Browse all topics
All guidesGlossary
Microsoft Defender (Security)

Microsoft 365 security and compliance

A practical tour of the Microsoft 365 security and compliance stack — Defender, Purview, Entra, and how they fit together.

Microsoft 365 ships with a deep security and compliance stack. The names change often and the portals shift around, but the core split is steady: Microsoft Defender protects against threats, Microsoft Purview governs data, and Microsoft Entra controls identity. Nothing in this stack is one-size-fits-all — what you actually get depends on your licence tier.

Microsoft Defender

Defender is the family of threat-protection products:

  • Defender for Office 365 — safer links and attachments, anti-phishing, attack simulation training.
  • Defender for Endpoint — EDR for Windows, macOS, Linux, iOS, and Android.
  • Defender for Identity — detection of identity-based attacks against Active Directory and Entra ID.
  • Defender for Cloud Apps — CASB capabilities for SaaS apps.
  • Microsoft Defender XDR — the unified portal that correlates signals across all of the above.

Microsoft Purview

Purview is the family of compliance and data-governance products:

  • Information protection — sensitivity labels, encryption, and data classification.
  • Data loss prevention (DLP) — policies that block or warn when sensitive data is shared improperly.
  • Retention and records management — keep what you must, delete what you should.
  • eDiscovery and audit — find content for legal cases and investigations.
  • Insider risk management — detect risky user behaviour.
  • Communication compliance — review chats and emails against policy.

Microsoft Entra

Entra is the identity stack:

  • Entra ID for users, groups, and SSO.
  • Conditional Access to enforce MFA and device compliance.
  • Identity Protection for risky sign-in detection.
  • Privileged Identity Management for time-bound admin access.

How licences gate features

A lot of this stack lives behind Microsoft 365 E5 or its standalone add-ons (Defender for Office 365 Plan 1/2, Entra ID P1/P2, Purview eDiscovery Premium). Business Premium gives a meaningful subset for SMBs. If a feature you read about doesn't appear in your tenant, the answer is almost always licensing.

A good starting baseline: MFA for everyone, Conditional Access blocking legacy auth, sensitivity labels on the most sensitive data, and Defender for Office 365 on every mailbox.