This product is becoming very popular among my customers specially when they’d purchased Microsoft 365 E5 LIcenses, but, let’s have a look how we can implement this technology in our business.
But first, What is Defender for EndPoint? It’s an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Also we can onboars servers and devices indepently to the service, which is great.
What is very cool, MDE is not only available for Windows, also for iOS, Linux and Android, so we can cover almost all the spectrum of corp devices.
And most important, Microsoft Defender for Endpoint integrates seamlessly into Microsoft Endpoint Manager. You only must activate the Intune integration ones during the initial setup and your reports will flow into MEM. This allows you create and configure Security baselines, which are pre-configured groups of Windows settings that help you apply the security settings that are recommended by the relevant security teams.
If you’re using an existing AV solution, you can check out the following guidelines to migrate to MDE:
- Migration process for Symantec: Migrate from Symantec to Microsoft Defender for Endpoint – Windows security | Microsoft Docs
- Migration process for McAfee: Migrate from McAfee to Microsoft Defender for Endpoint – Windows security | Microsoft Docs
What are the high level steps to implement Microsoft Defender for Endpoint?
- Initial Phase
- Purchase Defender for Endpoint
- Grant access to the portal (GA role, but check the following link https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/user-roles?view=o365-worldwide )
- If tou have an existing AV, decide if you want the two systems to coexist or not (there is a great matrix here: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide )
- Setup Phase
- Check Proxy configuration
- If you have an existing AV, configure Defender as an exclusion
- Onboard devices to MDE
- Run detection test
- Update MDE database
- Final Phase: Microsoft Defender also recommends activating different features in order to increase the security level of your desktops in the Security recommendations tab. In there, you can find multiple settings that you can directly enable and push into Intune when you set up the connection correctly to your Intune tenant environment. But for me the most important are:
- Configure Attack Surface Reduction Rules (ASR): help prevent actions that malware often abuses to compromise devices and networks ( https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction )
- Configure Controlled Folder Access (CFA): Feature that helps protect your documents and files from modification by suspicious or malicious apps ( https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access )
- Configure Smart Screen: protects against phishing or malware websites and applications, and the downloading of potentially malicious files ( https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview )
- Configure Tamper Protection: Bad actors like to disable your security features to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices, with tamper protection helps to prevent these kinds of things ( https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection )
If you want to know more, as always Microsoft Learn is the more technical and comprehensive approach to explain products than on normal Microsoft Docs Practice security administration – Learn | Microsoft Docs and don’t forget to visit the TechCommunity: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bd-p/MicrosoftDefenderATP
Lastly, remember, you can access to the M365 Defender portal at https://security.microsoft.com
Keep safe and get some fun!