<img src="https://ws.zoominfo.com/pixel/JV60JGR5LG4sEWlH3Xte" width="1" height="1" style="display: none;">

In this series of blog posts, SecureSky will over time inventory the various Defender technologies and provide a brief overview and link to additional Microsoft documentation.

“Defender” used to be the name of Microsoft’s anti-virus software.

Now Microsoft’s branding strategy has switched to using “Defender for …” as a brand name for products across Microsoft’s security suite, including XDR technologies that prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

While easy to understand from a unified branding approach, this has created confusion as buyers attempt to navigate what each (of dozens) “Defender for …” products does, how they overlap (both within the Microsoft ecosystem and with third-party technologies), and how they are purchased or subscribed to.


Technology Name Microsoft Defender for Identity
Previous Name(s) Azure Advanced Threat Protection or Azure ATP
Category Identity
Function(s) Monitors user and entity behavior in Active Directory to protect stored identities and credentials and detect suspicious activities on hybrid environments
  • Capture and inspect user and entity behavior to detect suspicious activities from AD event logs and deep packet inspection
  • Passive configuration assessment of AD controllers' security posture
  • Protects user identity and credentials stored in AD
  • Integrates with Microsoft Sentinel for alert and incident correlation (preview)  
Cost Basis Defender for Identity is available as part of Enterprise Mobility + Security 5 suite (EMS E5), and as a standalone license.
Microsoft Links



For more information about the Microsoft Defender product line, please feel free to contact us by completing our contact form or emailing info@securesky.com.