[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS
Posted inMicrosoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS

Finally, it's time for a refresh.  It's been a while!  Due to personal circumstances, I haven't been able to keep the Ultimate Comparison of MDE by OS updated.  I've had time to dive into the changes since v5 and it's really been amazing to see MDE grow in scope.  What is MDE and why do we need an 'ultimate comparison'? Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint…
Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series
Posted inMicrosoft Defender for Cloud Microsoft Defender for Endpoint Microsoft Defender Vulnerability Management Microsoft Defender XDR

Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series

Microsoft Defender Vulnerability Management (MDVM) is an often overlooked service that can be licensed standalone or is included in other Microsoft Defender licenses. In my experience, I've never seen it licensed standalone, but customers with Defender for Endpoint (MDE) P2, Defender for Servers  (MDS) P1, and Defender for Business (MDB) benefit from it's core capabilities.  In addition to the core capabilities, add-on capabilities are available in the standalone license, Defender for Servers P2, or as…
Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR

Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to configure endpoint settings. In this blog, we'll look at what that change is, why it was necessary, initial impressions, and what you might want to do next. Historic management architecture needed simplifying MDE (and it's Windows client, Microsoft Defender Antivirus (MDAV)) always stood out from the crowd of endpoint…
Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System
Posted inMicrosoft 365 Microsoft Defender for Endpoint Microsoft Defender XDR Windows

Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System

It's been about 5 months since I last updated my comparison of Defender for Endpoint features by OS.  This is a "matrix" of the tons of features, services, and important components that make up Microsoft Defender for Endpoint. Three months later, it's overdue an update.  So here it is :)  I've also decided to rename it to The Ultimate Comparison of MDE Features by OS... because renaming's what we do, right? Changes include but…
Updated October 2021: Availability of Defender for Endpoint Features by Operating System
Posted inMicrosoft 365 Microsoft Defender for Endpoint Microsoft Defender XDR Windows

Updated October 2021: Availability of Defender for Endpoint Features by Operating System

In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS).  This was a "matrix" of the tons of features, services, and important components that make up Microsoft Defender for Endpoint. Three months later, it's overdue an update.  So here it is :) The headline news is that, in preview anyway, there's a bunch of additions to Windows Server 2012…
The Big Comparison of Defender for Endpoint Features by Operating System
Posted inMicrosoft 365 Microsoft Defender for Endpoint Microsoft Defender XDR Windows

The Big Comparison of Defender for Endpoint Features by Operating System

Microsoft Defender for Endpoint (MDE) is a massive platform.  It's not a single product, and it's more than just a service.  It's a platform of tons of security features, portals, services, and controls.  The more you dig in, the more elements of general Microsoft security have been included in the MDE "branding".  It's not only endpoint detection and response (EDR), but also Windows 10 security settings.  It's not just the security software on the…
Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR PowerShell

Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares

Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least using Microsoft Defender Antivirus (MDAV).  With no line of sight to the internet, you can use options such as WSUS, but in this blog, I'll explore using a network share, as WSUS isn't always an option. Set up the network share for updates 1. Create a directory on your file server…
Microsoft Defender Network Protection – Not Enabling via Intune – Troubleshooting & Fix
Posted inIntune Microsoft 365 Microsoft Defender for Endpoint Microsoft Intune SmartScreen/Network Protection

Microsoft Defender Network Protection – Not Enabling via Intune – Troubleshooting & Fix

When configuring Defender for Endpoint (MDE) customer recently, I ran into a problem when trying to enable network protection.  Network protection is a feature of MDE and Microsoft Defender Antivirus (MDAV) that takes the filtering capabilities of SmartScreen and applies them to all network traffic.  It is a prerequisite for things such as MDE's web content filtering and URL/domain indicators of compromise. This blog details the specific problem I had enabling it with Intune…
Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy
Posted inGroup Policy Microsoft 365 Microsoft Defender Microsoft Defender for Endpoint Windows Windows Server

Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario.  The tools you use for Windows Server 2008 R2, for example, are different from the tools you use for Windows Server 2019, which are different from the tools you use for Windows 10, and so on. The common denominator behind most onboarding methods is internet connectivity.  Your device connects…
Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups
Posted inIntune Microsoft 365 Microsoft Defender for Endpoint

Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups

In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a device group.  Device groups (previously machine groups), are used to assign devices different rules and administrative ownership.  A device can only belong to one group and controls settings such as auto-remediation level and which Role-Based Access Control (RBAC) roles have administrative permissions over it. While you can assign tags,…