What is Defender for Endpoint?
What is Defender for Endpoint?

This course explores Microsoft Defender for Endpoint and you’ll learn what it is and what it offers. We'll cover the prerequisites and requirements that you must meet before deploying Defender for Endpoint. And finally, we'll look at the planning steps that you should follow when planning a Defender for Endpoint deployment.

Learning Objectives

  • Get a foundational understanding of the Microsoft Defender for Endpoint service
  • Learn about the requirements for deploying the service
  • Learn how to plan a Defender for Endpoint Deployment

Intended Audience

This is intended for those who wish to learn what Microsoft Defender for Endpoint is, what it does, and how to plan for deployment.


To get the most out of this course, you should have a basic understanding of Microsoft 365.


Hello and welcome to Defender for Endpoint.

Microsoft Defender for Endpoint is an endpoint security platform. It’s used to prevent, detect, investigate, and respond to many different threats to endpoint devices on the network, through a combination of technologies that are built into Windows 10 and technologies offered through Microsoft’s cloud services.

For example, it leverages endpoint behavioral sensors that are built into Windows 10 to collect and process behavioral signals from the OS. These behavioral sensors then send this data to your own isolated instance of Microsoft Defender for Endpoint, which is hosted in the cloud.

Defender for Endpoint also leverages cloud security analytics to turn behavioral signals into insights, detections, and even recommended responses to threats that it picks up. It does this by leveraging big-data and device-learning capabilities.

Defender for Endpoint also leverages threat intelligence that is produced by Microsoft hunters and security teams to identify attacker tools, techniques, and procedures. It then provides you with alerts when this stuff is identified in the data that’s collected by its sensors.

Key Defender for Endpoint capabilities and offerings to keep in mind include Threat & Vulnerability Management, Attack surface reduction, Endpoint detection and response, Automated investigation and remediation, Microsoft Secure Score for Devices, and Microsoft Threat Experts.

Built-in Threat & Vulnerability Management features take a risk-based approach to discovery of endpoint vulnerabilities, prioritization of those vulnerabilities, and lastly, remediation of such vulnerabilities.

The attack surface reduction capabilities offered by Defender for Endpoint serve as the first line of defense for endpoints. These capabilities help ensure that endpoint configuration settings are properly configured, while also ensuring that exploit mitigation techniques are applied. The attack surface reduction capabilities in Defender for Endpoint also include network protection and web protection features that block access to malicious IP addresses, domains, and URLs.

The endpoint detection and response capabilities of Defender for Endpoint can detect threats that may have made it past the first two security pillars and allow you to investigate and respond to them. Advanced hunting features that are provided include a query-based threat-hunting tool that you can use to proactively search for breaches and even use to create your own custom detections.

The automatic investigation and remediation capabilities of Defender for Endpoint help reduce the volume of alerts in minutes at scale, while the Microsoft Secure Score for Devices helps you assess the security state of your enterprise network and identify unprotected systems. The Secure Score for Devices also makes recommendations so you can take action to improve your overall security posture.

Defender for Endpoint customers that apply for the Microsoft Threat Experts managed threat hunting add-on service, and are accepted, receive proactive Targeted Attack Notifications, and can collaborate with those experts on demand. 

I should also mention that you can integrate Microsoft Defender for Endpoint into existing workflows, using centralized configuration, administration, and APIs. You can also integrate Defender for Endpoint with other Microsoft solutions like Azure Defender, Azure Sentinel, Intune, and Microsoft Cloud App Security. Defender for Endpoint can also be integrated with Microsoft Defender for Identity, Microsoft Defender for Office, and Skype for Business. 

So, the key takeaway here is that Defender for Endpoint is an enterprise-class endpoint security platform that’s built to prevent, detect, investigate, and respond to advanced threats within the enterprise.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.