Getting Started
      Back to home
      1. Knowledge Base
      2. Getting Started

      ContraForce EDR vs XDR for Microsoft Defender Products

      This article explains the differences between ContraForce EDR and XDR modules for Microsoft Defender products.

      ContraForce provides both EDR and XDR modules for Microsoft Defender products. The EDR and XDR modules are different in two main ways: (1) the data sources ingested by ContraForce, and (2) Platform capabilities. 

      Legend 

      Included by Microsoft (•)  

      Add-on from Microsoft (+)  

      ContraForce EDR Module for Defender 

      The ContraForce EDR module is typically suitable for service provider clients that have purchased Microsoft Office 365 Business Premium or Microsoft Office 365 E3. 

      Data Sources ingested with the ContraForce EDR Module 

      Data Sources  

      Business Premium  

      E3  

      Defender for Business (MDB)   

      •  

        

      Defender for Office 365 Plan 1   

        

        

      Defender for Office 365 Plan 2   

         

         

      Defender for Endpoint Plan 1 (MDE P1)   

         

      •   

      Defender for Endpoint Plan 2 (MDE P2)   

       

       

      Defender for Cloud Apps   

         

         

      Defender for Identity   

         

         

      Entra ID Plan 1   

      •  

      •  

      Entra ID Plan 2   

         

        

      ContraForce XDR Module for Defender 

      The ContraForce XDR module is typically suitable for service provider clients that have purchased Microsoft Office 365 E5 or clients that have purchased add-ons for Microsoft Office 365 Business Premium or Microsoft Office 365 E3 such as the E5 Security bundle. 

      As you can see in the table below, the ContraForce XDR module allows for the ingestion of a broader range of data sources when compared to the ContraForce EDR module. 

      Data Sources ingested with the ContraForce XDR Module 

      Data Sources  

      Business  

      Premium  

      E3  

      E5  

      Defender for Business (MDB)   

      •  

        

        

      Defender for Office 365 Plan 1   

      •  

      +  

      •  

      Defender for Office 365 Plan 2   

       +  

      +  

      •  

      Defender for Endpoint Plan 1 (MDE P1)   

         

      •  

      •  

      Defender for Endpoint Plan 2 (MDE P2)   

      +  

      +  

      •  

      Defender for Cloud Apps   

      +  

      +  

      •  

      Defender for Identity   

      +  

      +  

      •  

      Entra ID Plan 1   

      •  

      •  

      •  

      Entra ID Plan 2   

      +  

      +  

      •  

      XDR Module Features 

      As a result of the additional data sources, the ContraForce XDR module provides a broader range of features: 

      • Everything in the EDR module 
      • Incidents ingested from the additional data sources:
        • Defender for Office 365
        • Defender for Cloud Apps
        • Defender for Identity  
      • Additional entity enrichment not available with the EDR module: 
        • IP address – related incidents  
        • Device – timeline, related incidents  
        • Email – email info  
        • URL – URL info   
      • Log Search