What's new in Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft 365 Defender
Want to experience Defender for Endpoint? Sign up for a free trial.
The following features are in preview or generally available (GA) in the latest release of Microsoft Defender for Endpoint.
For more information on preview features, see Preview features.
RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
For more information on what's new with other Microsoft Defender security products, see:
- What's new in Microsoft 365 Defender
- What's new in Microsoft Defender for Office 365
- What's new in Microsoft Defender for Identity
- What's new in Microsoft Cloud App Security
For more information on Microsoft Defender for Endpoint on other operating systems:
- What's new in Defender for Endpoint on macOS
- What's new in Defender for Endpoint on iOS
- What's new in Defender for Endpoint on Linux
- Defender for Servers Plan 2 now integrates with MDE unified solution
You can now start deploying the modern, unified solution for Windows Server 2012 R2 and 2016 to servers covered by Defender for Servers Plan 2 using a single button.
Tamper protection for macOS (preview)
Tamper protection helps prevent unauthorized removal of Microsoft Defender for Endpoint on macOS.
Add domain controller devices - Evaluation lab enhancement (preview)
Add a domain controller to run complex scenarios such as lateral movement and multistage attacks across multiple devices.
- Updated onboarding and feature parity for Windows Server 2012 R2 and Windows Server 2016)
The new unified solution package is now generally available and makes it easier to onboard servers by removing dependencies and installation steps. In addition, this unified solution package comes with many new feature improvements.
- Integration with Tunnel. Microsoft Defender for Endpoint on iOS can now integrate with Microsoft Tunnel, a VPN gateway solution to enable security and connectivity in a single app.This feature was earlier available only on Android. Learn more
Evaluation lab enhancements: You can now add Windows 11 and Linux devices to the lab.
Threat and vulnerability management for Android and iOS is now generally available. Learn more.
Threat and vulnerability management can help identify Log4j vulnerabilities in applications and components. Learn more.
Discover IoT devices (preview): Device discovery now has the ability to help you find unmanaged IoT devices connected to your corporate network. This gives you a single unified view of your IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile).
Microsoft Defender for IoT integration (preview): This integration enhances your device discovery capabilities with the agentless monitoring capabilities provided by Microsoft Defender for IoT. This provides increased visibility to help locate, identify, and secure the IoT devices in your network.
Security configuration management
A capability for devices that aren't managed by a Microsoft Endpoint Manager, either Microsoft Intune or Microsoft Endpoint Configuration Manager, to receive security configurations for Microsoft Defender directly from Endpoint Manager.
Enhancements to cross-platform support.
Updated onboarding and feature parity for Windows Server 2012 R2 and Windows Server 2016 (preview)
The new unified solution package makes it easier to onboard servers by removing dependencies and installation steps. In addition, this unified solution package comes with many new feature improvements.
Windows 11 support added to Microsoft Defender for Endpoint and Microsoft 365 Defender.
- Web content filtering
As part of web protection capabilities in Microsoft Defender for Endpoint, web content filtering enables your organization's security team to track and regulate access to websites based on their content categories. Categories include adult content, high bandwidth, legal liability, leisure, and uncategorized. Although many websites that fall into one or more of these categories might not be malicious, they could be problematic because of compliance regulations, bandwidth usage, or other concerns. Learn more about web content filtering.
(Preview) Microsoft Defender for Endpoint Plan 1
Defender for Endpoint Plan 1 (preview) is an endpoint protection solution that includes next-generation protection, attack surface reduction, centralized management and reporting, and APIs. Defender for Endpoint Plan 1 (preview) is a new offering for customers who want to try our endpoint protection capabilities, have Microsoft 365 E3, and do not yet have Microsoft 365 E5.
(Preview) Web Content Filtering
Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
- (Preview) Device health and compliance report
The device health and compliance report provides high-level information about the devices in your organization.
Delta export software vulnerabilities assessment API
An addition to the Export assessments of vulnerabilities and secure configurations API collection.
Unlike the full software vulnerabilities assessment (JSON response) - which is used to obtain an entire snapshot of the software vulnerabilities assessment of your organization by device - the delta export API call is used to fetch only the changes that have happened between a selected date and the current date (the "delta" API call). Instead of getting a full export with a large amount of data every time, you'll only get specific information on new, fixed, and updated vulnerabilities. Delta export API call can also be used to calculate different KPIs such as "how many vulnerabilities were fixed" or "how many new vulnerabilities were added to an organization."
Export assessments of vulnerabilities and secure configurations API
Adds a collection of APIs that pull threat and vulnerability management data on a per-device basis. There are different API calls to get different types of data: secure configuration assessment, software inventory assessment, and software vulnerabilities assessment. Each API call contains the requisite data for devices in your organization.
Remediation activity API
Adds a collection of APIs with responses that contain threat and vulnerability management remediation activities that have been created in your tenant. Response information types include one remediation activity by ID, all remediation activities, and exposed devices of one remediation activity.
Helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome process changes. Using onboarded devices, you can find unmanaged devices in your network and assess vulnerabilities and risks. You can then onboard discovered devices to reduce risks associated with having unmanaged endpoints in your network.
Standard discovery will be the default mode for all customers starting July 19, 2021. You can choose to retain the basic mode through the settings page.
Device group definitions can now include multiple values for each condition. You can set multiple tags, device names, and domains to the definition of a single device group.
Mobile Application management support
This enhancement enables Microsoft Defender for Endpoint protect an organization's data within a managed application when Intune is being used to manage mobile applications. For more information about mobile application management, see this documentation.
Microsoft Tunnel VPN integration
Microsoft Tunnel VPN capabilities is now integrated with Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app – offering both mobile threat defense and the ability to access on-prem resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
Jailbreak detection on iOS
Jailbreak detection capability in Microsoft Defender for Endpoint on iOS is now generally available. This adds to the phishing protection that already exists. For more information, see Setup Conditional Access Policy based on device risk signals.
- Manage tamper protection using the Microsoft 365 Defender portal
You can manage tamper protection settings on Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server 2022 by using a method called tenant attach.
- Azure Virtual Desktop
Microsoft Defender for Endpoint now adds support for Azure Virtual Desktop.
Submit and view feedback for