Microsoft Security

Defender portfolio — presales intelligence for SEs

live data
0T

Signals per day

Microsoft threat intelligence

0M

Attacks blocked daily

Across Microsoft customers

0

Battle cards

Competitive displacement

0

Attack scenarios

Full kill chain coverage

OverviewFeature mapBattle cardsAttack scenariosStack comparison
All attack scenarios

Attack scenario · Business Email Compromise

Business Email Compromise

Vendor-pivot phishing → credential theft → Defender XDR containment

DEFENDSecurity 3-5 min read

Step 1 of 8

Reconnaissance

MITRE · Reconnaissance

The Attack

Attacker researches the target via LinkedIn and public sources.

Identifies the CFO, CEO, and an AP clerk. Infers the tenant's email naming convention (first.last@company.com) from press releases and vendor case studies. Builds a target list of three high-value mailboxes.

The Defense

MDO P2 · Threat Intelligence

Pre-attack stage — no direct user-level detection.

Defender for Office P2 Threat Intelligence continuously tracks known threat-actor infrastructure and enriches later alerts with attribution context. Nothing to block yet, but telemetry is being primed.

Without Defender Suite

No difference at the reconnaissance stage — this is public-source research.

Business impact · Same exposure regardless of licensing. The org chart and email patterns are discoverable by any attacker.

Every targeted attack starts with research. Your company's org chart, email patterns, and vendor relationships are publicly discoverable.