Paul, Ian, and I just finished publishing the second edition of MDE In Depth, so to coincide, I’ve refreshed the comparison of MDE features and capabilities by OS type. Long overdue.

At the same time, I’ve migrated my blog from Bluehost + WordPress to a Hugo static site hosted on Azure Static Web Apps. GitHub Copilot made this so straight forward.

One of the nice side effects of moving to this platform (and leveraging GitHub Copilot) is I could finally turn the comparison into something web-based that’s easier to keep updated, nicer to use than Excel/PDFs, and (soon) easier for folks to report corrections against.

Basically, it’s just an .md file now! It was built with their help, and this also means you can get AI tools to reference it easier too.

You can find the updated MDE feature comparison by OS here: (and check out the changelog here!)

On the book side, MDE In Depth, 2nd Edition can now be puchased! Check it out at either of these links or your local favourite:

MDE In Depth 2nd Edition cover

A few notes before the changelog

As usual, best efforts have been taken to keep it accurate, but Microsoft doesn’t exactly make this easy. The documentation is spread across multiple places, sometimes uses different terminology for what is basically the same thing, and occasionally seems to trail reality. I also have to contend with being in different private previews, trying to remember what I can/can’t talk about, etc. So yeah… there’s all my excuses: you shouldn’t expect absolute perfection from this. I try to be conservative, reflect what Microsoft documents, and where there are conflicts I would rather under-claim than over-claim.

Feedback is always welcome (actually: craved). If you spot something wrong, something newly added, or something I’ve worded badly, I’d love to hear it. I’m also looking at how to make that easier so people can eventually suggest fixes natively through GitHub rather than having to ping me some other way.

Full changelog

  • Moved the comparison from an Excel file to an .md file so you can access it as a web page, and work better with AI tools.
  • Added licensing of MDE P1, P2, or Defender for Business. There was no licensing info previously. The dark arts!
  • Added the Defender deployment tool (it’s awesome).
  • Added current support notes for x64 requirement on Windows 7 SP1 and Windows Server 2008 R2.
  • Added current support notes for unified solution dependency on Windows Server 2012 R2 and 2016.
  • Added current support notes for the current macOS support window.
  • Added current support notes for current Android and iOS minimum versions.
  • Added ASR rules for Block rebooting machine in Safe Mode and Block use of copied or impersonated system tools.
  • Added newer response and protective capabilities including isolation exclusions, contain IP addresses, GPO hardening, Safeboot hardening, live response library management, and custom data collection.
  • Updated older terminology to current Microsoft wording, such as Respect indicators of compromise to Custom indicators.
  • Updated Linux support across web protection, network protection, and custom network indicators.
  • Updated AIR wording around preview treatment for Windows Server 2012 R2 and 2016.
  • Updated descriptions across the table to better match current terminology and portal naming .
    • e.g. clarified that MDVM features are now surfaced via Exposure Management in the Defender portal.
    • e.g. clarified how passive mode automatically works on Windows clients.
    • Bunch more