Two months ago, we announced the public preview of a new set of capabilities that would give Microsoft Defender for Endpoint customers visibility over unmanaged devices running on their networks. It’s devices like these that introduce some of the greatest risks to an organization’s cybersecurity posture.
“The riskiest threat is the one you don’t know about. Unmanaged devices are literally one of your weakest links.
Smart attackers go there first.” - David Weston, Microsoft Director of Enterprise and OS Security
We are pleased to announce that starting today, these capabilities are generally available to all our customers worldwide!
With this release we deliver a rich set of new capabilities, including:
- Discovery of endpoints and network devices connected to your corporate network
This capability provides Defender for Endpoint with the ability to discover unmanaged workstations, servers, and mobile endpoints (Windows, Linux, macOS, iOS, and Android) that haven’t been onboarded and secured. Additionally, network devices (e.g.: switches, routers, firewalls, WLAN controllers, VPN gateways and others) can be discovered and added to the device inventory using periodic authenticated scans of preconfigured network devices.
- Onboard discovered devices and secure them using integrated workflows
Once discovered, unmanaged endpoint and network devices connected to your networks can be onboarded to Defender for Endpoint. Integrated new workflows and new security recommendations in the threat and vulnerability management experience make it easy to onboard and secure these devices.
- Review assessments and address threats and vulnerabilities on newly discovered devices
Once endpoints and network devices have been discovered, assessments can be run using Defender for Endpoint’s threat and vulnerability management capabilities. These security recommendations can be used to address issues on devices helping to reduce an organization’s threat and risk exposure.
Now that these features have reached general availability, you will notice that endpoint discovery is already enabled on your tenant. This is indicated by a banner that appears in the Endpoints\Device inventory section of the Microsoft 365 Defender console.
Figure 1: Device inventory view listing "Can be onboarded" devices and option to enable Standard Mode discovery.
This banner will be available until July 19, 2021 which is when the default behavior for discovery will be switched from Basic to Standard. At this time, Standard discovery will enable the collection of a broader range of device related properties and it will also perform improved device classification. The switch to Standard mode was verified as having negligible network implications during the public preview. More information about the discovery and its two modes can be found in our previous blog.
We’re excited for you to take a look and start using these capabilities and we look forward to your feedback on them. If you have any questions or feedback feel free to leave them in the comment section below. For more information please review the device discovery and network discovery documentations on Microsoft Docs.
To read more about our new device discovery and assessment capabilities, check out:
Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense. With our solution, threats are no match. If you are not yet taking advantage of Microsoft’s unrivaled threat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.