Click here to ask for help with Microsoft Defender for Endpoint

Microsoft Defender for Endpoint logo

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is a comprehensive endpoint security platform designed to detect, and respond to security threats. The platform is cloud based which means it doesn’t require on-premise server deployment and leverages endpoint security sensors build into the operation system of each device; these sensors are continuously collecting data and reporting back to your personal cloud, defender Endpoint Protection analyses the code and determines potential threats. If a breach does occur, the platform enables the user to quickly and easily remove the threats before it can cause any damage. Microsoft Defender for Endpoint was formally called Windows Defender Advanced Threat Protection or WDATP.

Microsoft Defender for Endpoint provides layered security protection, please see below for the seven main features the platform has to offer, some of which include:

Microsoft Defender for Endpoint integrates with the Security Center Enterprise Protection model and modules. Being a full cloud based architecture ensures a robust and scalable endpoint security solution with deep insight with minimal endpoint impact.

The integration provides visibility to both client and Window server endpoints and associated malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.

defender endpoint protection

Microsoft EDR

Endpoint Detection and Response (EDR)

This element is used for host visibility and the ability to identify advanced threats that may have made it past the first two security layers. Microsoft Defender EDR detects attacks in real-time and provides IT and the ConnectDS security analysts with actionable alerts.

Microsoft Defender for Endpoint Threat and Vulnerability Management

Threat & Vulnerability Management

Microsoft Defender for Endpoint has real-time insights into changes in patches, installations/uninstallations. Defender for endpoint includes the threat and vulnerability management platform and can discover known security vulnerabilities or missing security patches and provide the visibility required for vulnerability management and to feedback into your patch management program and a focus to remediate these recommendations.

Microsoft Threat Experts

Microsoft Threat Experts

The managed threat hunting service comes with two components. Targeted attack notifications provide special insights and analysis that help to identify and respond to the most critical threats quickly and accurately. It also comes with Microsoft threat experts on demand who can provide you with a technical consultation.

Microsoft Securescore

Attack Surface Reduction

It’s possible to minimise areas where cyber threats could attack our defences by putting specific controls in place; these will act as a first line of defence. An example of this is marking applications as trusted to run, rather than allowing them to be run by default.

NGAV Microsoft Defender for Endpoint

Next Generation Protection

Microsoft Defender Antivirus is a next generation protection component that combines big data analysis, machine learning, in-depth threat research and the Microsoft cloud infrastructure to protect devices. It uses behaviour monitoring characteristics and real-time threat protection to detect and block malicious threats almost instantly.

Microsoft Defender for Endpoint Incidents Log

Auto Investigation & Remediation

The AI built into the Microsoft Defender uses advanced inspection algorithms that an analyst would use to investigate and remediate threats; they are automatic capabilities that help reduce the volume of alerts in minutes.

Microsoft Defender for Endpoint Device Inventory

Device Inventory

Microsoft Defender for Endpoint provides comprehensive device inventory and visibility of device risks, operating systems, domain connectivity, health status, and exposure levels.
Microsoft Defender for Endpoint Threat Analytics

Microsoft Defender for Endpoint integrates with the Security Center Enterprise Protection model and modules. Being a full cloud based architecture ensures a robust and scalable endpoint security solution with deep insight with minimal endpoint impact.

The integration provides visibility to both client and Window server endpoints and associated malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. Microsoft Defender for Endpoint can be easily integrated with other Microsoft logs into Microsoft Azure Sentinel to provide host visibility, correlation and advanced analytics with other enterprise security logs – speak to our team about how our team can architect a fully managed SOC solution to protect your business.

Frequently asked questions about Microsoft Defender for Endpoint

No – Microsoft DfE/D4E is a commercial security platform that is licensed as a standalone product or included as part of a Microsoft E5 package. Defender for Endpoint leverages deep insight on endpoint systems and a cloud architecture to harden systems and reduce the attack services and uses heuristic and behavioural engines for next generation threat detection and prevention – and automated response in terms of automated remediation and system isolation.

Microsoft Defender for Endpoint is a comprehensive security platform that includes is a includes a next generation anti-virus program. The Next Gen AV and real time protection works as a preventative measure in addition to deep endpoint visibility and the ability to detect and respond to advanced threats.

Defender anti-virus is an anti-malware component included included as part of Windows 10.

Microsoft Defender ATP, now known as Microsoft Defender for Endpoint, is a paid-for business solution that provides a suite of high-grade cyber security protection and host visibility.

The Microsoft 365 E5 package includes the Microsoft Defender for endpoint costs at £48.10 per user per month. D4E can also be purchased as a standalone application, or delivered as a fully managed Defender for Endpoint solution managed by the ConnectDS security operations team, further detail on pricing can be obstained here

Microsoft Defender for endpoint can be accessed by the Microsoft Defender Security Centre – also available from the following LINK

Find out more

If you want to find out more about Microsoft Defender for Endpoint and it’s comprehensive endpoint security capabilities reach out to our team who can assist – give us a call or complete our contact form.

TALK TO OUR TEAM
crown-commercial-service-logo
cyber exchange member logo
Cyber Essentials logo
CISP logo
IASME logo

SIGN UP TO OUR NEWSLETTER

Sign up to our email newsletter – opt out at anytime – view our Privacy Policy.