Two months ago, http://aka.ms/mde_discoveryenblog of a new set of capabilities that would give Microsoft Defender for Endpoint customers visibility over unmanaged devices running on their networks. I...
Updated Jun 21, 2021
Version 1.0
Blog Post
Hey Chris,
Love this new feature. Just a few questions:
- A device discovery function is often found in devices like IPS', Next Gen Firewalls, Vulnerability management tools (e.g. Nessus), and even CMDB software. What are the added benefits of doing device discovery using D4Ep instead of those?
- Can this function integrate with something like a CMDB to feed discovered device data to it?
- How will the discovery service behave when it's not on the corporate network; e.g. Starbucks Wifi, Home Wifi, guest WiFi at a customer site, etc. I would imagine none of those sites would want rogue device scanning going on in their networks. How configurable is this?
- If deployed on an enterprise network it's likely other security services/appliances might identify the scanning function as a malicious act and alert/quarantine/block the device doing the scanning. What needs to be configured on those appliances to white-list the D4Ep scanning activity?
Thanks