Microsoft describe Microsoft Defender XDR and Microsoft Defender for Cloud as their XDR products, with Microsoft Sentinel as their SIEM and SOAR product.
They are, however, very lax with these names. Sometimes they will use "Microsoft Defender for Endpoint", sometimes "Microsoft 365 Defender for Endpoint". There are also plenty of learn.microsoft.com pages using one or more of the old names.
| Product Name | Description |
|---|---|
| Microsoft Defender XDR |
Microsoft's unified pre- and post-breach enterprise defense suite. Consists of a number of main services: Microsoft Defender for Endpoint, Microsoft Defender Vulnerability Management, and Microsoft Defender for IoT, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps. FKA: Microsoft Threat Protection |
| Microsoft Defender for Endpoint (MDE) |
Something you install on a computer to protect the local operating system, applications and data.
FKA: Microsoft Defender Advanced Threat Protection |
| Microsoft Defender Vulnerability Management |
Comprehensive risk-based vulnerability management. |
| Microsoft Defender for IoT |
Agentless protection for your IoT devices. FKA: Azure Defender for IoT |
| Microsoft Defender for Office 365 (MDO) |
Something you do in your Office 365 tenant. Protects the documents and emails in Exchange, SharePoint, Teams, etc.
FKA: Office 365 Advanced Threat Protection |
| Microsoft Defender for Identity |
Protects your Local AD identities and accounts. Requires sensors to be installed on domain controllers.
FKA: Azure Advanced Threat Protection |
| Microsoft Defender for Cloud Apps |
Something that either sits between your computers and web apps or links to the logs of web apps. Protects the movement of data to/from the web.
FKA: Microsoft Cloud App Security |
| Microsoft Defender for Cloud |
Something you do in your Azure subscription. Protects your cloud resources (virtual machines, app services, databases, storage accounts, containers, key vaults, dns zones). I think it should have been called "Azure Defender" because it is often confused with Defender for Cloud Apps. Also, it does nothing with Microsoft 365. FKA: Azure Security Center, Azure Defender |
| Microsoft Sentinel |
A cloud-based, agentless, SIEM and SOAR tool. Consists of a data warehouse and analytics, a bunch of connectors, and response engine. FKA: Azure Sentinel |
| _______________ | _______________ |
| Entra ID Identity Protection |
Protects your Cloud AD identities and accounts. Requires a P2 licence. |
| Microsoft Purview |
End-to-end compliance management capabilities. FKA: Compliance Manager, Compliance Center |
| Microsoft Entra |
A suite of products for managing identity (including giving users ownership of their identity) and managing permissions across multiple clouds and environments. |