News

Security Management Eased for Microsoft Defender for Endpoint Users

• By Kurt Mackie
• 12/03/2021

Microsoft is rolling out a somewhat more streamlined approach for managing devices that use Microsoft Defender for Endpoint, according to a Thursday announcement.

A new approach, known as "Security Management for Microsoft Defender for Endpoint," makes it easier to centralize the management of devices that are not already managed by Microsoft Endpoint Manager. Device security settings become available in Microsoft Endpoint Manager via this new Security Management enhancement.

Microsoft described the new Security Management capability as follows, per this document:

Security Management for Microsoft Defender for Endpoint is a capability for devices that aren't managed by a Microsoft Endpoint Manager, either Microsoft Intune or Microsoft Endpoint Configuration Manager, to receive security configurations for Microsoft Defender directly from Endpoint Manager.

The announcement included the following diagram, showing how the Security Management capability works:

Windows Support
So far, the new Security Management capability just works with Windows 10 and newer client operating systems, plus Windows Server 2012 R2 and newer server operating systems.

Microsoft is promising to add Linux and macOS support at some point, though.

Product Names Revisited
Microsoft Defender for Endpoint is the product previously called "Microsoft Defender Advanced Threat Protection" that's used to protect devices and conduct post-breach investigations. Microsoft changed the product's name to Microsoft Defender for Endpoint last year.

This year, Microsoft split the Microsoft Defender for Endpoint product into two products, namely Plan 1 and Plan 2. Plan 2 is the original Microsoft Defender Advanced Threat Protection product, while Plan 1 is a new antivirus and endpoint detection and response product aimed at small-to-medium organizations.

Microsoft's Thursday announcement is describing a new way to bring security settings management into Microsoft Endpoint Manager when organizations are using either Plan 1 or Plan 2 of the Microsoft Defender for Endpoint products.

Configuration Manager and Intune Supported
Microsoft Endpoint Manager has two device management options, namely Microsoft Endpoint Manager Configuration Manager or Microsoft Intune. The new Security Management feature of Microsoft Defender for Endpoint works with both options, but a "tenant attach" is recommended for Configuration Manager users, per Microsoft's document:

When using Configuration Manager, the best path for management of security policy is using the Configuration Manager tenant attach. 

The document lists a bunch of prerequisites, plus other nuanced information on how to use the new Security Management feature. It's fairly complex.

In general, though, Microsoft conceives of this new feature as ultimately reducing tooling headaches for IT pros.

"Without the need to deploy and use additional tools and infrastructure, you can now manage security settings (initially AV, EDR and firewall policies) across devices, with Microsoft Endpoint Manager serving as a single management platform," the announcement indicated.

The capabilities of the Security Management feature seem to be emerging. Microsoft's document described some of them as being at the "prereleased product" stage, without adding further details.