Microsoft Defender for Endpoint

06 October 2023

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Defender for Endpoint uses big-data, device learning, and unique Microsoft optics across the Windows ecosystem. Enterprise cloud products, online assets and behavioural signals are translated into insights, detections, and recommended responses to advanced threats.

Embedded endpoint behavioural sensors collect and process behavioural signals from the operating system and send this sensor data to the private, isolated, cloud instance of Microsoft Defender for Endpoint. Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when they are observed in collected sensor data.

Built-in core vulnerability management capabilities use a modern risk-based approach to the discovery, assessment, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. To further enhance the ability to assess the enterprise’s security posture and reduce risk, a new Defender Vulnerability Management add-on for Plan 2 is available.

The attack surface reduction set of capabilities provides the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. This set of capabilities also includes network protection and web protection, which regulate access to malicious IP addresses, domains, and URLs. To further reinforce the security perimeter of the network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.