Michael Kavka, R.J. O’Brien, Sr. Security Engineer
“There are many intricacies in the configurations and settings. Some of them may be important to you, and others may not.”
As with any security product, before implementing Microsoft Defender for Endpoint, you must know what is in your environment. If you are primarily a Windows shop, not all Microsoft Defender for Endpoint features work on versions of Windows earlier than Windows 7 SP1. In most cases, you will want to update most client computers to Windows 10. If you have endpoints that run non-Windows operating systems, Microsoft Defender for Endpoint will work on some of them, but you need to know exactly what you have.
The next step is to enroll one endpoint so that you can familiarize yourself with Microsoft Defender for Endpoint configurations. There are many intricacies in the configurations and settings. Some of them may be important to you, and others may not. The tool also offers many configurations in advanced settings, including custom detections, suppressions, and indicators. Some features may not be turned on, such as web content filtering. Other features you will not be able to turn if you have not set up a security baseline for your machines. Some people will want to resolve alerts by using automatic investigations, although depending on your environment, you may get a lot of false positives. Microsoft Defender for Endpoint has default configurations for all settings. You could roll the tool out quickly with default settings, although the alerts may be overwhelming, which is why it’s best to start with one machine and go through all the settings in all the sections.
This is an excerpt from 7 Experts on Implementing Microsoft Defender for Endpoint. This eBook was generously sponsored by BlueVoyant.
