1-Year Subscription License
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help organizations like yours to prevent, detect, investigate, and respond to advanced threats.
Microsoft Defender for Endpoint Plan 1 includes the following capabilities:
- Next-generation protection that includes industry-leading, robust antimalware and antivirus protection
- Manual response actions, such as sending a file to quarantine, that your security team can take on devices or files when threats are detected
- Attack surface reduction capabilities that harden devices, prevent zero-day attacks, and offer granular control over endpoint access and behaviors
- Centralized configuration and management with the Microsoft 365 Defender portal and integration with Microsoft Intune
- Protection for a variety of platforms, including Windows, macOS, iOS, and Android devices
Next-generation protection
Next-generation protection includes robust antivirus and antimalware protection. With next-generation protection, you get:
- Behavior-based, heuristic, and real-time antivirus protection
- Cloud-delivered protection, which includes near-instant detection and blocking of new and emerging threats
- Dedicated protection and product updates, including updates related to Microsoft Defender Antivirus
Manual response actions
Manual response actions are actions that your security team can take when threats are detected on endpoints or in files. Defender for Endpoint includes certain manual response actions that can be taken on a device that is detected as potentially compromised or has suspicious content. You can also run response actions on files that are detected as threats. The following table summarizes the manual response actions that are available in Defender for Endpoint Plan 1.
- Run antivirus scan. Starts an antivirus scan. If any threats are detected on the device, those threats are often addressed during an antivirus scan.
- Isolate device. Disconnects a device from your organization's network while retaining connectivity to Defender for Endpoint. This action enables you to monitor the device and take further action if needed.
- Stop and quarantine. Stops processes from running and quarantines associated files.
- Add an indicator to block or allow a file. Block indicators prevent portable executable files from being read, written, or executed on devices. Allow indicators prevent files from being blocked or remediated.
Attack surface reduction
Your organization's attack surfaces are all the places where you're vulnerable to cyberattacks. With Defender for Endpoint Plan 1, you can reduce your attack surfaces by protecting the devices and applications that your organization uses. The attack surface reduction capabilities that are included in Defender for Endpoint Plan 1 are -
- Attack surface reduction rules
- Ransomware mitigation
- Device control
- Web protection
- Network protection
- Network firewall
- Application control
Centralized management
Defender for Endpoint Plan 1 includes the Microsoft 365 Defender portal, which enables your security team to view current information about detected threats, take appropriate actions to mitigate threats, and centrally manage your organization's threat protection settings.
Cross-platform support
Most organizations use various devices and operating systems. Defender for Endpoint Plan 1 supports the following operating systems:
- Windows 10 and 11
- Windows 7 (ESU required) Pro or Enterprise
- Windows 8.1 Pro, Enterprise, and Pro Education
- macOS (the three most recent releases are supported)
- iOS
- Android OS
