Hello and welcome to Defender for Endpoint.

Microsoft Defender for Endpoint is an endpoint security platform. It’s used to prevent, detect, investigate, and respond to many different threats to endpoint devices on the network, through a combination of technologies that are built into Windows 10 and technologies offered through Microsoft’s cloud services.

For example, it leverages endpoint behavioral sensors that are built into Windows 10 to collect and process behavioral signals from the OS. These behavioral sensors then send this data to your own isolated instance of Microsoft Defender for Endpoint, which is hosted in the cloud.

Defender for Endpoint also leverages cloud security analytics to turn behavioral signals into insights, detections, and even recommended responses to threats that it picks up. It does this by leveraging big-data and device-learning capabilities.

Defender for Endpoint also leverages threat intelligence that is produced by Microsoft hunters and security teams to identify attacker tools, techniques, and procedures. It then provides you with alerts when this stuff is identified in the data that’s collected by its sensors.

Key Defender for Endpoint capabilities and offerings to keep in mind include Threat & Vulnerability Management, Attack surface reduction, Endpoint detection and response, Automated investigation and remediation, Microsoft Secure Score for Devices, and Microsoft Threat Experts.

Built-in Threat & Vulnerability Management features take a risk-based approach to discovery of endpoint vulnerabilities, prioritization of those vulnerabilities, and lastly, remediation of such vulnerabilities.

The attack surface reduction capabilities offered by Defender for Endpoint serve as the first line of defense for endpoints. These capabilities help ensure that endpoint configuration settings are properly configured, while also ensuring that exploit mitigation techniques are applied. The attack surface reduction capabilities in Defender for Endpoint also include network protection and web protection features that block access to malicious IP addresses, domains, and URLs.

The endpoint detection and response capabilities of Defender for Endpoint can detect threats that may have made it past the first two security pillars and allow you to investigate and respond to them. Advanced hunting features that are provided include a query-based threat-hunting tool that you can use to proactively search for breaches and even use to create your own custom detections.

The automatic investigation and remediation capabilities of Defender for Endpoint help reduce the volume of alerts in minutes at scale, while the Microsoft Secure Score for Devices helps you assess the security state of your enterprise network and identify unprotected systems. The Secure Score for Devices also makes recommendations so you can take action to improve your overall security posture.

Defender for Endpoint customers that apply for the Microsoft Threat Experts managed threat hunting add-on service, and are accepted, receive proactive Targeted Attack Notifications, and can collaborate with those experts on demand. 

I should also mention that you can integrate Microsoft Defender for Endpoint into existing workflows, using centralized configuration, administration, and APIs. You can also integrate Defender for Endpoint with other Microsoft solutions like Azure Defender, Azure Sentinel, Intune, and Microsoft Cloud App Security. Defender for Endpoint can also be integrated with Microsoft Defender for Identity, Microsoft Defender for Office, and Skype for Business. 

So, the key takeaway here is that Defender for Endpoint is an enterprise-class endpoint security platform that’s built to prevent, detect, investigate, and respond to advanced threats within the enterprise.