Zero Trust with Microsoft Defender for Endpoint
Applies to:
- Microsoft Defender XDR for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Zero Trust is a security strategy for designing and implementing the following set of security principles:
| Verify explicitly | Use least privilege access | Assume breach |
|---|---|---|
| Always authenticate and authorize based on all available data points. | Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection. | Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses. |
Defender for Endpoint is a primary component of the Assume breach principle and an important element of your extended detection and response (XDR) deployment with Microsoft Defender XDR.
Defender for Endpoint uses the following combination of technologies built into Windows 10 and 11 and Microsoft's robust cloud service:
Endpoint behavioral sensors: Sensors embedded in Windows 10 and 11 collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.
Cloud security analytics: Defender for Endpoint translates behavioral signals into insights, detections, and recommended responses to advanced threats. Defender for Endpoint uses big-data, device learning, and unique Microsoft optics across the Windows ecosystem and enterprise cloud products such as Microsoft 365.
Threat intelligence: With data generated by Microsoft hunters, security teams, and partners, threat intelligence enables Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts that are observed in collected sensor data.
Defender for Endpoint and other Microsoft security solutions form a unified pre- and post-breach enterprise defense suite for Microsoft Defender XDR. This native integration across endpoints, identity, email, and applications allows you to detect, prevent, investigate, and automatically respond to sophisticated attacks.
Threat protection for Zero Trust
Defender for Endpoint provides the following threat protections:
- Core Defender Vulnerability Management, which uses a modern risk-based approach to the discovery, assessment, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
- Attack surface reduction provides the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation.
- Next-generation protection is designed to catch all types of emerging threats.
- Endpoint detection and response detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections.
- Automated investigation and remediation help reduce the volume of alerts in minutes at scale.
- Microsoft Secure Score for Devices helps you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- Microsoft Threat Experts provides proactive hunting, prioritization, and additional context and insights that further empower security operation centers (SOCs) to identify and respond to threats quickly and accurately.
Next steps
Learn more about Zero Trust and how to build an enterprise-scale strategy and architecture with the Zero Trust Guidance Center.
For endpoint protection concepts and deployment objectives, see Secure endpoints with Zero Trust.
For the steps to deploy Intune for Microsoft 365 with Zero Trust, see the Manage devices with Intune and Microsoft 365 solution guidance.
For other Microsoft 365 capabilities that contribute to a strong Zero Trust strategy and architecture, see Zero Trust deployment plan with Microsoft 365.
For an overview of Zero Trust for Microsoft Defender XDR services, see Zero Trust with Microsoft Defender XDR.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for