News

Network and Web Protections in Microsoft Defender for Endpoint Now Available at Preview for Linux and macOS Devices

• By Kurt Mackie
• 08/18/2022

Microsoft this week announced public previews of Network Protection and Web Protection capabilities for Linux and macOS devices in its Microsoft Defender for Endpoint solution.

Microsoft Defender for Endpoint offers security protections for client devices and underwent a product restructuring change back in November. It now has Plan 1 and Plan 2 products. Plan 1 provides fundamental endpoint protections across Windows, macOS, Android and iOS devices, while Plan 2 adds threat hunting capabilities.

Network Protection
Network Protection is an attack surface reduction capability that's been available in Microsoft Defender for Endpoint, but previously just for Windows devices (Windows 10 version 1709 or later). It uses Microsoft's SmartScreen reputation feed (also used with browsers) to block device access to malicious URLs, as used in phishing scams. The reputation information is pulled together from Microsoft Intelligent Security Graph threat signals.

Organizations get protection against malicious URLs across various applications, and not just for browsers, with Network Protection. Machine learning is used with Network Protection as well to detect the use of software or services for command-and-control attack activities.

It's also possible to use Network Protection to show indicators of compromise, which might be used by security analysts hunting for advanced attacks. To get that kind of information, Network Protection needs to be used with the "Endpoint detection and response capabilities in Defender for Endpoint," Microsoft's document explained.

The Network Protection capabilities for Windows devices works "natively" with Microsoft Defender for Cloud Apps, which is Microsoft's solution for protecting software-as-a-service apps. However, that integration is limited for Linux and macOS devices at present.

"Currently, the integration for macOS and Linux only supports endpoint enforcement capabilities," the announcement noted, without elaboration, regarding Microsoft Defender for Cloud Apps integration.

Web Protection
The Web Protection capability is designed to secure devices against Web-based threats and address unwanted content. It has three elements, namely "Web threat protection, Web content filtering and Custom indicators," according to Microsoft's document.

Web Protection capabilities are used for alerts and investigations. Organizations also can use Web Protection capabilities to set up Allow, Block and Warn policies. Users also can be blocked from accessing Web sites based on blocking categories that get set up by organizations.

OS Support and Licensing
The preview of Network Protection and Web Protection capabilities in Microsoft Defender for Endpoint just works with macOS devices using version 11 ("Big Sur") or later operating system versions. The preview also is supported for multiple Linux distros, which are shown in this "System Requirements" list.

Licensing was described as requiring "a standalone Microsoft Defender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365 Security," per this "Licensing Requirements" document section. That section didn't indicate if there were any Plan 1 or Plan 2 requirement.

The Network Protection and Web Protection preview capabilities, though, can be tried using a trial version of the Microsoft Defender for Endpoint product, according to Microsoft's announcement.