Microsoft Defender for Endpoint-Describe security, compliance, privacy, and trust in Microsoft 365

Endpoints are the devices connected to a network: computers, smartphones, tablets, wireless access points, routers, and firewalls. All endpoints are potential points of vulnerability, and Microsoft Defender for Endpoint is designed to discover, configure, and monitor these endpoints. Defender for Endpoint can also remediate the issue when it detects suspicious behavior.

As with all of the Microsoft 365 Defender products, management of Defender for Endpoint is integrated into the Microsoft 365 Defender portal. Microsoft Defender for Endpoint is available in two plans, plus an add-on for Plan 2, as shown in Table 3-2.

TABLE 3-2 Microsoft Defender for Endpoint products

Defender for Endpoint Plan 1Defender for Endpoint Plan 2Defender Vulnerability Management add-on for Plan 2
Next-generation antivirus and antimalware protectionAll Defender for Endpoint Plan 1 featuresAll Defender for Endpoint Plan 2 features
Attack surface reductionDevice discovery and inventorySecurity baselines assessment
Manual response actionsVulnerability managementBlocking of vulnerable applications
Centralized managementThreat analyticsHardware and firmware assessment
Security reportsAutomated investigation and responseNetwork share analysis
Support for Windows 10, Windows 11, iOS, Android OS, and macOS devicesEndpoint detection and responseAuthenticated scan for Windows

Microsoft 365 Enterprise E3 includes Plan 1, and Enterprise E5 includes Plan 2. Mixed licensing scenarios are available, in which a tenancy includes both Plan 1 and Plan 2 clients. There is also a standalone Microsoft Defender for Business product, designed for networks of up to 300 users, which includes many of the Defender for Endpoint features found in Plans 1 and 2.

Defender for Endpoint provides tools for investigating endpoint security threats, including the following:

  • Vulnerability management Defender for Endpoint continuously monitors the network (as shown in Figure 3-21), inventories hardware and software components such as certificates and browser extensions, discovers potential vulnerabilities, assesses their associated risks, and remediates them.

FIGURE 3-21 Microsoft Defender Vulnerability Management dashboard

  • Attack surface reduction Minimizes the attack risk by restricting users to only the resources they need. Using zero trust principles, attack surface reduction allows administrators to designate applications as trusted and specify folders that only trusted applications can access. In the same way, network protection prevents endpoints from communicating with websites suspected of hosting malware, phishing attempts, and other suspicious behaviors.
  • Endpoint detection and response Provides near real-time detection of attacks, generating alerts that it incorporates into incidents describing similar threats. This enables administrators to analyze security events based on evidence gathered over time.
  • Automated investigation and remediation After generating alerts, Defender for Endpoint initiates an investigation by scanning its records for similar occurrences on other systems and using artificial intelligence. Defender executes remediations based on automation levels configured for machine groups, as follows:
    • Not protected Turns off all remediation.
    • Semi Requires administrator approval for particular types of remediation.
    • Full Performs remediations automatically.
  • Endpoint attack notifications Formerly known as Microsoft Threat Experts, Defender proactively hunts for common threats and generates alerts when it finds them.
Microsoft Defender for Office 365

Microsoft Defender for Office 365 is designed to provide protection from attacks arriving through email messages, web links, and Microsoft 365 collaboration tools, including Microsoft Teams, SharePoint, and OneDrive. While all accounts using Microsoft Exchange Online for email are protected by Exchange Online Protection (EOP) against spam, phishing, and malware attempts, Microsoft Defender for Office 365 includes more extensive protection, including the ability to interact with the main Microsoft 365 Defender engine.

Microsoft Defender for Office 365 is available in two plans, as shown in Table 3-3. Plan 1 includes more extensive malware, phishing, email attack detection capabilities; Plan 2 goes beyond the real-time detection of email and collaborative documents and adds automated attack investigation, threat hunting, and attack simulators that administrators can use for training purposes.

TABLE 3-3 Microsoft Defender for Endpoint products

Defender for Office 365 Plan 1Defender for Office 365 Plan 2
Safe attachmentsAll Plan 1 features
Safe linksThreat trackers
Safe attachments for SharePoint, OneDrive, and Microsoft TeamsThreat Explorer
Anti-phishing protectionAutomated investigation and response (AIR)
Real-time detectionsAttack Simulator
 Advanced hunting
 Microsoft 365 Defender integration

Microsoft 365 Enterprise E5 includes Plan 2, but for other Microsoft 365 subscriptions, Defender for Office 365 must be purchased as a standalone subscription.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.