Microsoft Defender for EndpointMicrosoft Defender for Endpoint

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

有关 Windows 10 企业版 Edition 特性和功能的信息,请参阅 Windows 10 企业版editionFor more info about Windows 10 Enterprise Edition features and functionality, see Windows 10 Enterprise edition.

Microsoft Defender for Endpoint 是一个企业终结点安全平台,旨在帮助企业网络预防、检测、调查和响应高级威胁。Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Defender for Endpoint 使用内置于 Windows 10 和 Microsoft 强大的云服务中的以下技术组合:Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:

  • 终结点行为 传感器:这些传感器嵌入 Windows 10 中,可收集和处理来自操作系统的行为信号,并将此传感器数据发送到 Microsoft Defender for Endpoint 的私有、隔离云实例。Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.

  • 安全 分析:利用 Windows 生态系统中的大数据、设备学习以及独特的 Microsoft 光学系统、企业云产品 ((如 Office 365) )和在线资产,行为信号将转换为对高级威胁的见解、检测和建议响应。Cloud security analytics: Leveraging big-data, device-learning, and unique Microsoft optics across the Windows ecosystem, enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.

  • 威胁智能:威胁智能由 Microsoft 情报人员、安全团队生成,由合作伙伴提供的威胁智能进行增强,使 Defender for Endpoint 能够识别攻击者工具、技术和过程,并可在收集的传感器数据中观察到它们时生成警报。Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Defender for Endpoint to identify attacker tools, techniques, and procedures, and generate alerts when they are observed in collected sensor data.

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint
Threat & Vulnerability Management
Threat & Vulnerability Management
Attack surface reduction
Attack surface reduction
Next-generation protection
Next-generation protection
Endpoint detection and response
Endpoint detection and response
Automated investigation and remediation
Automated investigation and remediation
Microsoft Threat Experts
Microsoft 威胁专家
Microsoft Threat Experts
Centralized configuration and administration, APIs
Microsoft 365Defender
Microsoft 365 Defender


威胁&漏洞管理Threat & Vulnerability Management
此内置功能使用基于游戏变化风险的方法发现、确定终结点漏洞和错误配置的优先顺序并修正。This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

减少攻击面Attack surface reduction
攻击面减少功能集在堆栈中提供第一道防线。The attack surface reduction set of capabilities provides the first line of defense in the stack. 通过确保正确设置配置设置并应用攻击缓解技术,这些功能可以抵御攻击和利用。By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. 这组功能还包括网络 保护和 Web 保护,用于控制对恶意 IP 地址、域和 URL 的访问。This set of capabilities also includes network protection and web protection, which regulate access to malicious IP addresses, domains, and URLs.

下一代保护Next-generation protection
为了进一步强化网络的安全外围,Microsoft Defender for Endpoint 使用旨在捕获所有类型的新兴威胁的下一代保护。To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.

终结点检测和响应Endpoint detection and response
终结点检测和响应功能已到位,以检测、调查和响应可能通过前两个安全支柱的高级威胁。Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. 高级搜寻 提供基于查询的威胁搜寻工具,可让你主动发现漏洞并创建自定义检测。Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections.

自动调查和修正Automated investigation and remediation
Microsoft Defender for Endpoint 与快速响应高级攻击结合使用,提供自动调查和修正功能,可帮助在数分钟内大规模减少警报量。In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.

设备的 Microsoft 安全功能分数Microsoft Secure Score for Devices

Defender for Endpoint 包括适用于设备的 Microsoft 安全分数,可帮助你动态评估企业网络的安全状态、识别未受保护的系统,以及采取建议的操作来提高组织的整体安全性。Defender for Endpoint includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.

Microsoft 威胁专家Microsoft Threat Experts
Microsoft Defender for Endpoint 的新托管威胁搜寻服务提供了主动搜寻、优先顺序和其他上下文和见解,进一步使安全运营中心 (SOC) 可以快速准确地识别和响应威胁。Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.


Defender for Endpoint 客户需要申请托管威胁Microsoft 威胁专家服务,以获得主动目标攻击通知,并按需与专家协作。Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. 专家按需服务是一项附加服务。Experts on Demand is an add-on service. 目标攻击通知始终包含在你接受到托管威胁Microsoft 威胁专家服务中。Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.

如果你尚未注册并且希望体验其优势,请转到设置> 高级常规> > Microsoft 威胁专家应用。If you are not enrolled yet and would like to experience its benefits, go to Settings > General > Advanced features > Microsoft Threat Experts to apply. 接受后,你将受益于定向攻击通知,并开始 90 天的按需专家试用版。Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. 请与 Microsoft 代表联系,获取完整的专家按需订阅。Contact your Microsoft representative to get a full Experts on Demand subscription.

集中配置和管理、APICentralized configuration and administration, APIs
将 Microsoft Defender for Endpoint 集成到现有工作流中。Integrate Microsoft Defender for Endpoint into your existing workflows.

与 Microsoft 解决方案集成Integration with Microsoft solutions
Defender for Endpoint 直接与各种 Microsoft 解决方案集成,包括:Defender for Endpoint directly integrates with various Microsoft solutions, including:

  • Azure DefenderAzure Defender
  • Azure SentinelAzure Sentinel
  • IntuneIntune
  • Microsoft 云应用安全Microsoft Cloud App Security
  • Microsoft Defender for IdentityMicrosoft Defender for Identity
  • Microsoft Defender for OfficeMicrosoft Defender for Office
  • Skype for BusinessSkype for Business

Microsoft 365 DefenderMicrosoft 365 Defender
借助 Microsoft 365 Defender,Defender for Endpoint 和各种 Microsoft 安全解决方案形成统一的攻破前和入侵后企业防御套件,可跨终结点、标识、电子邮件和应用程序进行本机集成,以检测、阻止、调查和自动响应复杂的攻击。With Microsoft 365 Defender, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.

Microsoft Defender for Endpoint 有助于检测复杂的威胁Microsoft Defender for Endpoint helps detect sophisticated threats