Introduction to Microsoft Defender for Endpoint

  • 14 minutes

Microsoft Defender for Endpoint is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats on their endpoints.

Microsoft Defender for Endpoint uses the following combination of technologies built into Windows 10 (and newer operating systems) and Microsoft's cloud service:

  • Endpoint behavioral sensors. Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system. The sensors send the data to your private, isolated cloud instance of Microsoft Defender for Endpoint.
  • Cloud security analytics. Uses big data, machine learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
  • Threat intelligence. Generated by Microsoft hunters and security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Microsoft Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when these tools are observed in collected sensor data.

Microsoft Defender for Endpoint configuration.

The following capabilities are enabled with Microsoft Defender for Endpoint:

  • Core Defender Vulnerability Management Built-in core vulnerability management capabilities use a modern risk-based approach to the discovery, assessment, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
  • The attack surface reduction set of capabilities provides the first line of defense in the stack. By ensuring configuration settings are properly set when exploit mitigation techniques are applied, the capabilities resist attacks and exploitation.
  • Next-generation protection uses machine learning and deep analysis to further reinforce the security perimeter of your network.
  • Endpoint detection and response monitors behaviors and attacker techniques to detect and respond to advanced attacks.
  • Automated investigation and remediation capabilities help reduce the volume of alerts in minutes.
  • Microsoft threat experts bring deep knowledge and proactive threat hunting to your security operations Center.