“From a security operations center (SOC) perspective Microsoft Defender for Endpoint is a great log source to collect endpoint status and activity data for analysis, alerting, and advanced threat hunting.”
When deploying Microsoft Defender for Endpoint, you can take several steps to ensure that the deployment is successful and you are in a position to take full advantage of the tool’s capabilities:
• Use a configuration manager, preferably Microsoft Endpoint Manager (formerly Microsoft System Center Configuration Manager). You have several options for deploying Microsoft Defender for Endpoint, including Microsoft Endpoint Manager, Group Policy, and even scripts. Microsoft Endpoint Manager is best because it is fast, it shows you what kind of operating systems are running in your environment, and you will see whether the deployment was successful. That is not information you get if you use Group Policy.
• Use the Microsoft security baselines. Both Microsoft Defender for Endpoint and Microsoft Intune, Microsoft’s device management tool and part of Microsoft Endpoint Manager, have security baselines that provide recommended security configurations for optimal protection. These baselines enable you to verify that your deployments are in line with the security baseline of Microsoft Defender for Endpoint, which gives you confidence in the configuration itself.
This is an excerpt from 7 Experts on Implementing Microsoft Defender for Endpoint. This eBook was generously sponsored by BlueVoyant.