Microsoft Defender for Endpoint

Formerly Microsoft Defender ATP

Network detection and response, Ai based modern ransome-ware definitions and end to end device security.

We utilize everything relates endpoint and network issues. The AI integration is actually my favorite component because it comes in handy in vulnerability scanning through scanning our networks and alert us Incase of any exposure. Remediation and blocking of advanced threats are also a plus.

We are using everything related to the endpoint and to network devices. We have installed Microsoft Defender for Endpoint on our desktops and laptops. We have also implemented the network vulnerability scanning functionality that scans our network appliances and alerts us of any vulnerabilities.

- We use Endpoint detection and response for proactive detection and remediation.
- Attack Surface Reduction helps us proactively block commonly used attack methods by malware (scripts).
- We use Microsoft Defender for Endpoint as a layered approach with other security tools.

Endpoint protection
Firewall
DLP

Antivirus and Malware protection are features we are using by have them installed in endpoint devices that associated with our users that are in M365 group, once the user is eligible for M365, we will install the application and remove the other antivirus (if any), which then will bring us to the step of allocating the other licenses to other users that are not in M365

We are using the following components / features of Microsoft Defender for Endpoint in our organization:
1. Centralised deployment of antivirus agent
2. Centralised monitoring of security alerts
3. Vulnerability management
4. Antivirus and anti malware
5. Integration with Microsoft Intune
6. Device control
7. Cyber attack surface reduction rules and policies

Admin portal : Enables endpoint monitoring, security incident identification, and response.
Endpoint Detection and Response (EDR) : Organizations can investigate security incidents, collect pertinent data, and implement the necessary remediation activities to eliminate and contain threats by using EDR capabilities.
Insider Threat Detection : Organizations worried about insider attacks or data exfiltration might benefit from the solution's ability to monitor and identify unusual user and endpoint actions.

1. Endpoint Detection and Response
2. Advanced Threat Protection
3. Attack Surface Reduction

EDR, Auto investigation & remediation Threat & Vulnerability Management Attack Service Reduction rules Secure Score for Devices Network Discovery. Basically, all features for clients are managed with Intune as MDM; Servers are managed with Azure Policy and GPO. Linux machines have custom scripting for deployment.

Endpoint Protection
Threat & Vulnerability Management
Intune Integration
Microsoft Defender Antivirus
Microsoft Defender SmartScreen
Attack Surface Reduction

Advanced threat detection, automated incidence response, integration, endpoint detection and response, and threat intelligence. All the features come together in investigation and response to threats enhancing the general security of our small organization.

Configuration Management, monitoring, Endpoint detection, incident reporting, vulnerability management, and email threat detection.

We are using the following features of Microsoft defender Unified security tools and centralized management.Next-generation antimalware. Attack surface reduction rules.Device control (such as USB)Endpoint firewall.Network protection.Web control/category-based URL blocking.Device-based conditional access.Controlled folder access APIs, SIEM connector, custom threat intelligence Application control and many more features.

Vulnerability management to identify issues and review recommendations. Configuration management and monitoring. Endpoint detection and response to identify potential threats and shut them down before the prove to be an issue. Incident reporting and root cause remediation research when issues are found. Email threat detection and response to protect end users from the ever growing issue of Phishing.

We use only feature of scanning all the files on the disks and the scanning of incoming files.

Threat Protection: Microsoft Defender for Endpoint provides real-time protection against a wide range of threats, including malware, viruses, ransomware, and phishing attacks. It uses advanced threat detection algorithms and machine learning to identify and block malicious activities.Endpoint Detection and Response (EDR): It offers EDR capabilities, allowing organizations to detect and respond to security incidents on their endpoints. This includes the ability to investigate and remediate threats, as well as gain insights into the scope and impact of an incident.Advanced Analytics: The product includes advanced analytics and reporting features that help security teams gain visibility into endpoint security posture. This can include dashboards, alerts, and reports to monitor and analyze security events.

Microsoft Defender for Endpoint-Microsoft's EPP and EDR offering primarily built into Windows 10 but has been ported to other operating systems such as Mac & Linux , For Mac they use Bitdefender as OEM & Linux for AV engine. We also use Threat experts for Microsoft's threat hunting services, which included in Microsoft Defender for Endpoint cost, while Threat expert on demand is paid service.

For our organization, we found the device inventory, which helps us to find discover, track, and manage our devices. Along with the log management is very useful; we can investigate what's happened. The management console is well done, useful, and helps in managing our environment. That's a great product.

The main components we are using are:

• Attack Surface Reduction (ASR).
• Next-generation Protection.
• Microsoft Secure Score for Devices.
• Automated Investigation and Remediation (AIR).

We are utilising a mix of P1 and P2 versions of Defender for Endpoint. The P2 version includes Endpoint Detection and Response as an extension, as well as automatic investigation adn remediation, making it a full competitor to other XDR tools on the market.

EDR, and ATP

Device Response Function: Perform AV ScanFile response functions: collect files, analyze in depth, block files, stop and quarantine programs

Currently we have deployed all features available to us, but mostly we use, at least on a day to day basis, the endpoint protection in the form of antivirus / antimalware protection. The anti-exploit feature is used and it is has been very eye opening to get reports of potential threats that have been stopped by it.