Microsoft renames and unifies more products under Microsoft Defender brand

Microsoft Threat Protection, Defender ATP, Azure Security Center, and others brought under the Microsoft Defender umbrella brand.

Microsoft Ignite 2020: Mary Jo Foley on Project Cortex, Azure resiliency, Teams, and Edge on Linux

After rebranding Windows Defender as Microsoft Defender in early 2019, Microsoft is renaming and bringing more products under the Defender brand, the company announced today at its yearly Ignite developer conference.

Starting Sept. 22, the Microsoft Defender product line will be expanded and split across two branches as Microsoft 365 Defender for end-user environments and Azure Defender for cloud and hybrid infrastructure, respectively.

The Microsoft 365 Defender line will include:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Similarly, the Azure Defender line will include:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

Microsoft's long-term plan is to unify all its cyber-security offerings under a simpler naming scheme that makes it easier to get a grasp on the company's full security capabilities.

Although Microsoft is considered to have some of the best security products in the business, due to its deep knowledge of its own products, until now, the company's different product naming schemes have made it hard for companies, executives, and IT staff to make their way around Microsoft's product portfolio.

However, Microsoft plans to make things simpler than before.

Going forward, there will be Microsoft Defender and Azure Sentinel.

Microsoft Defender will be Microsoft's XDR product, while Azure Sentinel will be the company's SIEM line.

XDR stands for eXtended Detection and Response and is a cyber-security term that refers to products that detect and respond to active threats on endpoints (may them be workstations, servers, email accounts, or IoT devices).

SIEM stands for Security Information and Event Management and is a cyber-security term that refers to web applications that aggregate logs from all a company's sources (OS, application, antivirus, database, or server logs) in order to analyze large quantities of data from a vantage point and search for anomalies and signs of a security breach.

"Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise," said Rob Lefferts, M365 Security CVP.

"Some vendors deliver XDR, some deliver SIEM. Microsoft believes that defenders can benefit from using deeply integrated SIEM and XDR for end-to-end visibility and prioritized actionable insights across all your enterprise assets."