Unmanaged device protection capabilities are now generally available

Hi Quaywe 

Here are some answers to your great questions:

1. The main benefit is the fact that the sensors are already in place. Device discovery requires zero configuration and control, and it happens all the time based on the network telemetry observes by the Defender for Endpoint sensors. Also - having those unmanaged devices listed in your device inventory can give you much more context for any security incident that involves both managed and unmanaged devices.

2. Unfortunately that's not supported today, but we are definitely looking into that. Would you expect having MDE data flowing into CMDB, or in the opposite direction?

3. Visit our public preview announcement blog, it has the information you are looking for under "Discovering the right devices" section. See FAQ and Monitored Networks Configuration for more info.

4. Important to say that the Standard Discovery method has a very low footprint on the network, and our probing is usually targeted (not network-wide) and lightweight. We've tested this functionality with multiple security and network analysis tools. Usually, this activity is not considered to be anomalous. If it was detected as unusual, you can exclude the script path from being monitored by the security tools, or use the Exclusions or the Select devices for Standard discovery controls in the Device Discovery settings based on the types of monitoring tools available in your network.

Thanks!
Ron