cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Defender for Endpoint Blog

When evaluating various solutions, your peers value hearing from people like you who’ve used the product. Review Defender for Endpoint by filling out a Gartner Peer Insights survey and receive a $25 USD gift card (for customers only). Microsoft Privacy Statement
Options
5,314

Offline Security Intelligence Update is now GA!!

Megha_Priya on Apr 01 2024 10:44 AM
Organizations can now update security intelligence (also referred to as “signatures”) on Linux endpoints with limited or...
5,439

Use the new investigation and response capabilities for macOS and Linux

Lior_Liberman on Mar 05 2024 04:14 AM
Start using file and investigation package collection for macOS and Linux and troubleshooting mode for macOS.
9,691

Manage your devices with ease using dynamic rules for device tagging in Microsoft Defender

DeanRubinstein on Jan 09 2024 10:31 AM
As organizations grow and the security landscape becomes increasingly complex, the SOC needs a simple and fluid approach...
5,550

Get greater flexibility across iOS deployments with User Enrollment support in Defender for Endpoint

Mukta_Agarwal on Dec 14 2023 10:00 AM
The evolution of modern work sparked widespread adoption of bring-your-own device (BYOD) policies in organizations, addi...
45.5K

Ignite News: Augment your EDR with deception tactics to catch adversaries early

Evald Markinzon on Nov 15 2023 07:58 AM
Deception is now built into Defender for Endpoint and helps disrupt attacks even faster.
14.9K

Simplified security settings management is now generally available

DanLevyMS on Nov 07 2023 08:55 AM
We are excited to continue delivering on our mission to provide both comprehensive endpoint security and an experience t...
18.2K

Announcing a streamlined device connectivity experience for Microsoft Defender for Endpoint

marysia_k on Oct 25 2023 11:02 AM
Discover how easy it is to configure and manage Microsoft Defender for Endpoint services using the streamlined device co...
7,937

Microsoft Defender data can now be hosted locally in Australia

jcelischarry on Aug 17 2023 10:00 AM
We are pleased to announce that Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Ident...
8,622

Announcing mobile device tagging for iOS and Android

Mukta_Agarwal on Aug 16 2023 06:38 AM
Microsoft Defender for Endpoint is helping decentralized SOC teams improve their approach to security and privacy across...
14K

Optimizing endpoint security with Microsoft Defender for Endpoint's flexible licensing options

Efrat Kliger on Aug 08 2023 08:18 AM
To accommodate scenarios where customers are consuming a mix of SKUs, such as Defender for Endpoint P1 and P2, Defender ...
13.2K

Use the new eBPF-based sensor for Defender for Endpoint on Linux

Bahman_Sabetghadam on Jul 19 2023 03:35 PM
New eBPF sensor delivers additional system stability and performance optimizations for Linux machines.
11.2K

Announcing device isolation and AV scanning for Linux and macOS

Lior_Liberman on Jul 13 2023 06:10 AM
Respond more effectively with device isolation and antivirus scanning now available as response actions in Defender for ...
30.6K

Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint

DanLevyMS on Jul 11 2023 05:53 AM
The new experience offers a consistent, single source of truth for managing endpoint security settings across Windows, m...
21.2K

Announcing the monthly security summary report for Microsoft Defender for Endpoint

Yael_Ben_Ari on Jun 12 2023 09:21 AM
Keep stakeholders informed of the organization's latest security progress and developments, without losing focus on the ...
25.7K

Discovering internet-facing devices using Microsoft Defender for Endpoint

NimrodRoimy on Apr 18 2023 09:00 AM
To help organizations extend their threat protection across internet-facing devices, Microsoft Defender for Endpoint wil...
44.9K

Enrich your advanced hunting experience using network layer signals from Zeek

Christos_Ventouris on Apr 17 2023 10:00 AM
Expand your investigation, hunting, and detection capabilities using a variety of Zeek-based events in advanced hunting.
12.1K

Defender for Endpoint and disconnected environments. Cloud-centric networking decisions

BrianBaldock on Apr 04 2023 09:00 AM
This article provides guidance on understanding the functionality of Defender for Endpoint, a cloud-first product, and t...
8,704

Microsoft awarded Best Advanced Protection for Corporate and Consumer Users by AV-TEST

Nick_C on Mar 20 2023 11:00 AM
AV-TEST has awarded Microsoft Best Advanced Protection 2022 for both Corporate Users and Consumer Users categories.
14.2K

Defender for Endpoint and disconnected environments. Which proxy configuration wins?

BrianBaldock on Feb 21 2023 11:32 AM
This article is a follow-up to a previous one discussing conflicting proxy configurations and how Microsoft Defender for...
16.6K

Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices

DanLevyMS on Feb 02 2023 07:01 AM
Now in public preview, Microsoft Defender for Endpoint expands Security Settings Management support to push ASR rules on...
15.4K

Announcing device isolation support for Linux

Ayelet_Artzi on Jan 30 2023 02:50 PM
Now in public preview, Microsoft Defender for Endpoint releases device isolation support for Linux.
291K

Recovering from Attack Surface Reduction rule shortcut deletions

Scott Woodgate on Jan 14 2023 12:12 AM
Guidance on how to recover from short-cut deletions including PowerShell script.
15.1K

Introducing tamper protection for exclusions

JoshBregman on Jan 12 2023 01:53 PM
One of the most requested features for tamper protection is protection of antivirus exclusions. With that in mind, the M...
31.6K

Disconnected environments, proxies and Microsoft Defender for Endpoint

BrianBaldock on Jan 06 2023 11:13 AM
Recommendations and guidance for deploying Microsoft Defender for Endpoint in disconnected or air-gapped environments
232K

New network-based detections and improved device discovery using Zeek

eladsolomon on Nov 28 2022 05:00 AM
Microsoft Defender for Endpoint is now integrated with Zeek, a powerful open-source network analysis platform.
16.4K

Announcing new removable storage management features on Windows

Tewang_Chen on Nov 21 2022 09:20 AM
Better manage removable storage devices with new removable storage access control capabilities in Microsoft Defender for...
255K

Use the new Microsoft 365 Defender API for all your alerts

Naama Schlesinger on Nov 11 2022 09:00 AM
The new Microsoft 365 Defender alerts API, currently in public preview, enables customers to work with alerts across all...
26.2K

Microsoft Defender for Endpoint announcements at Microsoft Ignite 2022

Nick_C on Oct 12 2022 08:40 AM
Microsoft Defender for Endpoint makes its mark at Microsoft Ignite 2022. See what we announced at this year's event.
29.2K

Detecting and remediating command and control attacks at the network layer

OludeleOgunrinde on Oct 12 2022 08:00 AM
Microsoft Defender for Endpoint helps SecOps teams detect network C2 attacks earlier in the attack chain, minimize the s...
182K

Tamper protection will be turned on for all enterprise customers

JoshBregman on Sep 20 2022 05:00 AM
Starting last year, to better protect our customers from ransomware attacks we turned on tamper protection by default fo...

Latest Comments

Geoff Young
in Endpoint Discovery - Navigating your way through unmanaged devices on May 06 2024 06:55 AM
@PepoHeraud Microsoft has this documented here: Which protocols do you use for active probing in Standard discovery? Device discovery frequently asked questions - Microsoft Defender for Endpoint | Microsoft LearnHope this helps !Geoff
0 Likes
PepoHeraud
in Endpoint Discovery - Navigating your way through unmanaged devices on Apr 30 2024 03:18 PM
Hi @Steve Newby / @Chris Hallum, can you share a Microsoft source for protocols used for active probing in Standard discovery. I found an external resource here that refers to ARP, FTP, HTTP, ICMP, LLMNR, NBNS, RDP, SIP, SMTP, SNMP, SSH, Telnet, UPNP, WSD, SMB, NBSS, IPP, PJL. However, have not been...
0 Likes
rohitwagh
in Become a Microsoft Defender for Endpoint Ninja on Apr 23 2024 12:54 AM
I noticed some of you are asking for possible certification.For SecOps and SecAdmin SC-200 (Microsoft Certified: Security Operations Analyst Associate)is mixed certification. It is preferred by SOC Analysts. For SecAdmin MD-102 (Microsoft 365 Certified: Endpoint Administrator Associate) is there.It ...
0 Likes
JamesEduard
in Become a Microsoft Defender for Endpoint Ninja on Apr 20 2024 05:26 AM
awesome modules, i just finish this weekend and it's a great learning experience.
0 Likes
karanfill
in Manage your devices with ease using dynamic rules for device tagging in Microsoft Defender on Apr 04 2024 12:28 PM
Will wildcard matching be added in the future for fields like Device Name? Or at least a "ends with" option?That would be nice
0 Likes