Defender XDR — Solving Microsoft 365

Microsoft Defender XDR (Extended Detection and Response) is the unified portal at security.microsoft.com that correlates signals from across the Microsoft Defender family — Defender for Office 365 (email), Defender for Endpoint (devices), Defender for Identity (AD/Entra), Defender for Cloud Apps (SaaS), and Defender for Cloud (Azure workloads) — into single incidents. Provides advanced hunting in KQL, automated investigation and response (AIR), automated attack disruption, threat analytics, and Microsoft Sentinel integration. Formerly called Microsoft 365 Defender before the 2023 rebrand. The unified surface where the SOC works across Microsoft security products.