RELEASE: Endpoint and Network Discovery for Microsoft Defender for Endpoint

Posted by: kurtsh | June 28, 2021

RELEASE: Endpoint and Network Discovery for Microsoft Defender for Endpoint

Unmanaged devices introduce some of the greatest risks to a customer’s cybersecurity posture. Microsoft Defender for Endpoint can now provide visibility over unmanaged devices running on your networks.

As of today, if you are a Microsoft Defender for Endpoint subscriber, you will notice endpoint discovery has already been enabled on your tenant. This is indicated by a banner that appears in the Endpoint/Device inventory section of the Microsoft 365 Defender console.

With this release, customers will recevie a rich set of new capabilities, including:

Discovery of endpoints and network devices connected to your corporate network
This capability provides Defender for Endpoint with the ability to discover unmanaged workstations, servers, and mobile endpoints (Windows, Linux, macOS, iOS, and Android) that haven’t been onboarded and secured. Additionally, network devices (e.g., switches, routers, firewalls, WLAN controllers, VPN gateways, and others) can be discovered and added to the device inventory using periodic authenticated scans of preconfigured network devices.
Onboard discovered devices and secure them using integrated workflows
Once discovered, unmanaged endpoint and network devices connected to your networks can be onboarded to Defender for Endpoint. New integrated workflows and security recommendations in the threat and vulnerability management experience make it easy to onboard and secure these devices.
Review assessments and address threats and vulnerabilities on newly discovered devices
Once endpoints and network devices have been discovered, assessments can be run using Defender for Endpoint’s threat and vulnerability management capabilities. These security recommendations can be used to address issues on devices helping to reduce an organization’s threat and risk exposure.

Kurt Shintaku's Blog