Explore Microsoft Defender for Endpoint

Completed

Microsoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Unlike Microsoft Defender, which is available on each Windows computer and managed by Group Policy or Intune, Microsoft Defender for Endpoint is a whole new platform that helps administrators enhance security and establish centralized security control over both cloud and on-premises resources. Although Microsoft Defender for Endpoint shares the same name as Microsoft Defender in Windows, these aren't the same products. Administrators can use Microsoft Defender for Endpoint to monitor Microsoft Defender functionalities on local Windows clients to maintain consistent configuration and an acceptable security level. However, besides this, Microsoft Defender for Endpoint can also integrate with Microsoft 365 Threat Intelligence, Cloud App Security, Azure ATP, and Intune. It can also detect potentially harmful content in Skype for Business communications.

Microsoft Defender for Endpoint uses the following combination of technologies built into Windows and Microsoft's cloud service:

• Endpoint behavioral sensors: Embedded in Windows, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
• Cloud security analytics: Using big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Microsoft 365), and online assets - behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
• Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.

These technologies, combined together, provide efficient proactive monitoring of what happens on your client machines, servers and network. They perform automated investigations on well-known incidents and provide some actions even before an administrator is alerted.

The main console for Microsoft Defender for Endpoint is the Microsoft 365 Security Center. Enterprise security teams can use Microsoft 365 Security Center to monitor and help responding to alerts of potential advanced persistent threat (APT) activity or data breaches.

You can use Microsoft 365 Security Center to:

• View, sort, and triage alerts from your endpoints.
• Search for more information on observed indicators such as files and IP addresses.
• Change Microsoft Defender for Endpoint settings, including time zone and review licensing information.