What Is Microsoft Defender? A Complete Guide

INSIDE THIS ARTICLE   

what is Microsoft Defender

Microsoft Defender for Endpoint (MDE), also known as Windows Defender, is a platform that provides comprehensive protection against malware, cyberattacks, device control, and advanced threat detection and response across different OS and network devices.

It helps organizations to prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Endpoint is part of the Microsoft Defender suite of security products, which also includes Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud.

The best way to understand what is Microsoft Defender for Endpoint is by seeing it in action. The following presentation will show you exactly how MDE works with a testimony from one of our clients.

How To Install Microsoft Defender for Endpoint

To check if you already have MDE installed on your device, you can do the following:

For Windows equipment, open the Windows Security app and select Settings. Under About, look for the Microsoft Defender for Endpoint section. If you see a message that says Your organization manages this app, then you have MDE installed.

For Mac devices, open the Microsoft Defender ATP app and select About. If you see a version number and a license status, then you have MDE installed.

For Linux devices, run the command mdatp –health and look for the healthy status. If you see it, then you have MDE installed.

For iOS devices, open the Microsoft Defender ATP app and select Settings. Under About, look for the Microsoft Defender for Endpoint section. If you see a version number and a license status, then you have MDE installed.

For Android devices, open the Microsoft Defender ATP app and select Settings. Under About, look for the Microsoft Defender for Endpoint section. If you see a version number and a license status, then you have MDE installed.

Windows Install

To install MDE on a Windows PC, you need to have a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent. You also need to have Windows 10 Enterprise E5 or Windows 10 Education A5 on your device. You can follow these steps to install MDE on Windows devices:

Sign in to the Microsoft Defender Security Center with your Microsoft account.

Go to Settings > Onboarding and select Windows 10 as the OS.

Choose the deployment method that works best for you. You can use Group Policy, Configuration Manager, Microsoft Intune, or a local script.

Download the onboarding package and follow the instructions to deploy it to your devices.

Verify that the installation was successful by checking the Windows Security app or the Microsoft Defender Security Center.

Mac Install

To install MDE on Mac devices, you need to have a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent. You also need to have macOS Mojave (10.14) or later on your device. Make sure to follow these steps to install MDE on Mac devices:

Sign in to the Microsoft Defender Security Center with your Microsoft account.

Go to Settings > Onboarding and select MacOS as the OS.

Download the Microsoft Defender ATP.pkg file and distribute it to your devices using your preferred method.

Run the Microsoft Defender ATP.pkg file on your devices and follow the installation wizard.

Verify that the installation was successful by checking the Microsoft Defender ATP app or the Microsoft Defender Security Center.

Linux Install

You must have a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent, to install MDE on Linux devices. Your device must also be running one of the supported Linux distributions, such as Ubuntu, Red Hat Enterprise Linux, CentOS, Debian, SUSE Linux Enterprise Server, or Oracle Linux. To install MDE on Linux devices, follow these steps:

Sign in with your Microsoft account to the Microsoft Defender Security Centre.

Select Linux as the OS in Settings > Onboarding.

Extract the onboarding script and public key files from the onboarding package.

Using your preferred method, copy the onboarding script and public key files to your Linux devices.

iOS Install

To install MDE on iOS devices, you need to have a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent. You also need to have iOS 11.0 or later on your device. These are the steps you need to follow to install MDE on iOS devices:

  • Download the Microsoft Defender ATP app from the App Store on your device.
  • Sign in to the app with your work account.
  • Grant the app the necessary permissions to access your device data and settings.
  • Enroll your device in the Microsoft Defender Security Center by scanning the QR code or entering the URL provided by your administrator.
  • Verify that the installation was successful by checking the Microsoft Defender ATP app or the Microsoft Defender Security Center.

Android Install

To install MDE on Android devices, you will need a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent. You also need to have Android 6.0 or later on your device. Follow these steps to install MDE on Android devices:

  • Download the Microsoft Defender ATP app from the Google Play Store on your device.
  • Sign in to the app with your work account.
  • Grant the app the necessary permissions to access your device data and settings.
  • Enroll your device in the Microsoft Defender Security Center by scanning the QR code or entering the URL provided by your administrator.
  • Verify that the installation was successful by checking the Microsoft Defender ATP app or the Microsoft Defender Security Center.

Is Microsoft Defender For Endpoint An EDR?

EDR stands for Endpoint Detection and Response, which is a technology that monitors and analyzes endpoint data to detect and respond to cyber threats. EDR solutions typically provide features such as threat hunting, behavioral analysis, incident response, and forensics.

Windows Defender for Endpoint is an EDR solution that leverages the power of artificial intelligence, cloud security analytics, and Microsoft threat intelligence to provide comprehensive protection for your endpoints.

MDE not only detects and responds to threats, but also helps you prevent them by reducing the attack surface and hardening the endpoints. MDE also integrates with other Microsoft security products and services, such as Microsoft 365 Defender, Azure Sentinel, and Microsoft Threat Experts.

Therefore, MDE is a unified and scalable EDR platform that supports multiple operating systems and devices.

Should I install MDE If I Currently Have An Antivirus Solution?

MDE can work alongside your existing antivirus solution, or replace it entirely, depending on your needs and preferences.

MDE is not just an antivirus software, but a complete endpoint security platform that offers advanced capabilities beyond traditional antivirus products.

If you choose to use MDE with your existing antivirus software, you can benefit from the following advantages:

  • You can have multiple layers of protection for your endpoints, as MDE can detect and respond to threats that your antivirus solution might miss or fail to block.
  • You can have centralized visibility and management of your endpoint security, as MDE provides a single dashboard where you can monitor and control all your devices, regardless of their operating system or antivirus solution.
  • You can have seamless integration and automation of your endpoint security, as MDE can communicate and coordinate with your antivirus program and other Microsoft security products and services.

If you choose to use MDE as your only antivirus solution, you can benefit from the following advantages:

  • You can have simplified administration and reduced costs of your endpoint security, as MDE can eliminate the need for multiple antivirus products and licenses.
  • You can have optimized performance and resource consumption of your endpoints, as MDE can run efficiently and effectively without interfering with your device operations.
  • You can have enhanced security and compliance of your endpoints, as MDE can provide the latest and best protection for your devices, based on the real-time and global threat intelligence from Microsoft.

Ultimately, the decision to install MDE with or without your existing antivirus solution depends on your security goals, budget, and risk tolerance.

You can consult with your managed IT services provider or security expert to determine the best option for your organization.

What Are The System And Device Requirements?

To use MDE on your devices, you need to meet the following system and your device security requirements:

  • For Windows devices, you need to have Windows 10 Enterprise E5 or Windows 10 Education A5 on your device, and the device must be running one of the supported Windows 10 versions. You also need to have at least 2 GB of RAM and 500 MB of free disk space on your device.
  • For Mac devices, you need to have macOS Mojave (10.14) or later on your device, and the device must be running one of the supported macOS versions. You also need to have at least 1 GB of RAM and 500 MB of free disk space on your device.
  • For Linux devices, you need to have one of the supported Linux distributions on your device, such as Ubuntu, Red Hat Enterprise Linux, CentOS, Debian, SUSE Linux Enterprise Server, or Oracle Linux. You also need to have at least 1 GB of RAM and 500 MB of free disk space on your device.
  • For iOS devices, you need to have iOS 11.0 or later on your device, and the device must be one of the supported iOS models. You also need to have at least 100 MB of free storage space on your device.
  • For Android devices, you need to have Android 6.0 or later on your device, and the device must be one of the supported Android models. You also need to have at least 100 MB of free storage space on your device.

You can find more details about the system and device requirements for MDE on the Microsoft Docs website.

What Are The Functions Of Microsoft Defender For Endpoint?

MDE provides a range of functions that help you protect your endpoints from cyber threats. Some of the main functions are:

  • Antimalware: MDE uses Windows Defender Antivirus to scan your devices for malware and other malicious software, and block or remove them. MDE also uses Windows Defender SmartScreen to warn you about potentially unsafe websites, downloads, and attachments, and prevent you from accessing them.
  • Attack surface reduction: MDE uses various features to reduce the attack surface of your devices, such as application control, exploit protection, network protection, web protection, controlled folder access, and attack surface reduction rules. These features help you restrict the applications and processes that can run on your devices, prevent common exploit techniques, block malicious network connections, filter web content, protect sensitive folders, and enforce security policies.
  • Device control: MDE uses device control to help you manage the external devices that can connect to your endpoints, such as USB drives, printers, cameras, and Bluetooth devices. You can use device control to allow or block specific devices, device types, or device classes, and monitor the device usage on your endpoints.
  • Advanced detection and response: MDE uses behavioral sensors, cloud security analytics, and Microsoft threat intelligence to detect and respond to advanced threats on your endpoints, such as ransomware, fileless attacks, zero-day exploits, and targeted attacks. MDE also provides features such as threat hunting, incident response, forensics, and remediation to help you investigate and resolve security incidents on your endpoints. MDE also integrates with other Microsoft security products and services, such as Microsoft 365 Defender, Azure Sentinel, and Microsoft Threat Experts, to provide a holistic and coordinated security solution for your organization.

Does Microsoft Defender Protect Against Malware?

Yes, Microsoft Defender protects against malware and other malicious software on your devices. Microsoft Defender uses Microsoft Defender Antivirus to scan your devices for malware and block or remove them.

Microsoft Defender Antivirus uses real-time protection, cloud-delivered protection, and automatic sample submission to provide the latest and best protection for your devices.

Real-time protection monitors your devices for suspicious activity and alerts you when it detects malware.

Cloud-delivered protection uses the Microsoft Defender Security Center to provide fast and accurate threat detection and response. Automatic sample submission sends suspicious files to Microsoft for analysis and feedback.

Can Windows Defender Run With Other Antivirus Protection Solutions?

Yes, Windows Defender can run with other antivirus protection solutions on your devices. However, you should be aware of the potential issues and benefits of doing so.

Some of the potential issues of running Windows Defender with other antivirus solutions are:

  • Performance impact: Running multiple antivirus solutions on your devices can consume more system resources and affect the speed and efficiency of your devices.
  • Compatibility issues: Running multiple antivirus solutions on your devices can cause conflicts and errors between them, which can affect the functionality and reliability of your devices.
  • Security gaps: Running multiple antivirus solutions on your devices can create inconsistencies and vulnerabilities in your security policies and settings, which can affect the protection and compliance of your devices.

Can Windows Defender Detect Keyloggers?

Yes, Windows Defender can detect keyloggers on your devices. Keyloggers are a type of malware that can record your keystrokes and send them to hackers or cybercriminals. Keyloggers can be used to steal your personal information, passwords, credit card numbers, and other sensitive data.

Windows Defender uses Microsoft Defender Antivirus to scan your devices for keyloggers and other malware, and block or remove them. Windows Defender Antivirus uses real-time protection, cloud-delivered protection, and automatic sample submission to provide the latest and best protection for your devices.

How Often Does Windows Defender Scan?

  • Quick scan: This scan checks the areas of your device that are most likely to contain malware, such as the memory, registry, and system files. This scan is fast and efficient and usually takes less than 15 minutes to complete. Windows Defender performs a quick scan every day by default, but you can change the frequency and time of this scan in the Windows Security app.
  • Full scan: This scan checks all the files and folders on your device, including the ones that are not usually scanned by the quick scan. This scan is thorough and comprehensive but can take several hours to complete, depending on the size and number of files on your device. Windows Defender performs a full scan once a month by default, but you can change the frequency and time of this scan in the Windows Security app.
  • Custom scan: This scan checks the specific files and folders that you choose on your device. This scan is flexible and customizable and can take a variable amount of time to complete, depending on the size and number of files you select. Windows Defender performs a custom scan whenever you manually start it in the Windows Security app.

Can Microsoft Defender detect Trojans?

Yes, Microsoft Defender can detect trojans on your devices. Trojans are a type of malware that can disguise themselves as legitimate software or files, and perform malicious actions once they are installed or opened on your devices.

Trojans can be used to steal your personal information, damage your files, spy on your activities, or create backdoors for hackers or cybercriminals.

Microsoft Defender uses Microsoft Defender Antivirus to scan your devices for trojans and other malware, and block or remove them. Microsoft Defender Antivirus uses real-time protection, cloud-delivered protection, and automatic sample submission to provide the latest and best protection for your devices.

What is Windows Defender Antivirus Service?

Windows Defender Antivirus service is the core component of Windows Defender Antivirus that runs in the background on your devices and provides the essential functions of malware protection. Windows Defender Antivirus service is responsible for:

  • Scanning your devices for malware protection, using various types of scans, such as quick scan, full scan, custom scan, and offline scan.
  • Updating your devices with the latest malware definitions and security intelligence, using cloud-delivered protection and automatic sample submission.
  • Blocking or removing malware and other threats from your devices, using real-time protection and remediation actions.
  • Reporting the malware and threat detection and response activities on your devices, using the Windows Security app and the Windows Defender Security Center.

Is Microsoft Defender Offline Scan Good?

Microsoft Defender Offline Scan is a useful and powerful tool that can help you scan your devices for malware protection and other threats when they are not connected to the internet or when the malware is difficult to remove.

Microsoft Defender Offline Scan is a specialized and trusted scanning tool that runs from a bootable USB or DVD.

Microsoft Defender Offline Scan can be good for the following reasons:

  • It can scan your devices without being affected by the malware that might be running on them, as it runs from a separate and clean environment.
  • It can scan your devices without being limited by the network connectivity or bandwidth, as it does not rely on the internet or cloud services.
  • It can scan your devices with the latest malware definitions and security intelligence, as it updates itself automatically before each scan.
  • It can scan your devices for malware that are not usually detected by regular scans, such as rootkits, bootkits, and other persistent malware.

Microsoft Defender Offline Scan also has some limitations and drawbacks, such as:

  • It can only scan your devices for malware, but not block or remove them. You need to use regular scans or other tools to perform the remediation actions.
  • It can only scan your devices when they are turned off or restarted, which can be inconvenient and time-consuming.
  • It can only scan your devices for Windows operating systems, but not for other operating systems or devices.

Can Windows Defender Detect Malware?

Yes, Windows Defender can detect malware and other malicious software on your devices. Malware is a general term that refers to any software that can harm your devices, data, or network, such as viruses, worms, trojans, ransomware, spyware, adware, and more.

Windows Defender uses Microsoft Defender Antivirus to scan your devices for malware, and block or remove them. Microsoft Defender Antivirus uses real-time protection, cloud-delivered protection, and automatic sample submission to provide the latest and best protection for your devices.

How To Turn On Windows Defender In Windows 10?

To turn on Windows Defender on Windows 10 devices, you need to follow these steps:

  • Open the Windows Security app by clicking the shield icon on the taskbar, or by searching for Windows Security in the Start menu.
  • Select Virus & Threat Protection from the left pane.
  • Under Virus & Threat Protection settings, click Manage Settings.
  • Turn on the Real-time protection toggle switch. This will enable Microsoft Defender Antivirus to scan your devices for malware and other threats in real-time.
  • Turn on the Cloud-delivered protection toggle switch. This will enable Microsoft Defender Antivirus to use the Microsoft Defender Security Center to provide fast and accurate threat detection and response.
  • Turn on the Automatic sample submission toggle switch. This will enable Microsoft Defender Antivirus to send suspicious files to Microsoft for analysis and feedback.

What Is The Difference Between Windows Defender And Microsoft Defender?

Windows Defender and Microsoft Defender are both brand names for Microsoft’s security products and services. However, they are not exactly the same, as they refer to different aspects and components of Microsoft’s security offerings.

Windows Defender is the original and generic name for Microsoft’s security products and services, especially for Windows operating systems. Windows Defender includes features such as Windows Defender Antivirus, Microsoft Defender Firewall, Windows Defender SmartScreen, Windows Defender Application Guard, and Windows Defender System Guard. Windows Defender also refers to the built-in and free security solution that comes with Windows 10 devices, which provides basic protection against malware and other threats.

Microsoft Defender is the new and specific name for Microsoft’s security products and services, especially for non-Windows operating systems and devices. Microsoft Defender includes features such as Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud.

Microsoft Defender also refers to the advanced and paid security solution that requires a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent, which provides comprehensive protection against advanced threats.

Therefore, Windows Defender and Microsoft Defender are both Microsoft’s security products and services, but they have different names, scopes, and capabilities.

What is the difference between MDE, Defender ATP And Defender for Windows 10?

MDE, Defender ATP, and Defender for Windows 10 are all acronyms or abbreviations for Microsoft’s security products and services. However, they are not exactly the same, as they refer to different versions and components of Microsoft’s security offerings.

Microsoft Defender For Endpoint

MDE is the current and official name for Microsoft’s security product that offers antimalware, cyberattack surface reduction, device control, and advanced detection and response across operating systems and network devices.

MDE is part of the Microsoft Defender suite of security products, which also includes Microsoft Defender for Identity, Microsoft Defender for Office 365, and Microsoft Defender for Cloud. MDE requires a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent, to use.

Defender Advanced Threat Protection

Defender ATP stands for Defender Advanced Threat Protection, which is the previous and deprecated name for Microsoft’s security product that offers antimalware, cyberattack surface reduction, device control, and advanced detection and response across operating systems and network devices.

Defender ATP was renamed to MDE in 2020, to reflect the expanded and enhanced capabilities and security features of the product. Defender ATP also required a Microsoft 365 E5 or Microsoft 365 E5 Security license, or an equivalent, to use.

Microsoft Defender Antivirus

Defender for Windows 10 stands for Microsoft Defender Antivirus for Windows 10, which is the built-in and free security product that comes with Windows 10 devices, and provides basic protection against malware and other threats.

Defender for Windows 10 is also known as Windows Defender Antivirus, which is the original and generic name for Microsoft’s antimalware product for Windows operating systems. Defender for Windows 10 does not require any additional license to use.

Therefore, MDE, Defender ATP, and Defender for Windows 10 are all Microsoft’s security products and services, but they have different names, versions, and components.

Does MDE have Automatic Updates?

Yes, MDE has automatic updates that keep your devices protected with the latest malware definitions and security intelligence. MDE uses cloud-delivered protection and automatic sample submission to mine malware samples and provides fast and accurate threat detection and response.

Like this article? Spread the word

Google Rating
5.0
Based on 61 reviews
js_loader