The Microsoft Defender for Endpoint Client Analyzer (MDECA) can be useful when diagnosing sensor health or reliability issues on onboarded devices running either Windows, Linux, or macOS. For example, you may want to run the analyzer on a machine that appears to be unhealthy according to the displayed sensor health status (Inactive, No Sensor Data or Impaired Communications) in […]
The Devices with sensor issues tile is found on the Security Operations dashboard. This tile provides information on the individual device’s ability to provide sensor data and communicate with the Defender for Endpoint service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues. There are two […]
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Tip Soon, Microsoft Defender for Endpoint will be available in two plans. This article describes the features and capabilities that are included in Microsoft Defender for Endpoint Plan 2. Learn more about Microsoft […]
Integrate with other Microsoft solutions Microsoft Defender for Endpoint directly integrates with various Microsoft solutions. Microsoft Defender for Cloud Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers. Microsoft Sentinel The Microsoft Defender for Endpoint connector lets you stream alerts from Microsoft Defender for […]
Partners can easily extend their existing security offerings on top of the open framework and a rich and complete set of APIs to build extensions and integrations with Defender for Endpoint. The APIs span functional areas including detection, management, response, vulnerabilities, and intelligence-wide range of use cases. Based on the use case and need, partners […]
Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. You’ll need to take the following configuration steps to enable the managed security service provider (MSSP) integration. Note The following terms are used in this […]
Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. Based on the roles and groups you create, you have fine-grained control over what users with access to the portal can see and do. Large geo-distributed security operations teams typically adopt a […]
Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. The support for third-party solutions helps to further streamline, integrate, and orchestrate defenses from other vendors with Microsoft Defender for Endpoint; enabling security teams to effectively respond better to modern threats. Microsoft Defender for Endpoint seamlessly […]
Ingest alerts using security information and events management (SIEM) tools Note Microsoft Defender for Endpoint Alert is composed from one or more suspicious or malicious events that occurred on the device and their related details. The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related […]
Stream Advanced Hunting events to Event Hubs and/or Azure storage account Microsoft Defender for Endpoint supports streaming events available through Advanced Hunting to an Event Hubs and/or Azure storage account. In this section IN THIS SECTION Topic Description Stream Microsoft Defender for Endpoint events to Azure Event Hubs Learn about enabling the streaming API in your tenant and configure Defender […]