Oscar Monge, Rabobank, Security Solutions Architect

“The most challenging aspect of using Microsoft Defender for Endpoint is ongoing product oversight.”


Good security depends on having consistent controls across the environment. Microsoft Defender for Endpoint is deployed as a series of agents on the endpoints in your organization. The first step in implementing this solution is to take a complete inventory of your systems so that you know what you have. Microsoft Defender for Endpoint supports the Windows 7 SP1 and later and the Windows Server 2008 and later operating systems, and it now has agents that run on Linux, macOS, and some versions of Android.
Like other security tools in the Microsoft 365 Defender suite, Microsoft Defender for Endpoint is easy to activate, and you will start to see immediate benefits, especially in Windows environments. Microsoft also has deployment packages that make it easy to roll out agents on endpoints. These agents connect to Azure public cloud, where all the activity data from all the locally running agents is collected and processed, requiring no infrastructure on premises.
The most challenging aspect of using Microsoft Defender for Endpoint is ongoing product oversight. For instance, the product comes with out-of-the- box detections. You must determine which are best for the departments in your organization because no one set of rules works for everyone. You must also monitor and tune the tool to reduce false positives—a continuous process because environments and threats are always changing. Microsoft Defender for Endpoint enables you to create tests, such as your own homemade viruses, to make sure that a control detects them and actually works.

This is an excerpt from 7 Experts on Implementing Microsoft Defender for Endpoint.  This eBook was generously sponsored by BlueVoyant.