Microsoft Defender for Endpoint is a platform that helps business networks inspect, identify, prevent, and respond to advanced cyber threats. It protects enterprise endpoints from cyberattacks; identifies advanced attacks and data breaches, automates security alerts, and improves security state.
Microsoft Defender for Endpoint uses endpoint behavioral sensors, which are embedded in Windows 10. These sensors gather and process behavioral signals from the operating system (OS) and they send this information to your private, isolated, cloud instance of Microsoft Defender for Endpoint. Microsoft Defender for Endpoint also leverages threat intelligence to identify attack tools, procedures, and techniques, and it generates alerts once attacks are observed in collected sensor data.
Why Microsoft Defender for Endpoint is Important
Threat and Vulnerability Management
This in-built capability enables Microsoft Defender for Endpoint to discover, prioritize, and solve your endpoint vulnerabilities.
Attack Surface Detection
The attack surface reduction capabilities set configurations settings properly and they apply the exploit mitigation techniques. This protects enterprise endpoints from attacks and exploitation. The attack surface reduction capabilities also include network protection and web protection, which control access to malicious domains, URLs, and addresses.
Microsoft Defender for Endpoint further reinforces your network security by leveraging next-generation protection that detects all kinds of emerging threats.
Automation Investigation and Remediation
Along with responding quickly to advanced attacks, Microsoft Defender for Endpoint also investigates and responds to attacks automatically, which reduces the volume of alerts in minutes at scale.
Endpoint Detection and Response
This feature allows Microsoft Defender for Endpoint to detect, investigate, and respond to advanced threats that may have made it past the first two security phases. Microsoft Defender for Endpoint also offers advanced hunting, which allows for query-based threat-hunting that proactively finds security breaches and creates custom detections.
Microsoft Secure Score for Devices
This built-in capability enables you to check regularly on the security state of your business network, identify unprotected systems, and take recommended actions to improve the security of your company.
Integration with Microsoft Solutions
With Microsoft Defender for Endpoint you can integrate directly with other Microsoft solutions, including Intune, Office 365 ATP, Azure ATP, Azure Security Center, Microsoft Cloud App Security, and Skype for Business.
What Information does Microsoft Defender Advanced Threat Protection Collect?
Microsoft Defender for Endpoint collects and stores information from all your configured devices in a customer segregated tenant for administration, tracking, reporting purposes.
Data collected includes file data, process data, registry data, network connection data, and device details. It stores this data securely in Microsoft Azure, and it maintains it under Microsoft privacy practices and Microsoft Trust Center policies.
This information allows Microsoft Defender for Endpoint to:
- Proactively detect threat indicators in your company.
- Generate alerts once possible threats are detected.
- Allow your security providers to view devices, files, and URLs related to attack signals from your network, which allows you to investigate and explore security threats on the network.
But Microsoft doesn’t use your data for advertising.
You can choose the information retention policy for your data. This limits how long Microsoft Defender for Endpoint can store your data. You can choose a retention period of 1 month to six months based on your company’s regulatory compliance needs.