Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Endpoint contains lots of components, differences in licensing, and additional protection. Some years ago Defender for Endpoint was only available for Windows. Nowadays the complete Defender for Endpoint stack contains; macOS, Android, iOS, Linux, and Windows. Unmanaged network devices are now also part of the product. With the announcement of the new unified agent more features are available across all versions including Server 2012R2, Server 2016, and higher.

Introduction blog series

This ultimate blog series will contain as much information as possible based on my Defender experience in the past years. Not a copy of Microsoft Docs, but an addition based on practical experience combined with informational details – including the most frequent questions asked by customers focussing on the complete Windows platform. When it’s a success, other platforms like iOS, Android, Linux, and macOS will follow,

Specific question or content idea part of Defender for Endpoint? Use the contact submission form and share the post ideas.

The blog series will be written in sections for each topic. Expect multiple blogs each month. Follow my Twitter, or view this Intro page for all the underlying upcoming parts.

Introduction Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise platform focussing on prevent, detect, investigate, and respond to threats.

It leverages endpoint behavioral sensors that are built into Windows 10, Windows 11, and Server 2019+ to collect and process behavioral signals from the OS. For other OS versions all the technical information will be explained in the blog series.

Defender for Endpoint also leverages cloud security analytics to turn behavioral signals into insights, detections, and responses.

Defender products

Microsoft Defender for Endpoint is available in two purchase options. P1 is the foundation set of capabilities focussing on the prevention area. Microsoft Defender for Endpoint P2 offers the complete set of capabilities, including endpoint detection and response (EDR), Automation investigation (AIR), Incident Response, and Threat and Vulnerability Management (TVM). Compare Defender for Endpoint Plans | Microsoft Docs

Microsoft Defender for Endpoint is part of the Microsoft 365 Defender suite of products and shares a lot of its infrastructure, data schemas, and user experience. More detailed information will be explained in the first part.

Defender for Endpoint directly integrates with various Microsoft solutions, including:

  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Intune/ MEM
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Identity
  • Microsoft Defender for Office
  • And more….

Defender for Endpoint and related component

Microsoft Defender for Endpoint is part of the Microsoft 365 Defender suite of products. Part of Defender for Endpoint are many components that can be used for expanding the complete security posture. Next-generation protection and Attack Surface reduction are getting more critical in protecting against current and future threats.

  • Microsoft Defender Antivirus / Next-generation protection
  • Microsoft Defender SmartScreen
  • Attack Surface reduction
    • HW-based isolation
    • Exploit protection
    • Network protection
    • Controlled folder access
    • Device control
    • Web protection
    • Ransomware protection
    • Attack Surface reduction rules
    • Application control
  • Windows Defender Credential Guard
  • Tamper Protection
  • Microsoft Defender for Endpoint
  • And more….

Parts of the MDE blog series

View all the published parts of the MDE blog series and upcoming parts. Depending on the requests below may change.

  • Part 0: Microsoft Defender for Endpoint – The ultimate blog series (Intro)
  • Part 1: What is Defender for Endpoint and how works the product? (Coming soon)
  • Part 2: Configuring Defender for Endpoint Portal (Coming soon)
  • Part 3: Onboarding methods
  • Part 3A: Onboard using MEM
  • Part 3B: Onboarding using Defender for Cloud
  • part 3C: Onboard using GPO/ Local
  • part 3D: …………..
  • Part 3E: …………..
  • Part 4: Configuration of Defender for Endpoint/ NGP/ AV
  • part 4A: ……
  • Part 4B: ……
  • Part 5: Threat Vulnerability Management
  • Part 6: Troubleshooting and reporting
  • Part 7: Microsoft Sentinel connector
  • Part 8: Build automated responses using Logic App en Automation
  • Part 9: Using integrations ( Defender for Cloud Apps)
  • Part 10: …………..
  • Part 11: …………..

Contribute

Is there something missing? Use the contact submission form and share the post ideas or contact using Linkedin or Twitter. I will take all suggestions into the Defender for Endpoint series and help the community as far as possible.