Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Want to experience Microsoft Defender for Endpoint? Sign up for a free trial. Microsoft has partnered with Corelight, provider of the industry’s leading open network detection and […]
Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Want to experience Microsoft Defender for Endpoint? Sign up for a free trial. Microsoft Defender for Endpoint can now integrate with Microsoft Defender for IoT. This […]
Discovery can be configured to be on standard or basic mode. Use the standard option to actively find devices in your network, which will better guarantee the discovery of endpoints and provide richer device classification. You can customize the list of devices that are used to perform standard discovery. You can either enable standard discovery […]
Protecting your environment requires taking inventory of the devices that are in your network. However, mapping devices in a network can often be expensive, challenging, and time-consuming. Microsoft Defender for Endpoint provides a device discovery capability that helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome […]
Use advanced hunting to find devices with vulnerabilities Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats. Learn more […]
The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. Access the report in the Microsoft 365 Defender portal by going to Reports > Vulnerable devices There are two columns: Trends (over time). Can show the past […]
Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization through new vulnerabilities or exploits. You can view events that may impact your organization’s risk. For example, you can find new vulnerabilities that were introduced, vulnerabilities that became exploitable, exploit that was added to an exploit kit, […]
Important Threat and vulnerability management can help identify Log4j vulnerabilities in applications and components. Learn more. Threat and vulnerability management uses the same signals in Defender for Endpoint’s endpoint protection to scan and detect vulnerabilities. The Weaknesses page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. You can […]
The software inventory in threat and vulnerability management is a list of known software in your organization with official Common Platform Enumerations (CPE). Software products without an official CPE don’t have vulnerabilities published. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. How it works […]
A zero-day vulnerability is a flaw in software for which no official patch or security update has been released. A software vendor may or may not be aware of the vulnerability, and no public information about this risk is available. Zero-day vulnerabilities often have high severity levels and are actively exploited. Threat and vulnerability management […]