[Announcement] Azure Defender integration with MDE for Windows Server 2019


We are happy to share that Azure Defender integration with MDE (Microsoft Defender for Endpoint) for Windows Server 2019 and Windows 10 Multi-Session (formerly Enterprise for Virtual Desktops (EVD) is now available for Public Preview!


What is MDE and what does the integration include ?

Microsoft Defender for Endpoint is a holistic, cloud delivered endpoint security solution. Its main features are:

  • Risk-based vulnerability management and assessment
  • Attack surface reduction
  • Behavioral based and cloud-powered protection
  • Endpoint detection and response (EDR)
  • Automatic investigation and remediation
  • Managed hunting services

Microsoft Defender for Endpoint provides:

  • Advanced post-breach detection sensors. Defender for Endpoint's sensors for Windows machines collect a vast array of behavioral signals.
  • Analytics-based, cloud-powered, post-breach detection. Defender for Endpoint quickly adapts to changing threats. It uses advanced analytics and big data. It's amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly.
  • Threat intelligence. Defender for Endpoint generates alerts when it identifies attacker tools, techniques, and procedures. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners.

The integration of Microsoft Defender for Endpoint with Security Center let’s customers benefit from the following additional capabilities:

  • Automated onboarding. Security Center automatically enables the Microsoft Defender for Endpoint sensor for all Windows servers monitored by Security Center.
  • Single pane of glass. The Security Center console displays Microsoft Defender for Endpoint alerts. To investigate further, customers can use Microsoft Defender for Endpoint's own portal pages where they will see additional information such as the alert process tree and the incident graph. They can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.
0 Replies