Microsoft Defender as a security soluition has evolved significantly in recent years, not only as a product, but also as an ideology for keeping your environment secure. You probably remember past iterations of Defender that were met with mixed reviews. Products like Defender ATA, Defender ATP, and Defender AIP were used independently in the past.

Now Microsoft Defender products are consolidated and fully integrated. New and existing components are merged to form a more comprehensive suite of security products.


Why Defender had to Evolve

The initial concept behind Microsoft Defender was intended to mitigate the security threats of the time. But, to be blunt, cybersecurity has become much more complicated since the start of the pandemic. Security products of the 2000’s- 2010 era were focused on mitigating malware, as malware was the dominant threat during that time. When the early 2010’s arrived, malware was supplanted by the rise of email phishing campaigns.

In more recent times, while malware and phishing attacks still exist, newer and more sophisticated breach attempts are on the rise. In recent years the rise of smartphone use has increased “Smishing attacks” as an attack vector. Smishing presents users with a malicious link in a text message sent by imposters. This is a growing challenge as traditional endpoint security didn’t consider smartphones. Additionally, advanced hacking techniques and fileless attacks have become a recurrent present-day threat, leading to a drastic increase in Ransomware attacks.

As cybercriminals continue to become increasingly crafty and sophisticated, Microsoft has engineered Defender to meet modern challenges in a scalable capacity. The product appears to be fluid and more than capable to evolve to meet cybercriminals head-on while dissuading their attempts to attack your network. 


The Defender Umbrella

Since the Defender product has progressed to a more comprehensive line of security, the product name has matured in tandem. What used to be known as Windows Defender was aptly renamed Microsoft Defender in 2020. With that, products such as Microsoft Threat Protection, Defender ATP, Azure Security Center and others have rolled up under the Microsoft Defender umbrella brand.


The Four Components of the Modern Microsoft Defender



Microsoft Defender for Endpoint program acts as an agent on that goes on end-users’ physical machines. Defender for Endpoints works in conjunction with Microsoft Defender Antivirus to secure endpoints (this is the primary use case) or couples with a limited number of 3rd party antivirus platforms such as Bitdefender Antivirus Plus, Kaspersky Anti-Virus, and Webroot SecureAnywhere AntiVirus. The Anti-virus agent in Defender for Endpoints leverages the same pattern match regardless of AV software of your choosing.

With the Defender P2 plan (included with Microsoft 365 E5, or Microsoft Business Premium), Defender for Endpoints adds behavioral analytics, heuristics, and Machine Learning algorithms to look for abnormal behavior on machines and alerts admins upon discovery.

The advancement in behavioral analysis is thanks to the product’s Endpoint Detection and Response (EDR) feature. P2 includes EDR, which runs agentless and leverages Automated Investigation and Response (AutoIR) to automatically halt attacks as they are detected – without the need for expensive manual monitoring.

Defender for Endpoints also hardens your system and environment through their Attack Surface Reduction rules, which deter malware and other threats. Finally, Advanced Threat Hunting allows researchers and security administrators to work backward in time to the source of an attack – you can find “patient zero.”



This component of the Microsoft Defender Umbrella is used for email protection. Defender for Office 365 substantiates an advanced level of threat mitigation through:

·        Anti-Spoofing

·        Anti-Spam

·        Anti-Phishing

·        Anti-Malware

·        Safe links

·        Safe attachments

·        Safe Files

The features of this product scale with the license. P1 plans include detection but exclude AutoIR capabilities and advanced threat hunting. With a P2 license, all features are included. Users with Microsoft 365 E5 or Microsoft 365 Business Premium licenses have P2 licenses included.



Formerly known as Azure Advanced Threat Protection (Azure ATP), Defender for Identity extends Azure AD’s Zero Trust capabilities to on-premises Domain Controllers. With this identity protection component, your on-premises Active Directory accounts are protected by behavioral-based security features.

Defender for Identity is meant to detect advanced hacking attempts in a hybrid environment. The component will allow admins to streamline their protection of identities, identify suspicious user-behavior and provide incident behavior reports with mitigation suggestions.

This service ‘wakes up’ over a two-to-three-week period after installation, then will provide alerts and automated remediation



There is no denying that SaaS cloud services have been on the rise in recent years. SaaS apps often have connectivity to business data, and represent a breach risk. In other words, if your third-party SaaS vendor is hacked, your data lake may be compromised.

The Defender for Cloud Apps component works to ensure that your tenant data is kept safe regardless of your SaaS partners’ security. It does so by using a CASB (a Cloud access security broker) which sits in between the SaaS application and your tenant’s data. The CASB works to monitor your SaaS usage for abnormal behavior. It keeps a close eye on data exfiltration to ensure remote devices are not leaking data to unknown sources.


Defender of the Future

The comprehensive Microsoft Defender program can surely be leveraged to save your company the hassle and expense of a breach. It is truly a state-of-the-art system that embraces the Zero Trust philosophy as the ultimate line of defense against cybercriminals.

But perhaps most important of all, is Microsoft Defender’s willingness to accept that attacks will evolve. Microsoft are developing new products under the Defender Umbrella to address future trends in cybercrime.

On the horizon, are components like Defender for IOT-XDR, which provides extended detection in response for non-traditional devices -and- Defender for Vulnerability, which is still in the works, but is intended to provide improved and extensive vulnerability scanning.

An investment in Defender now could be the difference between your company going through a costly attack or stopping a cybercriminal in their tracks. We recommend taking the path of least resistance.



Contact us to learn more about Microsoft Defender!