Microsoft Defender for... Everything, I guess?

Defender, defender everywhere, and not a brain cell to spare. That's the story of Microsoft's branding strategy, folks. I wasn’t the biggest fan of Intune being renamed the generic Endpoint Manager. I’m curious how many results get hidden on Google because pretty much everyone searches for *Intune* despite the rebranding years ago?

It's enough to give someone, like me who works daily with Defender, a headache just trying to keep up. Honestly, how many times can a product be renamed and rebranded before it just becomes a dizzying blur?


I mean, just look at the current product listing for Defender....

25 products - TWENTY-FIVE - all with the word Defender in them!

That's insane!

Maybe Microsoft should hire a SEO-guy…

But fear not, my fellow techies, for I am here to help. I've spent countless hours studying and working with Defender products, and I've distilled all that knowledge into a handy little guide for the rest of us mere mortals. Because let's face it, the last thing you want to do is waste precious brainpower trying to keep track of Microsoft's ever-changing product names.

First a little history lesson…

The convoluted history of Microsoft Defender 

  • Microsoft Defender: A great product that's been rebranded so many times, even we can't keep up.
  • Windows Defender: The OG, back when it was just an anti-spyware program for Windows XP in 2005.
  • Microsoft Security Essentials: The free antivirus software for Windows that nobody asked for in 2009, and rebranded in 2012.
  • Windows Defender Antivirus: When they finally realized that spyware isn't the only thing to worry about.
  • Windows Defender Advanced Threat Protection (ATP): The enterprise version that dropped in 2016, 'cause regular threats just weren't cutting it anymore. The product that finally went cross-platform in 2017.
Now let's go through the current list:


Microsoft 365 Defender

  • A security platform that provides comprehensive protection for Microsoft 365 services and devices.
  • Includes real-time monitoring, threat detection, and automated investigations to protect against malware, phishing, and advanced persistent threats.
  • Includes Microsoft Defender for Office 365, Endpoint, and Identity, integrated with Azure ATP and Microsoft Cloud App Security.
  • Provides a unified security management experience through the Microsoft 365 security center, which can be integrated with third-party solutions.
  • Cross-platform support for Windows, Mac, iOS, and Android, with protection for identity protection, email, endpoints, apps, and cloud app security.
  • Managed by IT administrators through the security center and automated security policies.
  • Example: A company using Microsoft 365 for their productivity and collaboration needs will use this product to secure their email, documents, and devices from various cyber threats.


Defender for Endpoint

  • An endpoint protection solution for Windows, Linux, macOS, iOS, and Android devices.
  • Provides real-time protection, behavioral analysis, and cloud-based protection to detect and prevent threats, such as malware, viruses, and phishing attempts.
  • Includes web content filtering to block potentially harmful websites, advanced threat hunting and investigation to identify and respond to unknown threats.
  • Device management capabilities, including security updates deployment, configuration, and detailed information about the security state of devices.
  • Example: A business using a mix of Windows, Mac and mobile devices will use this product to secure their endpoints from various cyber threats, such as malware and ransomware.


Defender for Office 365

  • A security solution that detects and responds to threats in the Office 365 environment.
  • Monitors and alerts on suspicious activities and policy violations, such as unusual user behavior or unauthorized access to sensitive data.
  • Protects against phishing, malware, and other cyber-attacks, such as spear phishing, ransomware, and BEC.
  • Example: An enterprise using Office 365 for their email and collaboration needs will use this product to secure their email and documents from various cyber threats

Defender for Cloud Apps

  • Stand alone adaptive solution that detects and responds to threats in Cloud Apps and Services
  • Provides visibility into user activities and data in cloud apps, such as Office 365, G-suite, Salesforce and AWS
  • Helps prevent data leaks and detect abnormal activities, such as exfiltration and unauthorized access to data
  • Beavioral analysis, Machine Learning, Real-Time
  • Example: Detecting and blocking an attempt to download sensitive company data from a cloud-based file sharing app.


Defender for Businesses

  • A comprehensive security solution for small-medium businesses, providing security across various types of devices (endpoints) and services like email, identity management and more.
  • Features include Real-time protection, behavioral analysis, and cloud-based protection to detect and prevent threats, such as malware, viruses, and phishing attempts.
  • Web content filtering, advanced threat hunting and investigation, and device management capabilities that simplify security management and compliance.
  • Example: Defender for Businesses could have a unified security management experience, with security updates, configuration and detailed information about the security state of its devices all in one place.


Defender for Identity

  • Provides advanced protection for identity and access management across the organization.
  • Monitors and alerts on suspicious sign-in activities, such as attempts to access an account from an unusual location or device
  • Helps prevent account compromise and detect identity-based threats, such as account takeover and password spraying
  • Uses advanced techniques like machine learning and behavioral analysis to detect and respond to threats
  • Integrates with Azure Active Directory, Azure AD Identity Protection, and Microsoft Cloud App Security for unified security management
  • Example: A business using Azure Active Directory for their identity management will use this product to detect and respond to attempts at unauthorized access to their accounts.


Defender Vulnerability Management

  • A security solution that detects and responds to vulnerabilities in systems and applications used by the organization
  • Provides visibility into vulnerabilities across the organization by automatically identifying, assessing, and prioritizing vulnerabilities in the systems and applications
  • Automates the process of identifying, assessing, and prioritizing vulnerabilities, which makes it easier for organizations to focus on critical issues and keep systems and applications secure
  • Example: Vulnerability Management to automate the process of identifying and assessing vulnerabilities in their systems and applications. This helps the IT team quickly prioritize and address potential security issues.


Microsoft Defender Threat Intelligence

  • A threat intelligence service that delivers actionable intelligence about the latest threats, vulnerabilities, and attack techniques
  • Provides actionable information for better-informed security decisions
  • Includes intelligent tools like automatic investigation and response, custom alerts, etc.
  • Example: Use Defender Vulnerability Management to automatically scan and assess the security of their devices and software systems. The tool alerts the IT administrator to any vulnerabilities that need to be addressed, and prioritizes them based on severity. The administrator is able to quickly patch the most critical vulnerabilities, helping to ensure the company's data remains secure and compliant with industry regulations.


Defender for Cloud

  • Comprehensive security solution for cloud workloads: A company that runs its applications and data on cloud infrastructure such as Azure or AWS will use this product to secure their workloads.
  • Security and Compliance tools: A company using Azure to store patient data will use this feature to ensure they comply with HIPAA regulations.
  • Scans for vulnerabilities, misconfigurations and potential breaches: A company using Azure will use this feature to regularly check their infrastructure for vulnerabilities that could be exploited by attackers.
  • Provides security policy compliance and remediation for cloud resources: An institution using Azure will use this feature to ensure that all their cloud resources comply with industry regulations and standards.
  • Automatic incident response for compromised resources: A company using Azure will use this feature to automatically respond to security incidents and contain the damage.


Defender for Servers

  • Detects and responds to threats on servers: A company that runs a number of Windows servers on-premises will use this product to secure them.
  • Monitors and alerts on suspicious activities: An IT administrator will use this feature to receive alerts when a server is accessed by an unauthorized user.
  • Helps protect against malware, malicious scripts, and unplanned changes: A company that runs Windows servers will use this feature to protect their servers from malware and unauthorized changes.
  • Scans servers for vulnerabilities, misconfigurations and potential breaches: A company that runs Windows servers to store sensitive data will use this feature to regularly check their servers for vulnerabilities.
  • Example: Can use Defender for Servers to detect and respond to threats on its critical servers. The solution monitors for suspicious activities and alerts the IT team of any potential issues. The team can then use the software's advanced threat hunting and detection capabilities, as well as its automated incident response features, to help protect against malware, malicious scripts, and unplanned changes on the servers.


Defender for Storage

  • Detects and responds to threats in Azure Storage and Azure Data Lake Storage: A company that stores large amounts of data in Azure will use this product to secure it.
  • Offers protection for data at rest and in transit: An online retailer that uses Azure storage to store customer data will use this feature to ensure their data is protected while in transit and at rest.
  • A company using Azure to host their applications will use this feature to have a unified view of their security posture across different Azure services.
  • Example: Can use Defender for Storage to detect and respond to threats in their Azure Storage and Data Lake Storage. The solution offers protection for data at rest and in transit. The company can monitor storage accounts and Data lakes for suspicious activities, and use the solution's advanced threat hunting and detection capabilities, automated incident response and automatic data encryption to help ensure their data remains secure.


Defender for SQL

  • Detects and responds to threats in Azure SQL databases: A company that uses Azure SQL to store their data will use this product to secure it.
  • Scans for vulnerabilities, misconfigurations, and potential breaches: A software development company will use this feature to check their Azure SQL databases for vulnerabilities before deploying new code.
  • Allows for automated remediation of identified issues: An IT administrator will use this feature to automate the process of patching vulnerabilities found in the Azure SQL databases.
  • Example: Can use Defender for SQL to detect and respond to threats in their Azure SQL databases that stores patient information. The solution scans for vulnerabilities, misconfigurations, and potential breaches and allows for automated remediation of identified issues. The hospital security team can also use the solution's real-time threat protection, advanced threat hunting and detection capabilities, automated incident response and


Defender for Containers

  • Detects and responds to threats in Azure Container Instances and Azure Kubernetes Service: A company that uses Azure to host containerized applications will use this product to secure them.
  • Provides security for container images, runtime processes, and network communications: A software development company that uses Azure to host their applications in containers will use this feature to secure their container images, runtime processes, and network communications.
  • A company that uses Azure to host multiple containerized applications will use this feature to have a unified view of their security posture across different Azure services.
  • Monitors container images for vulnerabilities and runtime processes for suspicious activities: A software development company that uses Azure to host containerized applications will use this feature to regularly check their container images for vulnerabilities and runtime processes for suspicious activities.
  • Example: A company that uses Azure to host containerized applications use Microsoft Defender for Containers to detect and respond to threats in Azure Container Instances and Azure Kubernetes Service, secure container images, runtime processes, and network communications and integrate with for unified security management.


Defender for App Service

  • Detects and responds to threats in Azure App Service: A company that uses Azure to host their web applications will use this product to secure them.
  • Scans for vulnerabilities and misconfigurations: A software development company will use this feature to check their Azure App Service for vulnerabilities before deploying new code.
  • Allows for automated remediation of identified issues: An IT administrator will use this feature to automate the process of patching vulnerabilities found in the Azure App Service.
  • Real-time threat protection: A company using Azure App Service will use this feature to receive alerts when an attack is being attempted on their web applications
  • Advanced threat hunting and detection capabilities: A business using Azure App Service will use this feature to detect sophisticated attacks
  • Automated incident response: An IT administrator will use this feature to automatically respond to security incidents.
  • Automatic malware cleaning and quarantine: A company using Azure App Service will use this feature to automatically clean and quarantine malwares
  • Identify and blocking of known malicious IPs: A company using Azure App Service will use this feature to identify and block known malicious IPs that are trying to access the web application
  • Example: A software development company that uses Azure to host their web applications uses Microsoft Defender for App Service to detect and respond to threats, scan for vulnerabilities, automate the process of patching vulnerabilities, receive alerts when an attack is being attempted and detect sophisticated attacks.


Defender for Key Vault

  • Detects and responds to threats in Azure Key Vault: A company that uses Azure Key Vault to store cryptographic keys and secrets will use this product to secure them.
  • Monitors and alerts on suspicious access to keys and secrets: An IT administrator will use this feature to receive alerts when an unauthorized user tries to access the keys and secrets.
  • Protects against attacks on cryptographic keys and secrets: A financial institution that uses Azure Key Vault to store sensitive data will use this feature to protect their keys and secrets from attacks.
  • Real-time threat protection: A financial institution using Azure Key Vault will use this feature to receive alerts when an attack is being attempted on their cryptographic keys and secrets
  • Advanced threat hunting and detection capabilities: A business using Azure Key Vault will use this feature to detect sophisticated attacks
  • Automated incident response: An IT administrator will use this feature to automatically respond to security incidents related to the keys and secrets stored in Azure Key Vault.
  • Automatic key rotation: A company that uses Azure Key Vault to store cryptographic keys and secrets will use this feature to automatically rotate the keys to enhance security
  • Identify and blocking of known malicious IPs: A company using Azure Key Vault will use this feature to identify and block known malicious IPs that are trying to access the key vault
  • Example: A company that uses Azure Key Vault to store sensitive data uses Microsoft Defender for Key Vault to detect and respond to threats, receive alerts when an unauthorized access to the keys and secrets, protect against attacks on cryptographic keys and secrets, and automatically rotate the keys and block known malicious IPs for enhance security


Defender for DNS

  • Detects and responds to threats in Azure DNS: A company that uses Azure DNS to manage their domain name system (DNS) will use this product to secure them.
  • Monitors and alerts on suspicious DNS queries: An IT administrator will use this feature to receive alerts when an unusual or suspicious DNS queries are made.
  • Protects against attacks on DNS infrastructure: A company that uses Azure DNS to manage their domain name system will use this feature to protect their DNS infrastructure from attacks.
  • Real-time threat protection: A business using Azure DNS will use this feature to receive alerts when an attack is being attempted on their domain name system
  • Advanced threat hunting and detection capabilities: A business using Azure DNS will use this feature to detect sophisticated attacks
  • Automated incident response: An IT administrator will use this feature to automatically respond to security incidents related to the DNS service.
  • Automatic malware cleaning and quarantine: A company using Azure DNS will use this feature to automatically clean and quarantine malwares
  • Identify and blocking of known malicious IPs: A company using Azure DNS will use this feature to identify and block known malicious IP addresses that are attempting to access the DNS infrastructure.
  • Example: A large company uses Azure DNS to manage their domain name system, they use Microsoft Defender for DNS to detect and respond to threats, monitor for suspicious DNS queries, protect against attacks on their DNS infrastructure, and automatically clean and quarantine any detected malware, and block known malicious IP addresses to enhance their security.


Defender for Resource Manager

  • Monitors Azure Resource Manager for suspicious activities and policy violations
  • Alerts administrators in real-time of any potential breaches or misconfigurations
  • Automatically responds to security incidents related to resource deployments by taking remediation actions such as quarantining a VM or disconnecting a suspicious IP.
  • Real-time threat protection through continuous monitoring and detection of malicious activities
  • Advanced threat hunting and detection capabilities using machine learning algorithms to identify and detect unknown threats
  • Automated incident response and investigation to help security teams quickly contain, investigate and eradicate threats
  • Automatic malware cleaning and quarantine to prevent the spread of infections
  • Blocks known malicious IPs through continuous monitoring of network traffic
  • Example: A company using Azure Resource Manager for their infrastructure as a service (IaaS) deployments will use this product to detect and respond to threats and breaches on their virtual machines, storage accounts, and virtual networks. This will help them protect their sensitive data and business operations, and also maintain regulatory compliance.


Defender for open-source relational databases

  • Provides security for open-source relational databases such as MySQL, MariaDB, and PostgreSQL running on Azure
  • Detects and responds to threats in these databases by monitoring for suspicious activities and potential breaches
  • Scans for vulnerabilities, misconfigurations and potential breaches, providing real-time protection against threats
  • Allows for automated remediation of identified issues and vulnerabilities, with the ability to apply security patches and updates automatically.
  • Advanced threat hunting and detection capabilities using machine learning algorithms to identify and detect unknown threats
  • Provides security hardening and recommendations based on industry best practices, to help improve the security posture of the databases
  • Logging and auditing of database activities to track and investigate any suspicious activities
  • Example: A company that has developed an e-commerce application using an open-source relational database such as MySQL and running on Azure, will use this product to secure their database and prevent any unauthorized access or data breaches. This will help them protect customer data, financial transactions, and maintain regulatory compliance.



Defender for IoT

  • Comprehensive security solution for Internet of Things (IoT) devices, that provides protection across different IoT environments and scenarios such as smart home, industrial control systems, healthcare and retail..
  • Helps secure IoT devices, gateways, and device-to-cloud communications by identifying and preventing threats before they can cause damage.
  • Includes features such as real-time monitoring, threat detection, and automated investigations to detect and prevent various types of threats, such as malware and malicious IPs from accessing the devices.
  • Example: A Smart city organization uses Defender for IoT to secure the network of smart cameras and traffic lights deployed across the city. The solution continuously monitors the devices for any suspicious activity, and alerts the IT team when a threat is detected. The team is then able to quickly respond and prevent a potential attack.


Defender for IoT for end-user organizations

  • Security solution specifically designed for end-user organizations that use IoT devices.
  • Provides features such as device management, security and compliance and incident response.
  • Offers centralized visibility and control of devices, policies, and alerts, allowing IT administrators to manage the security of IoT devices across the organization.
  • Ability to block and quarantine malicious devices by identifying and isolating compromised devices before they can cause damage to the network.
  • Example: A manufacturing company uses Defender for IoT for end-user organizations to secure the network of industrial control systems and smart devices used in their production line. The solution allows the IT team to quickly identify and respond to any security incidents, ensuring the smooth operation of the production line and protection of the company's assets.


Defender for IoT for device builders

  • Security solution specifically designed for device builders and manufacturers.
  • Includes features such as device security, firmware protection, and vulnerability management. Device builders can use Defender for IoT to secure their devices at the manufacturing stage by identifying and addressing vulnerabilities and misconfigurations in the device's firmware. 
  • The solution also includes tools and guidance to help device builders adhere to industry and regulatory standards, such as OWASP IoT Top 10 Risks. 
  • Additionally, it allows them to take control of the supply chain security by implement automated security checks and testing.
  • Example: A device builder uses Defender for IoT to secure a new line of connected thermostats before they are shipped to customers. The solution scans the thermostats' firmware for vulnerabilities and misconfigurations, and provides the builder with guidance on how to address any issues that are found. The builder is able to ensure that the thermostats are secure before they are shipped, which helps to protect their customers from potential attacks and data breaches.



Defender capabilities in Windows

  • A set of built-in security features in the Windows operating system, designed to provide comprehensive protection.
  • Includes features such as antivirus, firewall, application control, and website filtering. These features work together to protect deviced from a variety of different threats, including malware, malicious software, and unauthorized access.
  • Example: An IT administrator of a school can set up policies and rules that blocks students from installing any unauthorize software on school's laptops to keep them safe and secure.


Microsoft Defender Antivirus

  • An antivirus software that helps protect against malware and other unwanted software.
  • Scans for malware and other malicious software and removes it when found. Continuously monitors devices and alerts you when malware is detected.
  • Example: A small business that sells products online uses Microsoft Defender Antivirus to scan all incoming emails and attachments for malware, helping to protect the company's network and customer data from cyber threats.


Windows Defender Firewall

  • A firewall that helps protect devices from unauthorized access.
  • Monitors incoming and outgoing network traffic and alerts you to suspicious activity. Allows you to create rules that specify what types of traffic are allowed or blocked.
  • Example: A company that works with sensitive client data uses Windows Defender Firewall to monitor network traffic and block any suspicious or unauthorized access attempts, helping to protect the company's intellectual property and client data.


Windows Defender Application Control

  • A feature that helps protect devices from untrusted and malicious applications.
  • Monitors applications and blocks those that are considered to be a risk. Allows you to create policies that specify what types of applications are allowed to run.
  • Example: A company that handle sensitive data use Windows Defender Application Control to monitor and block any unwanted or malicious software that employees might accidentally download, helping to keep the company's data and systems secure.


Microsoft Defender Application Guard

  • A security feature that helps protect devices from untrusted websites.
  • Allows you to browse the web in an isolated environment, separate from the rest of device.
  • Blocks malicious and untrusted websites and alerts you to potential risks.
  • Example: An IT administrator uses Microsoft Defender Application Guard to create a secure browsing environment for employees to access client information, this helps protect the firm's sensitive data from phishing and other online threats.


Microsoft Defender SmartScreen

  • A feature that helps protect against phishing and malicious websites.
  • Monitors the websites you visit and blocks those that are known to be malicious or phishing sites.
  • Alerts you to potential risks and allows you to choose whether to proceed or not.
  • Example: A company uses Microsoft Defender SmartScreen to monitor employee browsing activity and block any known phishing or malicious websites, helping to protect the company's network and customer data from cyber threats.


Defender for... oh my god! I've run out of Defenders?!

I've finally run out of Defenders! But in all seriousness, it can be overwhelming to keep track of all the different products that Microsoft has to offer under the Defender brand. 

But, now that we've gone through them all, I hope you have a better understanding of the capabilities and features each one offers. Whether it's securing your container deployments, protecting your DNS infrastructure, or detecting threats in your relational databases, Microsoft has a Defender product that can fit your needs. 

The key takeaway from this guide is that, despite the constant rebranding, these products all share one core goal: to provide advanced threat protection and detection capabilities to help keep your organization secure.