Microsoft simplifies security portfolio with Defender rebrand


Dale Walker

23 Sep, 2020

Microsoft has announced a host of new security updates to coincide with a strategic shift that pulls all of its detection and event management services under the new Microsoft Defender brand.

Microsoft Defender represents the “broadest resource coverage” of any security portfolio in the industry, the company claims, spanning identity protection, endpoints, cloud applications, and infrastructure, to name a few.

This means all of Microsoft’s extended detection and response (XDR) tools will now sit alongside its suite of security information and event management (SIEM) software, offered as a single umbrella brand in a bid to reduce complexity.

For customers, this new direction will take the form of two separate packages, namely Microsoft 365 Defender, tailored for end-user environments, and Azure Defender, built for cloud and hybrid infrastructure. Both of these packages bring their own product name changes, with Microsoft effectively abandoning the ‘advanced threat protection (ATP)’ theme for most products.

Microsoft 365 Defender will replace all instances of Microsoft Threat Protection, the name given to the suite of products covering identity, endpoint, email, and app security, launched just two years ago.

Included in that Microsoft 365 Defender suite is an updated version of Microsoft Defender ATP, now known as Microsoft Defender for Endpoint, bringing with it expanded support for Android and iOS devices.

Microsoft Defender for Office 365, previously known as Office 365 ATP, and Microsoft Defender for Identity, previously known as Azure ATP, will also feature as part of the Microsoft 365 Defender suite.

The second package, Azure Defender, is described as an evolution of the Azure Security Center (ASC) and repurposes a number of its tools, although the original version ASC still exists. Firstly, Azure Defender for Servers will replace the standard version of ASC, while both Azure Defender for SQL and Azure Defender for IoT will both replace their respective ASC versions. All of these will be packaged inside Azure Defender.

Aside from the name changes, Azure Defender will bring a new look with a unified dashboard inside ASC, as well as expanded protection coverage for SQL on-premises, Kubernetes, and Azure Key Vault. It will also cover industrial IoT, operational technology (OT), and building management systems, largely thanks to the acquisition of CyberX in June.

“Today we’re delivering a new set of security, compliance, and identity innovations to help all customers simplify and modernize their environments by embracing the reality that the past seven months have likely reshaped the next 10 years of security and digital transformation,” said Vasu Jakkal, corporate vice president of Microsoft Security, Compliance, and Identity, announcing the rebrand.

“We hold a differentiated view among our peers that security should not only encompass all critical aspects of security — including cybersecurity, identity and compliance — but that these components should be tightly integrated, and built right into the products and platforms that businesses are already using.”

Also updated, but still separate from the Microsoft Defender branding, is Azure Sentinel, a tool that collates all of an organisation’s security logs and threat data into one window. This has been given an updated search functionality and the option to create watchlists for specific threats. It’s also now possible to create user and entity behaviour profiles that can be paired with Microsoft’s own security research to monitor for unseen threats.

Beginning in November, Microsoft will also be cutting the cost of Azure Sentinel for a limited time, which it estimates will help a typical organisation of 3,500 users save around $1,500 per month.