Microsoft Defender XDR has rapidly evolved into the central security portal within the last 2 to 3 years. But with constant feature releases, name & portal changes, and new integrations, it can be difficult to keep track of what’s actually available — and how the pieces truly work together.

Do you find yourself clicking around the portal, overwhelmed by the sheer amount of information, alerts, and dashboards? You’re not alone. Together, we’ll cut through the noise - identifying where the most important insights live and how to use them effectively.

In this session, we’ll take a “State of the Union” look at Microsoft Defender XDR:
- Where the platform stands today
- What capabilities have recently been introduced
- What’s coming next — with a strong focus on real-world operations

We’ll also explore:
- How the different Defender products correlate into unified incidents
- Where to find the most actionable insights for SOC operations
- Investigation and hunting experiences in the unified portal
- Configuration prerequisites to enable cross-workload detections
- Common gaps and misconfigurations

The session includes live demos in the Defender XDR portal, showing how to navigate the platform efficiently and how to use it in day-to-day security operations.