoint Detection & Response (EDR) Public Preview
Threat & Vulnerability Management (TVM)
VPN Defender Anti-Virus
Real-time Protection
Cloud Delivered Protection
Network Protection

Defender for O365 Defender for Identity

Smart Screen Protection
Potential Unwanted App Protection

Microsoft Security Center (https://security.microsoft.com)

Exploit Protection
Attack Surface Reduction (ASR)

Safe Windows Defender Application Guard

Threat Trackers Web Protection
Attachments Reconnaissance phase alerts Controlled Folder Access

Cross-product single pane of glass Archive Bomb

VPN Solutions Custom Indicators for Files

Safe Links Threat Explorer Compromised credential phase alerts Custom Indicators for Ips & URLs/Domains
Custom Indicators for Certificates

User activity & abnormal

Devices At ASR Device Malwares Priviledged Lateral movement phase alerts VPN connections sent
Defender for Endpoint: OS Supportability Matrix
User at risk Incidents
Risk Detection Compliance Detected OAuth apps
to Defender for Identity sensors

Anti Phishing Reports Manually install ATP Sensors

Domain dominance phase alerts standalone server (optional) Forwarding event
Native ITSM Integration
ETW log entries not supported logs to proxy server

Anti Malware Real-Time Combined incidents queue: Full attack scope, impacted assets and actions in a single Incident Exfiltration phase alerts Manually install ATP Sensors
Standalone Server Group policy
Protection Detections on the domain controllers managed
Auto assignment of
security trainings Users Automatic response to threats: Automatically stop progression of Threats • Identity Security Posture Assessment
ATP for SP,ODFB • Detect suspicious activities on the network
AIR
& Teams • User investigation priority score Domain Controller Win 10 & Windows Server
Cross-Product Threat Hunting: Across Alerts, Apps & Identities, Email & Devices
Manually export group policy objects
EDR
Secure Score: Track and improve your overall Security Posture using Microsoft Secure Score
Defender for Cloud Apps Defender for Endpoint Integration

Onboarding, configuration Onboarding, configuration

Zscaler integration with CASB to enhance and remediation and remediation
the cloud discovery experience Multi-Cloud CSPM Attack Incidents & Actions Endpoint Detection & Response (EDR)
Policies Reports Permissions Manually export onboarding files
Simulator Alerts Center ConfigMgr
Sanctioned & Unsanctioned Apps
Threat & Vulnerability Management (TVM)

Discover & manage Shadow IT apps Microsoft 365 Defender APIs

Next Generation Protection (NGP)
Data Loss Prevention across all cloud apps Integration with Cloud App Security
Microsoft Onboarding configuration Co-managed
ConfigMgr
Managed
Cloud Apps threat and anomalies Attack Surface Reduction (ASR) Intune and remediation
protection Azure AD Identity Protection (P2 )
OAuth Apps Auto Investigation & Remediation (AIR) Intune connection Win 10 & Windows Server Win 10 & Windows Server
AWS & GCP integration with CASB Azure AD Threat Intelligence for onboarding and
risk assessment
• Audit Logs
• Security Posture Defender for Endpoint onboarded devices
Microsoft Threat Experts
• Conditional Access Atypical Travel Anonymous IP address
Internet
EDR

Connect Power
Reports Onboarding configuration
Apps Automate
Data and remediation
Unfamiliar Sign-in Properties Malware linked IP address Device
Export/
Concur Inventory Onboarding configuration Local Script
SIEM and remediation JAMF Pro
Box Local Script
Slack Github Docusign Log
Cloud
SIEM Leaked Credentials Password spray
Dropbox Workday Collector
Discovery
Connector Power Intune macOS
Salesforce Report Reporting Managed
Okta Automate
Servicenow Tableau Jira HighQ
Workvira Office 365 Egnyte Local Script
G-Suite Ansible
Cornerstone On demand Workplace by Facebook Integration with Defender Win 10, Android, IOS, & Puppet
Integration with Microsoft Defender for Cloud Apps for posture management
for Endpoint (EDR) macOS
CASB as proxy for 3rd Party Apps IT Administrator
Linux Server
Microsoft Defender for Cloud (Previously Azure Security Center) Isolate Device ios/Android
Local Script
Restrict App Execution
Cloud Security Posture Management Cloud Workload Protection Platform SQL Auto
Email Security Alert Workflow Run Antivirus Scan
Vulnerability Provision
Notification Map Automation
Secure Score & Assessment VMs Azure Network Layer
Recommendations Servers Collect Investigation Package
Defender AV and ATP for
Windows and Linux VMs Storage Azure Resource Manager
Continuous Live Response Session
CIS 1.1.0, PCI DSS, ISO Network
IOT Security
ASC GitHhub Threat Log Analytics
27001, SOC TSP…. EPP & EDR Map Community Detection Export
App Service Azure Cosmos DB Windows/Linux VM Arc
Secure Score Automated Investigation
Security Baseline enabled (AWS,GCP or On-
Custom Security Baseline Adaptive Application Control SQL Prem)
File Integrity Monitoring Container Azure Web URL Filtering Azure WAF
Advanced
Image Resource Cloud
Advanced VM Defense IOT Insights Threat Event Hub
Scanning Graph Connectors
Asset Inventory (Azure, AWS, GCP, On-Prem) Protection Azure DDoS Protection
(Qualys) Explorer Device Actions
Advance Threat Protection for Kubernetes
Azure IaaS, PaaS services Export to Azure MariaDB (Resource Level)
Container Registries
Vulnerability scan for VMs Download PowerBI Secure Score Event Hub/Log Analytics Workspace
Regulatory & Vulnerability Vulnerability Rest API Alerts Azure MySQL/Postgre SQL
& Containers with native Just In Time VM Access Reports Reports API
Compliance Assessment Assessment Threat Protection: Key Vault Storage Account (Resource Level)
Qualys integration Adaptive Network Hardening Azure Windows/Linux VM
Shadow IT Discovery IaaS/Paas
Azure Defender Supports ASC Advanced Threat Protection
for Azure Services

Microsoft Security Graph API Export to

Event Hub/Storage Account

Kloudsecure – Platform (powered by Kloudynet) Azure Sentinel – SOC-IN-A-BOX

Automate & Orchestrate
Collect Analyze & Detect Threats SOC in a Box Pre-Defined Content Packages for Rapid Deployment
CISO Dashboard Response Data Advanced
Connectors Hunting

Single Pane of Glass View security incidents M365 Suite Infrastructure

Multi-Cloud Security Secure Score visibility Azure Services
Posture visibility
across clouds and from Security Center and
from Azure & AWS (E3 / E5) Servers
products Azure Sentinel Workbooks
Apps,Users, MITRE
Microsoft Services Machine Learning, Playbooks (Microsoft)
Infrastructure • Azure AD • Windows Security
Third Party SIEMs and other platforms UEBA Connectors • Azure Activity
• Office Activity Events
• Azure Security Center • Syslog
Product Features Security Features Configure data sources • AADIP
Entity
Analyze & Detect Threats Integrate • … • … Notebooks
• … Behavior
(Jupyter)
Deployed on any NGINX (UEBA)
Seamless integration Deployed in RBAC using HTTPS with • RDP nesting
cloud environment * Load Balancer
Analytics • Malicious inbox rule • Suspicious number of
with other customer customer OAUTH 2.0
supporting docker Azure AD * WAF
resource creation
• Security event log
containers
products environment * API Gateway
Configure detection rules
• Rare app consent cleared
• … Analytics Threat
• … • … Rules Intelligence
PowerBI Dashboards Rest API Public Clouds Security Solutions Interactive Attack Visualization, Service Now Other Tools Community
Azure Notebooks • Signin Logs and Audit • Azure Activity • Security Alerts
Workbooks
Logs • ASC compliance and • Insecure
Enrichment with Intelligence (Geo location, IP Reputation) Create visualization and Incident
Integrations • Office 365 protection Protocols Watchlist
reports Management
• … • … • …
Microsoft Azure Defender Playbooks
PowerBI Connector AWS ASC/ Intune O365 M365 • Email Notification • Email Notification • Email Notification
Security Resource for
Security Azure ware- Manage Defender CASB API Create automation using
Hub
Graph Manage
Defender
Endpoints
house ment API API • Teams Notification • Teams Notification • Teams Notification Community Playbooks
API ment API Data Ingestion Data Repository Data Search logic apps • ... • ... • ...
Azure Monitor (Log Analytics)
Roadmap integrations

Integrations for advanced

24/7 Security Operations Support
intelligence
Integrations with other
- VirusTotal
security products
- MISP
- ...