Microsoft Defender Threat Intelligence: Convergence with Microsoft Defender and Microsoft Sentinel

Microsoft Defender Threat Intelligence is integrating with Microsoft Defender and Microsoft Sentinel by January 8, 2026, offering unified threat insights, enhanced analytics, and IoC integration. Organizations must transition to these platforms and update licensing and documentation to maintain access. Introduction Microsoft Defender Threat Intelligence (MDTI) is converging with Microsoft Defender and Microsoft Sentinel to deliver integrated threat intelligence capabilities directly within your SecOps environment. This change simplifies access to threat insights, improves detection and response workflows, and aligns with customer feedback for a unified experience. When this will happen Full convergence will be completed by January 8, 2026. New capabilities are available now, and as of August 2025, all MDTI data has been published via the free connector, with new Threat Analytics APIs replacing retired MDTI APIs. How this affects your organization Who is affected: Organizations using Microsoft Defender Threat Intelligence, Microsoft Defender, or Microsoft Sentinel. What will happen: Threat Intelligence Library will be accessible via the Microsoft Defender portal, including exclusive threat reports, intel profiles, and Indicators of Compromise (IoCs) integrated into Threat Analytics. Enhanced Threat Analytics reports will include: Indicators of Compromise (IoCs) embedded in reports. MITRE ATT&CK mapping for tactics, techniques, and procedures. Insights on targeted industries and actor origins. Related intelligence and aliases for cross-referencing. IoCs will be linked to cases for Sentinel customers. After January 8, 2026, MDTI capabilities will require an active Microsoft Defender or Microsoft Sentinel license. What you can do to prepare Plan your transition to Microsoft Defender or Microsoft Sentinel before January 8, 2026, to maintain uninterrupted access. Review licensing requirements for MDTI capabilities. Update internal documentation to reflect new Threat Analytics APIs and connector availability. Compliance considerations No compliance considerations identified, review as appropriate for your organization. Message ID: MC1192257

The post Microsoft Defender Threat Intelligence: Convergence with Microsoft Defender and Microsoft Sentinel appeared first on M365 Admin.