Cyber Security Microsoft Microsoft 365 Defender

What is Microsoft Defender for Endpoint? An Introduction

Learn the functions, features and benefits of Microsoft's best-in-class endpoint security software, Microsoft Defender for Endpoint.

Microsoft Defender for Endpoint (MDE) is a security solution for end-user devices. (Okay, there’s a server version too, but we will do a separate blog about that). MDE protects devices within your company’s network, and is used to protect, detect, investigate, and respond to cyber security threats.

In layman’s terms, you can think of Microsoft Defender for Endpoint as a “souped up” Anti-Virus tool which falls into a category now called “EDR”- Endpoint Detection and Response. If you don’t already have an EDR product and “just” a legacy Anti-Virus, it’s a significant improvement you can make to your security.

Read on to gain a better understanding of what Microsoft Defender for Endpoint is. How it is used and how it can benefit your business.

Microsoft Defender Antivirus (MDA) vs. Microsoft Defender for Endpoint (MDE)

If you own a Microsoft device for either personal or work use, you’ve probably come across Microsoft Defender Antivirus (MDA) software. This antivirus software comes free with most Windows devices. Although sharing the Defender title, this is a separate piece of software to Microsoft Defender for Endpoint (MDE).

The main differences lie in the scale and advanced capabilities of the ‘full’ Defender for Endpoint product and the intelligence that lies beneath! Whereas MDA is commonly used to protect one individual device, MDE has the capabilities to protect, detect, investigate, and respond to cyber threats across an entire network of endpoints.

What is an Endpoint?

An endpoint is a physical device which connects to a larger network of devices. Examples of endpoints, which could connect to your company network, include:

  • Desktops
  • Mobile Devices
  • Tablets
  • Servers
  • Laptops
  • IoT (Internet of Things) Devices

These physical devices are the endpoint of a network. Cyber criminals often identify endpoints as places of vulnerability when attempting to access private networks. Without significant protection, endpoints are exploited to impose malware and steal corporate data.

The different endpoints/devices protected by Microsoft Defender for Endpoint.

What Does Microsoft Defender for Endpoint Do?

It would prove impossible to install and maintain separate security software on each individual endpoint within your company’s network. This is where Microsoft Defender for Endpoint comes in.

MDE is a holistic cloud-based endpoint security solution. Utilising the in-built security technologies within Microsoft devices, MDE prevents, detects, investigates, and responds to cyber security threats.  

This means, MDE protects all the physical devices which connect to and exchanges information with your company’s network.

Defender for Endpoint provides a centralised security dashboard from which the security of all the devices within your network can be monitored and from where personalised defence protocols can be implemented.

Defender is capable of being integrated with a whole host of Microsoft products, such as:

  • Microsoft Defender
  • Microsoft Sentinel
  • Microsoft Intune
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Identity
  • Microsoft Defender for Office

These integrating capabilities allow Microsoft Defender for Endpoint to provide a thorough and comprehensive cyber security solution.

Key Benefits for Businesses

The protection of your company’s network and endpoints is the most significant benefit MDE provides. Some other key benefits include:

Secure Score

You may have heard of the Microsoft ‘Secure Score’ before. This is an aggregated score, based on certain tenant configurations that range across four main categories: Identity, Data, Device, and Apps.

This score ranks the collective active security settings within your network against the benchmark industry standards and best practices. MDE falls into the category for ‘Devices’ and licensing your tenant with MDE unlocks the advanced recommendation actions for that category.

Threat and Vulnerability Management

Threat and Vulnerability Management (TVM) provides you with additional insights into your organisations device exposure to current, global, and similar industry threats.

TVM breaks down the secure score recommendations for devices and surfaces them in conjunction with known threats and Indicators of Compromise (IoCs) that have been fed into the industry leading, Microsoft managed threat feed, Microsoft Threat Intelligence.

Defence in Depth

In today’s digital world, it’s important to have a ‘defence in depth’ strategy. Ideally one that aligns with the Zero Trust framework. Being a Microsoft solution Defender for Endpoint follows this methodology.

By allowing administrators to implement the principal of ‘least trust’ through the use of RBAC (Role Based Access Control) you ensure that your administrators and security analysts only have access to the data they need, to carry out their roles.

Cloud Driven

As MDE is a cloud-based solution, there is no need for you to invest in additional on-site infrastructure, helping you keep costs low and provides less management overhead.

With the inclusion of behaviour monitoring and cloud protection, MDE can stay up to date and provides near real-time remediation of threats. This is something that traditional signature based anti-virus cannot do

AI and Automation

Using Microsoft Threat Intelligence and AI trained by a team of over 3500 global security experts, Microsoft has developed a security solution, with MDE, that has the capabilities to leverage AI to examine security alerts and take automated action.

MDE’s AI and automation capabilities drastically reduces the number of IT alerts that your IT team are required to review and respond to. This can maximise your security investments and significantly improve SOC efficiency.

How to Get Microsoft Defender for Endpoint

MDE is now included, for a very reasonable price, in the Microsoft 365 Business Premium plan. Otherwise, it can be bought individually with two plans available.

Plan 1 provides core endpoint protection capabilities such as Attack Surface Reduction, Manual Response Actions, Centralised Management, Security Reports and APIs.

Plan 2 provides all of MDE P1 capabilities as well as additional capabilities such as: Endpoint Detection and Response, Advanced Hunting, Threat Analytics, Automated Investigation and Response. (And many more)

As previously mentioned, all of these capabilities come with the Microsoft 365 Business Premium. Adopting these software should be an essential part of every company’s security ‘roadmap’.

For implementation support, further adoption or a no obligation review of your Microsoft infrastructure, get in touch with the experts here at Vital.