Azure-Security-Center on Ru Campbell MVP

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS

Fri, 16 Feb 2024 17:13:38 +0000

Finally, it’s time for a refresh. It’s been a while! Due to personal circumstances, I haven’t been able to keep the Ultimate Comparison of MDE by OS updated. I’ve had time to dive into the changes since v5 and it’s really been amazing to see MDE grow in scope.

What is MDE and why do we need an ‘ultimate comparison’?

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrates with the broader Microsoft Defender XDR and is available for almost any OS you’ll find in an enterprise. This cross-platform nature of MDE makes it difficult to understand and track what features and capabilities are available on each OS. It’s not always intuitive, and you may be in for some surprises. Hence by I began the Ultimate Comparison of Defender for Endpoint Features by OS up to date to keep you aware of what you’re getting and what you need to go start implementing if you haven’t already.

[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS

Sun, 19 Feb 2023 15:46:12 +0000

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrates with Microsoft 365 Defender (the broader XDR platform) and is available for almost any OS you’ll find in an enterprise. This cross-platform nature of MDE makes it difficult to understand and track what features and capabilities are available on each OS. It’s not always intuitive, and you may be in for some surprises. I try to keep this Ultimate Comparison of Defender for Endpoint Features by OS up to date to keep you aware of what you’re getting and what you need to go start implementing if you haven’t already.

Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]

Fri, 26 Aug 2022 07:32:32 +0000

This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defender for Endpoint. This follows up on my March 2022 release of the comparison.

What’s new?

Now available in Excel format, which was the biggest request :)
Added the new Microsoft Defender Vulnerability Management capabilities (add-on license required)
Added macOS tamper protection support
Added macOS network and web protection
Added iOS and Android’s mobile network protection
Added Linux cloud-delivered protection support
Added Windows troubleshooting mode
Added macOS, iOS, and Android support for network indicators of compromise
Updated host firewall reporting supported OSs
Updated attack surface reduction (ASR) rule supported Windows and Windows Server versions
Updated block at first sight (BAFS) supported OSs (thanks Polle Vanhoof + Thomas Verheyden)
Updated Windows Server support for indicators of compromise (thanks Polle Vanhoof + Thomas Verheyden)
Removed preview references for the unified agent for Windows Server 2012 R2 and 2016

Obligatory disclaimers:

Security Hygiene, Azure Security Center, and Secure Score

Sun, 01 Aug 2021 16:17:21 +0000

The basics

Let’s start this article with some basic cybersecurity terminology. Security hygiene, or cyber hygiene, is a general term used to describe the ongoing practice of keeping your technology and IT estate in a healthy and protected state. The metaphor with physical hygiene is valid because we know with our bodies that there’s no such thing as “set it and forget it”: if we don’t maintain regular hygiene practices and exercise, we atrophy. It’s a continual effort comprised of daily discipline, habit, and ritual.