แก้ไข

แชร์ผ่าน


What's new in Microsoft Defender for Endpoint

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

The following features are in preview or generally available (GA) in the latest release of Microsoft Defender for Endpoint.

For more information on preview features, see Preview features.

For more information on what's new with Microsoft Defender for Endpoint on Windows, see: What's new in Microsoft Defender for Endpoint on Windows

For more information on what's new with other Microsoft Defender security products, see:

For more information on Microsoft Defender for Endpoint on specific operating systems:

August 2024

  • Network Protection feature is enabled by default in Microsoft Defender for Endpoint on Android. As a result, users will be able to see a network protection card in the Defender for Endpoint app, along with App Protection and Web Protection. Users are also required to provide location permission to complete the setup process. Admins can change the default value for network protection if they decide not to use it via the Intune App Configuration policies. This feature was already enabled by default earlier on Microsoft Defender for Endpoint on iOS. For more information, see network protection.

July 2024

  • (Preview) Monitor OT devices in the device inventory: You can now monitor OT devices in addition to IoT devices in the device inventory, as part of the integration with Microsoft Defender for IoT in the Defender portal. As part of this integration:
    • We've added the All devices tab and renamed the IoT devices tab to IoT/OT devices.
    • We've added the Device type, Device subtype, Vendor, Model, and Site filters and columns to the device inventory. Some of these filters are only visible on specific tabs, and only for customers with a Defender for IoT license. Learn more.
    • We've added the ability to search Mac devices and Mac addresses.
    • We've added a system tag that shows the production site name (read only), used for the Defender for IoT site security feature, as part of the device group.
    • If OT devices are discovered but a Defender for IoT license isn't set up, the device inventory displays partial data on the OT/IoT devices, and a message that indicates the number of unprotected OT devices. Learn more about the initial device inventory view with detected OT devices.
  • (GA) Learning hub resources have moved from the Microsoft Defender portal to learn.microsoft.com. Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the list of learning paths, and filter by product, role, level, and subject.

June 2024

May 2024

  • (GA) Microsoft Defender for Endpoint plug-in for Windows Subsystem for Linux (WSL) is now generally available (GA version - 1.24.522.2). The plug-in enables Defender for Endpoint to provide more visibility into all running WSL containers by plugging into the isolated subsystem.

  • (Preview) Turn preview options on in the main Microsoft 365 Defender settings together with other Microsoft 365 Defender preview features. Customers who aren't using preview features yet continue to see the legacy settings under Settings > Endpoints > Advanced features > Preview features. For more information, see Microsoft 365 Defender preview features.

  • (GA) Streamlined device connectivity for Defender for Endpoint is now generally available for Windows, macOS, and Linux. This experience makes it easier to configure and manage Defender for Endpoint services by reducing the number of URLs required for connectivity, providing IP & Azure service tag support, and simplifying post-deployment network management.

  • (GA) Microsoft Defender Core service is now generally available on Windows clients. Helps with the stability and performance of Microsoft Defender Antivirus.

April 2024

Microsoft Defender for Endpoint on macOS feature now in GA:

March 2024

February 2024

Attack Surface Reduction (ASR) Rules

Two new ASR rules are now in public preview:

Microsoft Defender for Endpoint on macOS features are in public preview:

January 2024

  • Defender Boxed is available for a limited period of time. Defender Boxed highlights your organization's security successes, improvements, and response actions during 2023. Take a moment to celebrate your organization's improvements in security posture, overall response to detected threats (manual and automatic), blocked emails, and more.

    • Defender Boxed opens automatically when you go to the Incidents page in the Microsoft Defender portal.
    • If you close Defender Boxed and you want to reopen it, in the Microsoft Defender portal, go to Incidents, and then select Your Defender Boxed.
    • Act quickly! Defender Boxed is available only for a short period of time.
  • (GA) User Contain can now contain compromised users automatically stopping Human Operated Ransomware in its track using Automatic Attack Disruption.

November 2023

October 2023

  • (GA) The device isolation and run antivirus scan responses in macOS and Linux are now generally available. You can now remotely run an AV scan or isolate devices when responding to attacks.
  • (Public Preview) Streamlined device connectivity for Defender for Endpoint is available in public preview for Windows, macOS, and Linux. This experience makes it easier to configure and manage Defender for Endpoint services by reducing the number of URLs required for connectivity, providing IP & Azure service tag support, and simplifying post-deployment network management.
  • (Public Preview) User Contain can now contain compromised users automatically stopping Human Operated Ransomware in its track using Automatic Attack Disruption.

September 2023

(GA) Protecting Dev Drive using performance mode is now generally available. The goal of Performance mode is to improve functional performance for developers who use Windows 11. Performance mode reduces the performance impact of Microsoft Defender Antivirus scans for files stored on designated Dev Drive.

August 2023

  • (GA) The Monthly security summary report is now generally available. The report helps organizations get a visual summary of key findings and overall preventative actions taken to enhance the organization's overall security posture completed in the last month.

July 2023

June 2023

  • Microsoft Defender Antivirus scan response action is supported for macOS and Linux for client version 101.98.84 and above. It is in preview. See Run Microsoft Defender Antivirus scan on devices.
  • Isolating devices from the network is supported for macOS for client version 101.98.84 and above. It is in preview. See Isolate devices from the network.
  • Forcibly releasing devices from isolation is now available for public preview. This new capability allows you to forcibly release devices from isolation, when isolated devices become unresponsive. For more information, see Forcibly release device from isolation.

May 2023

  • Performance mode for Microsoft Defender Antivirus is now available for public preview. This new capability provides asynchronous scanning on a Dev Drive, and doesn't change the security posture of your system drive or other drives. For more information, see Protecting Dev Drive using performance mode.

March 2023

February 2023

  • The Microsoft Defender for Identity integration toggle is now removed from the Microsoft Defender for Endpoint Settings > Advanced features page. Because Defender for Identity is now integrated with Microsoft Defender XDR, this toggle is no longer required. You don't need to manually configure integration between services. See What's new - Microsoft Defender for Identity.

January 2023

Prior to 2023

For information about features released prior to 2023, see Archive - What's new in Defender for Endpoint, December 2022 and earlier.