Microsoft Defender for Endpoint training resources:
The goal of this page is to put together a level 101/201 resource for consultants and end customers to utilise to find out more about Defender for Endpoints, I will update the details as they change but this is current as of May 2022.
Microsoft Defender for Endpoint training resources are available across the internet, the best material is often not supplied by Microsoft, but rather by individuals who are using the Microsoft Defender for Business/Endpoint P1 or P2 in anger for their organisations or their clients businesses.
We will cover Microsoft defender for endpoint licensing in a future article.
Here are the differences in the current DfE versions:
Microsoft Defender for Business (MDB)
Microsoft Defender for Business (MDB), is only available for up to 300 users, Defender for Endpoints P1 and P2 continue on for larger organisations who have more than 300 users. Defender for Business is a full featured Endpoint Detection and response platform and when an included part of M365 Business Premium is a full featured eXtended endpoint Detection and response platform.
- Easy to set up and configure.
- Microsoft 365 Lighthouse integration, perfect for MSPs wanting to proactively manage their clients.
Defender for Business can only manage mobile devices like iOS and Android if your tenant is also using using Microsoft Intune, this is because Intune is Microsofts Mobile Device Management solution.
If using Defender for Business without Microsoft Endpoint manager then the configuration needs to be managed through the Microsoft 365 defender portal,
TLDR: Defender for Business seriously rocks, for MSPs it means you can remove third party EDR/NGAV/XDR and save the client money while increasing your customer stickiness through a stellar Professional services job of implementing DfB. For the end customer, DfB will save you money, consolidate your licensing while ticking off most the ASD Essential 8 security controls.
Microsoft defender for endpoint plan 1
Microsoft defender for endpoint plan 1, Next gen anti virus with attack surface reduction built in to assist with “Harden Operating systems”, an ACSC ASD Essential 8 control to reduce the risk of breach. Suitable for organisations with more than 300 users as MDB is a better solution for sub 300 and MDB can be purchased separately, or is included with a Microsoft Business Premium license.
- Easy to configure
- Limited to Anti Virus and Malware protection
Microsoft defender for endpoint plan 2
Microsoft defender for endpoint plan 2, Full Endpoint detection and response platform (and XDR) along with additional Microsoft expertise when required. Suitable for enterprise organisations (over 300 users) who want a strong eXtended endpoint detection and response platform that also incorporates Microsoft Threat experts and Threat hunting capability.
- The most complex and also the most comprehensive of the three options.
- Comprehensive Endpoint protection and response platform
- Advanced Threat protection
- Microsoft experts threat hunting
Please Note
The point about USERS is important because unlike many End Point detection and response platforms or eXtended Detection and response platforms, DEFENDER includes up to 5 devices per user: iOS, Android, Mac and Linux(early access) and makes the solution even more appealing for budget minded cyber security professionals.
Resources
Where can you find material about Microsoft Defender for Endpoints that will help you learn to deploy and manage? I have put together a few links, the first of which is time sensitive.
As always in the technology industry your best way to learn is to deploy the tools yourself and work through the challenges, which is exactly what I have done.
As of the 5th May, Microsoft DFE Ninja training is coming up mid month and you can register here:
For deployment of DFE:
Then there is the official material for DfE, here:
Petri has a great write up on the differences as well as the pricing plans for DfE, here:
And something that I missed in my own deployment was resolved using Prajwaldesai.com, I had problems with the connection between Intune, Defender for Cloud and DFE (link seems to have been removed).
Defender for ASD 8
Traditional Endpoint detection and response solutions do one thing, that is they detect changes that may be a sign of a cyber attack. Microsoft Defender for Endpoint P2 and Business provide many of the Protection requirements of the Australian Cyber Security Centre ASD Essential 8 as well, thereby assisting your business to protect your critical assets:
- Attack surface reduction
- Application control
- MFA through Azure AD P1 (Business Premium feature)
- Patch OS
- Secure apps
Defender for Endpoint Quality of signal
The Mitre evals Sandworm is the latest Mitre Evaluation comparison (2022) and from this most recent testing Defender is working better than most other Endpoint Detection and response solutions across the range of Advanced persistent threats. Microsoft has the benefit of being deployed on more devices than any other vendor globally and this provides then with over 8 trillion telemetry signals per day. The machine learning that XDR models are based on is this volume of signals, this ensures that Microsoft cyber security solutions will continue to become more accurate at discovering anomalies than any other vendor simply due to this deluge of information, I have previously written about AI and ML here, in which I discuss more about what AI and Ml really means for cyber security.
Microsoft Defender for Endpoint Summary
Please feel free to add into the comments any additional hints and tips that you may have for Defender for Endpoint deployments. The solution is a rising star for Microsoft and deserves to gain a lot more traction as it provides as good protection, detection and response as the market leaders: Crowdstrike and SentinelOne at a much lower cost – but MDB also includes telemetry from the O365 side, meaning that MSPs can put more into the services element of a customer deployment or an end customer can afford to train their people into the usage of the platform at a still lower total cost than the other providers of leading solutions.
I would love feedback on your experiences with MDE and any additional hints and tips.
If you wish to contact us then please use the form here.
Leave a Reply
You must be logged in to post a comment.