Windows Defender antivirus and Defender for Endpoint next-gen antivirus

%3CLINGO-SUB%20id%3D%22lingo-sub-2408281%22%20slang%3D%22en-US%22%3EWindows%20Defender%20antivirus%20and%20Defender%20for%20Endpoint%20next-gen%20antivirus%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2408281%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWindows%2010%20includes%20Windows%20Defender%20antivirus%2C%20and%20there%20is%20also%20Microsoft%20Defender%20antivirus%20included%20in%20Defender%20for%20Endpoint%20package.%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20I%20understand%20Defender%20for%20Endpoint%20antivirus%20includes%20additional%20features%20cloud-delivered%20protection.%3C%2FP%3E%3CP%3EDoes%20it%20use%20the%20same%20built-in%20Windows%20Defender%20engine%20with%20additional%20features%20or%20it%20is%20completely%20different%20service%3F%3C%2FP%3E%3CP%3ECan%20you%20please%20explain%20the%20difference%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2409036%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20antivirus%20and%20Defender%20for%20Endpoint%20next-gen%20antivirus%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2409036%22%20slang%3D%22en-US%22%3ESome%20great%20info%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fwhy-use-microsoft-defender-antivirus%3Fview%3Do365-worldwide%2311-reasons-to-use-microsoft-defender-antivirus-together-with-microsoft-defender-for-endpoint%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fwhy-use-microsoft-defender-antivirus%3Fview%3Do365-worldwide%2311-reasons-to-use-microsoft-defender-antivirus-together-with-microsoft-defender-for-endpoint%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2410985%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20antivirus%20and%20Defender%20for%20Endpoint%20next-gen%20antivirus%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2410985%22%20slang%3D%22en-US%22%3EThanks%2C%20but%20do%20we%20unlock%20additional%20features%20for%20Windows%20Defender%20antivirus%2C%20if%20we%20use%20Defender%20for%20Endpoint%3F%20That's%20still%20not%20clear.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2411767%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20antivirus%20and%20Defender%20for%20Endpoint%20next-gen%20antivirus%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2411767%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20ask%20me%3A%20Yes.%20With%20MDE%2C%20you%20get%20the%20whole%20EDR%2FXDR%20part%2C%20post%20breach%20functionality%2C%20custom%20indicators%2C%20Advanced%20hunting%2C%20Reportingcapabilities%20via%20API%20and%20so%20on.%3CBR%20%2F%3EWith%20only%20Defender%20AV%20built%20in%20Windows%2010%2C%20you%20are%20missing%20all%20the%20features%20mentioned%20above%20and%20if%20you%20are%20also%20missing%20SCCM%20or%20Intune%2C%20you%20don't%20have%20the%20possibility%20to%20manage%20Defender%20%2C%20it%20updates%20and%20its%20detections.%20Only%20the%20Defender%20Settings%20can%20be%20distributed%20via%20GPO.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20answers%20your%20question.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

 

Windows 10 includes Windows Defender antivirus, and there is also Microsoft Defender antivirus included in Defender for Endpoint package. 

As I understand Defender for Endpoint antivirus includes additional features cloud-delivered protection.

Does it use the same built-in Windows Defender engine with additional features or it is completely different service?

Can you please explain the difference?

 

7 Replies
Thanks, but do we unlock additional features for Windows Defender antivirus, if we use Defender for Endpoint? That's still not clear.

If you ask me: Yes. With MDE, you get the whole EDR/XDR part, post breach functionality, custom indicators, Advanced hunting, Reportingcapabilities via API and so on.
With only Defender AV built in Windows 10, you are missing all the features mentioned above and if you are also missing SCCM or Intune, you don't have the possibility to manage Defender , it updates and its detections. Only the Defender Settings can be distributed via GPO.

Hope this answers your question.

I can recommend the following video to learn about the MDE features: https://www.youtube.com/watch?v=U7jWbXx_bmE

It's a bit older, but still give you great insights.

@SteBeSec still not clear for me. I perfectly understand that MDE adds additional features besides tradional antivirus.

But this link (https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivir...) states that MDE includes "Next-generation protection".

I have read further and understood, that MDE includes PUA (potentially unwanted application) detection. As well as it includes BAFS (Block at first sight) feature. And also there is dynamic emergency updates feature (Cloud-delivered protection and Microsoft Defender Antivirus | Microsoft Docs).

 

Are these available without MDE?

 

 

As mentioned by @SteBeSec those advanced features are only available on MDE and not the default Windows Defender AV. I have few videos on my channel as well about this Microsoft Defender for endpoint playlist 

I have been struggling with this question lately myself, i.e., do you actually get something more out of Microsoft Defender Antivirus through MDE that you do not get when you simply manage Microsoft Defender AV with Intune on a Windows 10 machine. Is there a difference between Microsoft Defender Antivirus and Next Generation Protection? Microsoft needs to be a lot more clear about this. I have the same question about a lot of the Attack Surface Reduction technologies. They are mostly all built into Windows 10 and can be managed with Intune. So what does MDE give me really? It makes MDE Plan 1 a hard sell. The only benefit I can see is that they feed into the M365 Defender portal so you can see alerts.