Microsoft Defender for Endpoint Windows 10\11 Roll Out Strategy

Microsoft Defender for Endpoint is a next generation protection endpoint and detection response solution, I am completely biased towards Microsoft technologies as I have focused on Microsoft technologies throughout my career.

Crowd Strike is also an excellent next generation protection endpoint and detection response solution.

What I believe really sets Microsoft’s next generation endpoint detection response for Microsoft Windows 10 and above’s security posture is the combination of Microsoft Defender for Endpoint, Intune, and Defender Vulnerability Management Add-on for Defender for Endpoint Plan 2.

The Microsoft Security portal can provide advanced hunting KQL queries to assess the impact on an organisation’s newly configured security policies, prior to implementation.

An organisation should always improve the Microsoft Defender Vulnerability Management dashboard : exposure score, before choosing the auto remediation policy methods.

If there is an existing endpoint detection response solution, configure Microsoft Defender for Endpoint in EDR mode, to demonstrate all the vulnerabilities that the primary endpoint detection response solution does not report or remediate.

The next step will be to configure the automation remediation level to ‘Semi – require approval for core folders’, until Microsoft Defender for Endpoint, machine learning and cloud intelligence has, provided an organisation will all security and remediation metrics. Then ‘Full – remediate threats automatically’ can be enabled, and integrated with Microsoft Sentinel. SIEM without SOAR is useless.

Simply enabling ‘Full – remediate threats automatically’, will most likely break line of business applications. Every organisation is different and has different line of business applications.

In previous times, email, black and white lists were always implemented, the same way end point detection and response solutions, processes or folders were excluded from protection.

It is now recommended to configure as few exclusions as possible, with the advances in technologies like machine learning and AI. Machine learning and AI, can identify vulnerabilities that are unique to an organisation. The Microsoft Security Center processes more IT transactions daily and globally than any other security vendor in the world, and will most likely provide protection against zero day vulnerabilities than any other global security vendor.

No security vendor can claim to provide protection against a zero day vulnerability, however Microsoft Defender for Endpoint and Crowd Strike can dynamically provide protection, when analysing malicious behaviour via multiple methods like heuristic behaviour and are not dependent on security vulnerability signatures that have already been defined.

At the time of writing this blog, Microsoft Intune can provide the following amount of Microsoft Edge and Google Chrome configuration and control options.

#### Microsoft Edge

#### Google Chrome

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s