What is M365 Defender?

Since I first began working with Defender, formerly known as Advanced Threat Protection (ATP), the platform has undergone significant evolution. Much of that change has been driven by Microsoft’s broader effort to consolidate individual security solutions into more unified product families.

Microsoft 365 Defender brings together several core security capabilities, including Microsoft Defender for Endpoint (MDE), Microsoft Defender for Office 365 (MDO), Microsoft Defender for Identity (MDI), and Microsoft Defender for Cloud Apps (MDCA). Previously, these solutions were managed through separate portals, but Microsoft has since integrated them into a centralized experience within the Microsoft 365 Defender portal at security.microsoft.com. This unified approach improves visibility, streamlines operations, and enables stronger cross-product integration where it adds security and operational value.

By consolidating security telemetry and controls across endpoints, email, identities, and cloud applications, Microsoft 365 Defender provides organizations with a more comprehensive and efficient way to detect, investigate, and respond to threats. The diagram included in the post illustrates how these products fit together and highlights some of the capabilities delivered through the platform.