Microsoft Defender for Endpoint is a security solution designed to protect devices from cyber threats. Businesses can use it to protect their desktops, laptops and mobile devices, such as phones and tablets.
Defender for Endpoint comes in 2 plans.
MDE Plan 1 is a simple and effective Antivirus solution that is designed for endpoint security.
MDE Plan 2 is Microsoft’s full EDR (Endpoint Detection & Response) solution.
Key features of Defender for Endpoint Plan 1
Let’s look at the key features of plan 1 and see how this tool can product your environment from attacks.
Next Generation protection – Defender includes antivirus and antimalware protection, much like traditional antivirus solutions. But there are a few key features that are included.
- Real-time Antivirus protection – Defender continuously scans files and processes that are running, monitoring behavior and delivering the ability to catch a threat in real-time. In years past viruses would only be caught when a virus scan was run. Now this is done automatically.
- Behavior-Based and Heuristic protection – Defender can stop threats when risky behaviors are being carried out. If you are being attacked by a brand new attack that hasn’t been seen before, MDE can spot that this malware is engaging in risky behavior, shut it down and contain it.
There are many ways that attackers can get into your network. Attack Surface Reduction rules are designed to reduce the number of paths that attackers can use to get into a system. If the common entry points are closed off, some attacks will never get to the point where defender would detect them.
There are around 15 different ASR rules. As an example, office applications can be blocked from creating child processes. Javascript can be blocked from launching downloaded content. Untrusted and unsigned processes running from USB drives can be blocked. By reducing pathways that many attacks originate from, Microsoft is reducing the attack surface.
Device Control
Device Control is a feature of Defender that can block files from all USB drives or removable devices. If this feature is enabled, a disgruntled employee or attacker that has gotten their way to a machine cannot load malware onto a machine with a USB stick, as that access can be completely blocked.
Web Protection
Defender’s web protection is a feature that includes content filtering and web threat protection. This allows you to secure your environment against threats from the web and keep your users from accessing unwanted content. Built into defender are Web protection “cards” that give you visibility into all the web threats that affect your company.
You can investigate web-related threats, look at specific URL’s, and find devices that access these URL’s. You can access trends regarding users accessing websites that are unwanted for your org.
Content filtering is a technology you’re likely familiar with. Users can be prevented from accessing websites in specific categories. You can also use policies to give users differing levels of internet access.
Who Should Use Defender for Endpoint Plan 1
MDE plan 1 can be an effective solution for businesses that want a simple solution to protect their endpoint devices. This program provides a strong and proactive security that can meet the needs of many businesses.
However, plan 1 is just an AV, it’s not a full EDR. In today’s modern world, an EDR is becoming more essential. If you can afford it, we highly recommend that you look to upgrade to Defender plan 2, which is Microsoft’s full EDR solution.
Next we’ll take a look at the features of Defender for Endpoint plan 2.