Top 5 Features of Microsoft Defender for Endpoint

May 6th, 2021

By Edin Ilijazi, Technical Consultant – Cyber Security, Quorum

Microsoft Defender for Endpoint is more than just about preventing malware. While it does provide best-in-class protection at detecting and preventing threats, it also offers many powerful features that make it an essential endpoint security solution.

With the traditional boundaries of work and corporate networks having largely eroded, Microsoft Defender for Endpoint refocuses security on the endpoint. By having the controls to secure and harden your endpoints implemented through Defender, your devices are protected wherever they are, and whichever network they connect to. And by providing greater visibility and insights into the state of your endpoint security, you can be proactive and address the security issues most important to your organisation.

Here are my top 5 features of Microsoft Defender for Endpoint.

1. Application Guard

Most threats and breaches continue to come from traditional sources such as phishing websites and malware disguised as “benign” Office documents.  Getting on the front line and stopping these threats from getting in is critical.  Microsoft Defender for Endpoint Application Guard can give you additional protection against these types of threats.

By defining trusted networks and domains, you can force any websites and Office documents opened from an untrusted location to be opened in an isolated “Hyper-V” container.  As a result, any potential threats are contained and prevented from attacking or compromising the host system.  You can also control other actions within the container such as restricting copy-and-paste or printing, as well as extending the capabilities to third-party browsers using an extension.

2. Threat & Vulnerability Management

Defender for Endpoint is your key to gaining more visibility across your endpoint fleet. It provides a great set of tools and information to get you up to speed with your endpoint security landscape.  This enables you to get on the front foot and prevent threats by closing vulnerabilities and implementing controls to harden your devices.

The Exposure Score lets you know how you currently stand against known and emerging threats, while the Secure Score outlines your  security posture by comparing the configured security controls against Microsoft recommended baselines. The best part though is the security recommendations. These give you a prioritised list of recommendations with actionable next steps that are specific to your organisation.  These specific next steps are aimed at helping you reduce your exposure and close your “attack surface” as quickly as possible. You can even assign remediation tasks across your team to monitor and track progress.

3. Network and Web protection

Defender for Endpoint provides network protection as well as Web threat protection and Web content filtering to give your devices protection against Web based threats as well as malicious network connections through any application. In a hybrid workforce, having these capabilities at the device level through Windows Defender not only enhances security by providing protection no matter which network connection is being used, but may also provide an opportunity to save money by reducing or removing existing Web proxy or content filtering solutions.

4. Microsoft Threat Experts

When it comes to responding to threats, Defender for Endpoint provides several powerful ways to get the job done.

For the majority of attacks, automated investigations will likely take care of everything for you.  Automated investigations are a security team’s best friend.  Think of them as a checklist of tasks performed as part of a threat investigation, all automated and completed in a matter of moments.

However, with the rise in more sophisticated threats, and attacks that can lay dormant in the environment and evade detection, you can get in touch with the Microsoft security team for assistance. Microsoft Threat Experts can become an extension of your team by providing a managed threat hunting service called Targeted Attack Notification.  Targeted Attack Notification proactively hunts and investigates for threats and attacks across your environment.  You can also reach out to security experts at Microsoft on-demand to help you get to the bottom of an alert or some suspicious behaviour that may have been detected.

5. Microsoft Stack Integration

Having Defender for Endpoint in an organisation can enable additional capabilities and improve security even further through integration with other Microsoft products.  Simply by having Defender for Endpoint running we can get much richer telemetry and threat monitoring across our environment as Microsoft security services hunt and investigate threats across users, devices, apps, and data.

By combining Defender for Endpoint in device compliance policies in Endpoint Manager, we can enhance our Zero Trust posture by enforcing access restrictions on devices with outdated or inactive endpoint protection, or by reporting a high-risk level based on the evaluation from Defender.  Microsoft Cloud App Security can take advantage of Defender for Endpoint to monitor cloud app usage and restrict access using the Unsanctioned Apps feature.  And to add to that, by using Defender in Microsoft Information Protection, we can detect sensitive data stored on endpoints.

So those are my top 5 features for Microsoft Defender for Endpoint.  Thoughts?  Or anything I missed that you’d like to add?  I’d love to continue the conversation!  Find me on LinkedIn and let’s discuss your Zero Trust posture.

Stay protected,

Edin