What’s new in Microsoft Defender for Endpoint

For more information on preview features, see Preview features.

https://docs.microsoft.com/api/search/rss?search=%22features+are+generally+available+%28GA%29+in+the+latest+release+of+Microsoft+Defender+for+Endpoint%22&locale=en-us&facet=

For more information on what’s new with other Microsoft Defender security products, see:

• What’s new in Microsoft 365 Defender
• What’s new in Microsoft Defender for Office 365
• What’s new in Microsoft Defender for Identity
• What’s new in Microsoft Cloud App Security

For more information on Microsoft Defender for Endpoint on other operating systems:

• What’s new in Defender for Endpoint on macOS
• What’s new in Defender for Endpoint on iOS
• What’s new in Defender for Endpoint on Linux

December 2021

• Threat and vulnerability management can help identify Log4j vulnerabilities in applications and components. Learn more.
• Discover IoT devices (preview): Device discovery now has the ability to help you find unmanaged IoT devices connected to your corporate network. This gives you a single unified view of your IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile).
• Microsoft Defender for IoT integration (preview): This integration enhances your device discovery capabilities with the agentless monitoring capabilities provided by Microsoft Defender for IoT. This provides increased visibility to help locate, identify, and secure the IoT devices in your network.

November 2021

• Security configuration management
  A capability for devices that aren’t managed by a Microsoft Endpoint Manager, either Microsoft Intune or Microsoft Endpoint Configuration Manager, to receive security configurations for Microsoft Defender directly from Endpoint Manager.
• Enhancements to cross-platform support.

October 2021

• Updated onboarding and feature parity for Windows Server 2012 R2 and Windows Server 2016 (preview)
  The new unified solution package makes it easier to onboard servers by removing dependencies and installation steps. In addition, this unified solution package comes with many new feature improvements.
• Windows 11 support added to Microsoft Defender for Endpoint and Microsoft 365 Defender.

September 2021

• Web content filtering
  As part of web protection capabilities in Microsoft Defender for Endpoint, web content filtering enables your organization’s security team to track and regulate access to websites based on their content categories. Categories include adult content, high bandwidth, legal liability, leisure, and uncategorized. Although many websites that fall into one or more of these categories might not be malicious, they could be problematic because of compliance regulations, bandwidth usage, or other concerns. Learn more about web content filtering.

August 2021

• (Preview) Microsoft Defender for Endpoint Plan 1
  Defender for Endpoint Plan 1 (preview) is an endpoint protection solution that includes next-generation protection, attack surface reduction, centralized management and reporting, and APIs. Defender for Endpoint Plan 1 (preview) is a new offering for customers who want to try our endpoint protection capabilities, have Microsoft 365 E3, and do not yet have Microsoft 365 E5.

  To learn more, see Microsoft Defender for Endpoint Plan 1 (preview). Existing Defender for Endpoint capabilities will be known as Defender for Endpoint Plan 2.

• (Preview) Web Content Filtering
  Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.

July 2021

• (Preview) Device health and compliance report
  The device health and compliance report provides high-level information about the devices in your organization.

June 2021

• Delta export software vulnerabilities assessment API
  An addition to the Export assessments of vulnerabilities and secure configurations API collection.
  Unlike the full software vulnerabilities assessment (JSON response) – which is used to obtain an entire snapshot of the software vulnerabilities assessment of your organization by device – the delta export API call is used to fetch only the changes that have happened between a selected date and the current date (the “delta” API call). Instead of getting a full export with a large amount of data every time, you’ll only get specific information on new, fixed, and updated vulnerabilities. Delta export API call can also be used to calculate different KPIs such as “how many vulnerabilities were fixed” or “how many new vulnerabilities were added to an organization.”
• Export assessments of vulnerabilities and secure configurations API
  Adds a collection of APIs that pull threat and vulnerability management data on a per-device basis. There are different API calls to get different types of data: secure configuration assessment, software inventory assessment, and software vulnerabilities assessment. Each API call contains the requisite data for devices in your organization.
• Remediation activity API
  Adds a collection of APIs with responses that contain threat and vulnerability management remediation activities that have been created in your tenant. Response information types include one remediation activity by ID, all remediation activities, and exposed devices of one remediation activity.
• Device discovery
  Helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome process changes. Using onboarded devices, you can find unmanaged devices in your network and assess vulnerabilities and risks. You can then onboard discovered devices to reduce risks associated with having unmanaged endpoints in your network.

   Important

  Standard discovery will be the default mode for all customers starting July 19, 2021. You can choose to retain the basic mode through the settings page.

• Device group definitions can now include multiple values for each condition. You can set multiple tags, device names, and domains to the definition of a single device group.
• Mobile Application management support
  This enhancement enables Microsoft Defender for Endpoint protect an organization’s data within a managed application when Intune is being used to manage mobile applications. For more information about mobile application management, see this documentation.
• Microsoft Tunnel VPN integration
  Microsoft Tunnel VPN capabilities is now integrated with Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app – offering both mobile threat defense and the ability to access on-prem resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
• Jailbreak detection on iOS
  Jailbreak detection capability in Microsoft Defender for Endpoint on iOS is now generally available. This adds to the phishing protection that already exists. For more information, see Setup Conditional Access Policy based on device risk signals.

March 2021

• Manage tamper protection using the Microsoft Defender Security Center
  You can manage tamper protection settings on Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server 2022 by using a method called tenant attach.

January 2021

• Windows Virtual Desktop
  Microsoft Defender for Endpoint now adds support for Windows Virtual Desktop.