June 20, 2023

Uncovered: Microsoft Defender for Endpoint

By

Liz Knight, Head of Cyber Security

Theta

Uncovered: Microsoft Defender for Endpoint

Microsoft Defender is a suite of solutions designed to help protect your business. It includes the capability to help secure your identities, cloud apps and services, email, documents and endpoints. Microsoft Defender for Endpoint is an Endpoint Detection and Response solution that offers an integrated, layered approach to endpoint protection combining continuous real-time monitoring and endpoint data analytics with a rule-based automated response.

Watch the recap webinar, including results from our attack simulation.

At Theta, we’ve recently added Microsoft Defender for Endpoint to our popular Managed Detection & Response (MDR) service. This MDR service provides 24/7/365 monitoring, ensuring our customers’ endpoints are continually monitored and protected.

What protection does Defender for Endpoint offer?

Image link

Threat & Vulnerability Management

Assesses all your enabled devices, then identifies, reports on and prioritises the application vulnerabilities discovered.

Attack surface reduction

Looks for unusual behaviours on your enabled devices, such as launching executable files or suspicious scripts.

Next-generation protection

Provides always-on, real-time anti-virus protection, monitoring, detecting, and blocking new and emerging threats on enabled endpoints.

Endpoint detection and response

Delivers advanced attack detection and provides full-scope visibility into a breach; it can also respond and take action to remediate threats.

Automated investigation and remediation

Triggers an alert when a security breach is triggered. The second an alert is triggered, e.g. a malicious file is detected - an incident is created, and an automatic investigation process begins.

Microsoft threat experts

This capability is now renamed ‘Endpoint Attack Notifications’ and provides proactive threat hunting for the most critical threats to your network, including human adversary intrusions, hands-on keyboard attacks and advised attacks like cyber espionage.

Web Content Filtering

Provides high-level content filtering for major web browsers, including Microsoft Edge, Chrome, and Firefox. You can use it as an easy way to stop browsing gambling and adult content sites and several other potentially malicious or harmful sites. While it doesn’t offer full DNS level control, it’s a step up from having no control at all!

What licensing do you need for Defender for Endpoint?

If you already have a subscription for Microsoft Business Premium, M365 E5 (or similar licensing), Defender for Endpoint is included.

If you have M365 E3 or EM+S licensing, then there is a Defender for Endpoint Plan 2 add-on license that will provide you with Endpoint Detection and Response capabilities.

Note - Microsoft Business Premium offers the full set of Endpoint detection and response capabilities except Advanced Threat Hunting and Microsoft Threat Experts.

The Defender for Endpoint add-on plans and Microsoft 365 Business Premium don’t include Windows server licenses. If you want to deploy Microsoft Defender to your Windows servers, then you’ll need to purchase an additional Defender server license per server.

For help choosing and implementing the correct license for your budget, speak to our team. We’re an all-in-one, Cloud Service Provider (CSP) and IT solutions provider, with licensing specialists on hand.

What device types are supported?

Microsoft Defender for Endpoint can be deployed to the following endpoints:

  • Windows 10 & 11 Enterprise, Education and Pro
  • Windows 8.1 Enterprise and Pro
  • Windows 7 SP1 Enterprise and Pro
  • Windows Server 2008 R2 SP1, 2012 R2, 2016, 1803, 2019 and 2022
  • Linux Red Hat Enterprise, CentOS, Ubuntu and various other versions
  • MacOS 13 (Ventura), 12 (Monterey) and 11 (Big Sur)
  • Android 8 & higher
  • iOS & iPad OS 14 & higher
  • And network devices. The network device discovery functionality allows you to get visibility of the unmanaged network devices deployed in your organisation that create a large attack surface area and represent a significant risk. Network device discovery will provide a report of Cisco IOS, Juniper JUNOS, HPE ArubaOS, Procurve Switch and Palo Alto Network PAN-OS devices.

Additional features

There is additional functionality that you can enable and take advantage of once you have deployed Microsoft Defender for Endpoint, including:

  • Endpoint protection for unmanaged Windows Devices – even if your devices are not enrolled in Intune, there are options to ensure they are protected.
  • Endpoint protection for MAM-protected iOS and Android devices – even if you are not using Mobile Device Management, you can still ensure devices are free from malicious apps before allowing devices to connect to O365 for email and document access.
  • Microsoft offers a Defender for Endpoint Vulnerability add-on that can block vulnerable apps from running on your managed desktops.

And don’t forget to watch out for updates on Microsoft’s Security Copilot. This AI-powered security analysis tool promises to enhance cyber response team capabilities by helping to respond to threats, process signals at machine speed, and assess risk exposure in minutes.

Need some help?