Make the switch from non-Microsoft endpoint protection to Microsoft Defender for Endpoint
If you are thinking about switching from a non-Microsoft endpoint protection solution to Microsoft Defender for Endpoint (Defender for Endpoint), you're in the right place. Use this article as a guide.
When you make the switch to Defender for Endpoint, you begin with your non-Microsoft antivirus/antimalware protection in active mode. Then, you configure Microsoft Defender Antivirus in passive mode, and onboard your devices to Defender for Endpoint. Next, you configure your endpoint protection features, set Microsoft Defender Antivirus to active mode, and verify that everything is working correctly. Finally, you remove the non-Microsoft solution.
The migration process
The process of migrating to Defender for Endpoint can be divided into three phases, as described in the following table:
|Prepare for your migration||During the Prepare phase:
|Set up Defender for Endpoint||During the Setup phase:
|Onboard to Defender for Endpoint||During the Onboard phase:
What's included in Microsoft Defender for Endpoint?
In this migration guide, we focus on next-generation protection and endpoint detection and response capabilities as a starting point for moving to Defender for Endpoint. However, Defender for Endpoint includes much more than antivirus and endpoint protection. Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. The following table summarizes features and capabilities in Defender for Endpoint.
|Threat & vulnerability management||Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices).|
|Attack surface reduction||Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks.|
|Next-generation protection||Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware.|
|Endpoint detection and response||Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.|
|Advanced hunting||Advanced hunting capabilities enable your security operations team to locate indicators and entities of known or potential threats.|
|Behavioral blocking and containment||Behavioral blocking and containment capabilities help identify and stop threats, based on their behaviors and process trees even when the threat has started execution.|
|Automated investigation and remediation||Automated investigation and response capabilities examine alerts and take immediate remediation action to resolve breaches.|
|Threat hunting service (Microsoft Threat Experts)||Threat hunting services provide security operations teams with expert level monitoring and analysis, and to help ensure that critical threats aren't missed.|
Want to learn more? See Defender for Endpoint.
- Proceed to Prepare for your migration.