Cyber Intelligence
PROTEGO
Cloud Security6 min read

Defender XDR & the Unified Security Portal: AZ-500 Guide

Microsoft Defender XDR unifies endpoint, identity, email, and cloud app protection into one portal. The AZ-500 tests the difference between XDR and SIEM, and which Defender product protects which surface.

I
Idan Ohayon
Microsoft Cloud Solution Architect
AZ-500Defender XDRDefender for IdentityDefender for EndpointSIEMCertification

XDR vs SIEM

DimensionSIEM (Sentinel)XDR (Defender XDR)
Data sourceAny log sourceMicrosoft security products
DetectionCustom KQL rulesBuilt-in ML correlations
ResponsePlaybooks (Logic Apps)Automated remediation built-in
FocusCompliance, investigationEndpoint plus identity plus email threat response
Exam tip: Sentinel and Defender XDR complement each other. They are not alternatives. Defender XDR data flows into Sentinel via the Microsoft 365 Defender connector.

Defender XDR Components

ProductProtects
Defender for Endpoint (MDE)Windows, macOS, Linux, Android, iOS devices
Defender for Identity (MDI)On-premises AD, Entra ID identity signals
Defender for Office 365 (MDO)Exchange Online, SharePoint, Teams
Defender for Cloud Apps (MDCA)SaaS apps, shadow IT, conditional access app control

The Unified Security Portal (security.microsoft.com)

Since 2024, Microsoft Sentinel is accessible inside the Defender XDR portal (security.microsoft.com): not just portal.azure.com. The exam tests both navigation paths.

Microsoft Defender for Identity (MDI)

MDI monitors on-premises Active Directory Domain Controllers for identity-based attacks:

  • Pass-the-Hash, Pass-the-Ticket
  • Kerberoasting, AS-REP Roasting
  • Lateral movement via SMB

MDI requires a sensor installed on each domain controller. Signals flow to Defender XDR for correlation. Exam tip: MDI detects on-premises AD attacks. Entra ID Protection detects cloud identity risks. For hybrid environments, you need both.

N

Recommended tool: Nordpass

Up to 40% commission

Try for free

Get weekly security insights

Cloud security, zero trust, and identity guides — straight to your inbox.

I

Idan Ohayon

Microsoft Cloud Solution Architect

Cloud Solution Architect with deep expertise in Microsoft Azure and a strong background in systems and IT infrastructure. Passionate about cloud technologies, security best practices, and helping organizations modernize their infrastructure.

Share this article

TwitterLinkedIn

Questions & Answers

Related Articles

☁️
Cloud Security

Azure Firewall Premium vs Standard: When the Upgrade Is Worth It

16 min read

☁️
Cloud Security

Microsoft Security Score: How to Actually Improve It (Not Just Game It)

17 min read

☁️
Cloud Security

Microsoft Defender for Identity vs Defender for Endpoint: What They Actually Cover

16 min read

Need Help with Your Security?

Our team of security experts can help you implement the strategies discussed in this article.

Contact Us