What's new in Microsoft Defender for Endpoint
Want to experience Defender for Endpoint? Sign up for a free trial.
The following features are in preview or generally available (GA) in the latest release of Microsoft Defender for Endpoint and security features in Windows 10 and Windows Server.
For more information on preview features, see Preview features.
RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader:
For more information on what's new with other Microsoft Defender security products see:
- What's new in Microsoft 365 Defender
- What's new in Microsoft Defender for Office 365
- What's new in Microsoft Defender for Identity
- What's new in Microsoft Cloud App Security
For more information on Microsoft Defender for Endpoint on other operating systems:
- What's new in Defender for Endpoint on macOS
- What's new in Defender for Endpoint on iOS
- What's new in Defender for Endpoint on Linux
(Preview) Microsoft Defender for Endpoint Plan 1
Defender for Endpoint Plan 1 (preview) is an endpoint protection solution that includes next-generation protection, attack surface reduction, centralized management and reporting, and APIs. Defender for Endpoint Plan 1 (preview) is a new offering for customers who want to try our endpoint protection capabilities, have Microsoft 365 E3, and do not yet have Microsoft 365 E5.
(Preview) Web Content Filtering
Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
- (Preview) Device health and compliance report
The device health and compliance report provides high-level information about the devices in your organization.
Delta export software vulnerabilities assessment API
An addition to the Export assessments of vulnerabilities and secure configurations API collection.
Unlike the full software vulnerabilities assessment (JSON response) - which is used to obtain an entire snapshot of the software vulnerabilities assessment of your organization by device - the delta export API call is used to fetch only the changes that have happened between a selected date and the current date (the "delta" API call). Instead of getting a full export with a large amount of data every time, you'll only get specific information on new, fixed, and updated vulnerabilities. Delta export API call can also be used to calculate different KPIs such as "how many vulnerabilities were fixed" or "how many new vulnerabilities were added to an organization."
Export assessments of vulnerabilities and secure configurations API
Adds a collection of APIs that pull threat and vulnerability management data on a per-device basis. There are different API calls to get different types of data: secure configuration assessment, software inventory assessment, and software vulnerabilities assessment. Each API call contains the requisite data for devices in your organization.
Remediation activity API
Adds a collection of APIs with responses that contain threat and vulnerability management remediation activities that have been created in your tenant. Response information types include one remediation activity by ID, all remediation activities, and exposed devices of one remediation activity.
Helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome process changes. Using onboarded devices, you can find unmanaged devices in your network and assess vulnerabilities and risks. You can then onboard discovered devices to reduce risks associated with having unmanaged endpoints in your network.
Standard discovery will be the default mode for all customers starting July 19, 2021. You can choose to retain the basic mode through the settings page.
Device group definitions can now include multiple values for each condition. You can set multiple tags, device names, and domains to the definition of a single device group.
Mobile Application management support
This enhancement enables Microsoft Defender for Endpoint protect an organization’s data within a managed application when Intune is being used to manage mobile applications. For more information about mobile application management, see this documentation.
Microsoft Tunnel VPN integration
Microsoft Tunnel VPN capabilities is now integrated with Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app – offering both mobile threat defense and the ability to access on-prem resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
Jailbreak detection on iOS
Jailbreak detection capability in Microsoft Defender for Endpoint on iOS is now generally available. This adds to the phishing protection that already exists. For more information, see Setup Conditional Access Policy based on device risk signals.
- Manage tamper protection using the Microsoft Defender Security Center
You can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called tenant attach.
- Windows Virtual Desktop
Microsoft Defender for Endpoint now adds support for Windows Virtual Desktop.