Microsoft Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Defender for Endpoint protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.
Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see Secure your remote workforce.
Microsoft Defender for Endpoint
Threat & vulnerability management
This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
- Threat & vulnerability management overview
- Get started
- Access your security posture
- Improve your security posture and reduce risk
- Understand vulnerabilities on your devices
Attack surface reduction
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
- Hardware based isolation
- Application control
- Device control
- Exploit protection
- Network protection, web protection
- Controlled folder access
- Network firewall
- Attack surface reduction rules
To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.
- Behavior monitoring
- Cloud-based protection
- Machine learning
- URL Protection
- Automated sandbox service
Endpoint detection and response
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to intrusion attempts and active breaches. With Advanced hunting, you have a query-based threat-hunting tool that lets your proactively find breaches and create custom detections.
- Historical endpoint data
- Response orchestration
- Forensic collection
- Threat intelligence
- Advanced detonation and analysis service
- Advanced hunting
Automated investigation and remediation
In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automated investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
- Get an overview of automated investigation and remediation
- Learn about automation levels
- Configure automated investigation and remediation in Defender for Endpoint
- Visit the Action center to see remediation actions
- Review remediation actions following an automated investigation
Microsoft Threat Experts
Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights. Microsoft Threat Experts further empowers Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately.
- Targeted attack notification
- Configure your Microsoft 365 Defender managed hunting service
Centralized configuration and administration, APIs
Integrate Microsoft Defender for Endpoint into your existing workflows.
- API and SIEM integration
- Exposed APIs
- Role-based access control (RBAC)
- Reporting and trends
Integration with Microsoft solutions
Microsoft Defender for Endpoint directly integrates with various Microsoft solutions, including:
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Azure Defender
- Skype for Business
- Microsoft Cloud App Security
Microsoft 365 Defender
With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.