XDR, Microsoft Defender XDR, and Microsoft Defender for Cloud

Customers are likely to see the terms “XDR,” “Microsoft Defender XDR,” and “Microsoft Defender for Cloud,” but what do these terms mean? XDR (eXtended detection and response) is a term used by analysts and industry to describe inputs across a range of traditionally stand-alone security tools, surfaced together in a usable form that is likely to be more powerful than the sum of its parts. 

Microsoft uses XDR to describe Microsoft Defender XDR, an umbrella brand that unifies the existing Microsoft Defender services (Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud Apps) within one console, the Microsoft 365 Security Center. Microsoft Defender XDR is intended to combine related threat information into incidents and allows one service in the suite to inform other related services of actions that should be taken.

Note that Microsoft Defender XDR was named Microsoft 365 Defender prior to Nov. 2023, at which time Microsoft added initial support for inclusion of signals from Microsoft Sentinel (the company’s SIEM) and Microsoft Defender for Cloud (the cloud defense platform for Azure and select other cloud hosting services).