[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS
Posted inMicrosoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS

Finally, it's time for a refresh.  It's been a while!  Due to personal circumstances, I haven't been able to keep the Ultimate Comparison of MDE by OS updated.  I've had time to dive into the changes since v5 and it's really been amazing to see MDE grow in scope.  What is MDE and why do we need an 'ultimate comparison'? Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint…
[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS
Posted inMicrosoft Defender Microsoft Defender XDR

[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities.  It integrates with Microsoft 365 Defender (the broader XDR platform) and is available for almost any OS you'll find in an enterprise.  This cross-platform nature of MDE makes it difficult to understand and track what features and capabilities are available on each OS.  It's not always intuitive, and you may be in for some surprises. …
Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]
Posted inMicrosoft Defender Microsoft Defender XDR

Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]

This is the updated "matrix" of OS supported for the almost 80 features, services, and important components that make up Microsoft Defender for Endpoint. This follows up on my March 2022 release of the comparison. What's new? Now available in Excel format, which was the biggest request :) Added the new Microsoft Defender Vulnerability Management capabilities (add-on license required) Added macOS tamper protection support Added macOS network and web protection Added iOS and Android's…
Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Endpoint Microsoft Defender XDR PowerShell

Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares

Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least using Microsoft Defender Antivirus (MDAV).  With no line of sight to the internet, you can use options such as WSUS, but in this blog, I'll explore using a network share, as WSUS isn't always an option. Set up the network share for updates 1. Create a directory on your file server…
Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy
Posted inGroup Policy Microsoft 365 Microsoft Defender Microsoft Defender for Endpoint Windows Windows Server

Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario.  The tools you use for Windows Server 2008 R2, for example, are different from the tools you use for Windows Server 2019, which are different from the tools you use for Windows 10, and so on. The common denominator behind most onboarding methods is internet connectivity.  Your device connects…
Understanding Application Guard for Office, Now Generally Available
Posted inApplication Guard Intune Microsoft 365 Microsoft Defender News Office 365 PowerShell Windows

Understanding Application Guard for Office, Now Generally Available

Application Guard first appeared in Windows 10 1709 ("Fall Creators Update") to isolate Edge browser activity within a Hyper V container.  Microsoft now extends that same idea to Word, Excel, and PowerPoint in Office 365 ProPlus Microsoft 365 Apps for Enterprise on Windows 10... ... if you have Microsoft 365 E5 or E5 Security.  You knew that was coming! With Application Guard for Office, your files can open in a sandbox without access local…
The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)
Posted inMicrosoft 365 Microsoft Defender Microsoft Defender for Cloud Apps Office 365

The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)

Microsoft Cloud App Security (MCAS), Redmond's cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-actively controlling your SaaS estate.  It includes tools such as reverse proxying to control sessions and sits inside the Microsoft Threat Protection stack alongside Defender ATP, Office 365 ATP, and Azure ATP.  MCAS started life as Adallom prior to Microsoft's acquisition of that company in 2015.  It's included in Microsoft 365 E5 and numerous other…