SureDeploy Makes Defender for Endpoint More Awesome

Microsoft Defender for Endpoint (DFE). It not only is a great AV product but is highly rated in Gartner's Magic Quadrant for Endpoint Protection:

(1. Lefferts, 2021)

.......................................................................................

So, what makes Defender for Endpoint better than all the others?

There are a multitude of reasons, but a couple of big ones are:

What is Defender for Endpoint?

Defender for Endpoint is Microsoft's threat management platform for user based systems, e.g. Windows 10/11. It also has support for MacOS, iOS and Android. Defender is more than just a signature based antivirus system, it can also do threat analytics. Also, when paired with its recommended policies it can improve the security posture of your fleet of devices.

Here is a snippet of some of the recommendations from Defender. This is from one of our testing environments:

 It can also include additional devices within your network.

Ok that’s enough of the shameless promotion of DFE.

We've all been overwhelmed when seeing the DFE dashboard for the first time, and going "#$%^ I need to fix how many of these?". Whilst DFE gives you quite detailed information on each of the issues and some method to work around these, there is a lot to process here. Also, some of these policies may take several hours or days to create and test.

There has to be an easier way... Enter SureDeploy

SureDeploy and Defender

The SureDeploy platform now has integrations into Defender!

Not only can we easily get reports and dashboards with the information that is important to your team. We have the ability to instantly push policies that will remediate the configuration recommendations of DFE. Are policies not just the issue? Do you have a lot of apps that are out of date? We have availability to resolve that too. With the AppFresh subscription service within SureDeploy, we can quickly and easily push application updates to your Intune tenant.

Microsoft themselves suggest that 'integration can help prevent security breaches and limit the impact of breaches within an organisation'.

(2. Microsoft, 2023)

 

I'm more going to concern myself with the policy side of things, as this can have the some of the biggest impacts in improving your security posture. We have approximately 100 policies available just targeting the Defender recommendations, and this is just a subset of the policy library that we have available. This list is also growing, as we identify new issue we create and test new remediation policies.

...............................

Policies for Defender

So how do I get these policies you ask?

SIMPLE!!!

Once you have signed up to SureDeploy and have DFE enabled, you will be able to see a dashboard with details of the defender recommendations. Not only that, you will be able to see all the issues that are happening around your DFE environment, and we have this really awesome "DEPLOY" button.

A couple of minutes later that policy is ready for your testing, then can be easily assigned across to your devices. Please make sure that you read continue reading till the end of this article as I go further into not only the why's for testing but some a methodology for testing the policy you have just deployed into your tenant.

What are some examples of policies do we have?

• Attack Surface Reduction rules
• Minimum password requirements
• Blocking flash and Java from Adobe reader
• Disabling connection sharing
• And many many many more...

This policy set is also growing on a daily basis. As we discover new issues we create remediation policies for them, test that they remediate the issue, and provide any GOTCHAs! The last part is really important. There is nothing worse than creating an ASR rule to block Office from creating process, only to have your Line-of-Business add-on stop working. As we have an internal team developing these policies, it is quick and easy for us to be able to create a custom policy just for you, and tweak it to have the exclusions that you need.

Testing Policies

Now that you have a whole lot of shiny new policies that will improve your defender score, what is next?

TESTING, TESTING, and a bit more TESTING.

As I've mentioned above, some of the policies remediating issues within defender are quite restrictive. So, having a testing methodology is really important. Some of these policies can lock the devices down so far that they are no longer useable for your business. Maybe it is a Line-of-business App, or just an uncommon application that Defender Flags as a potential issue. So where do you start testing?

The following is the testing methodology that we use internally:

This is the methodology that we follow internally. Once you have a plan and have practices this a few times the process becomes easier and easier.

Conclusion

Defender is more than just an Endpoint Antivirus solution. It can also identify issues with configuration of your current fleet. SureDeploy has taken this and have pre-made all the policies that you need, to fix any configuration issues Defender identifies.

Want to see it in action? Want to enable this for your own environment? Please reach out to the SureDeploy team!

REFERENCES

1.) Lefferts (2021). Gartner names Microsoft a Leader in the 2021 Endpoint Protection Platforms Magic Quadrant.

2.) Microsoft (2023). Use Microsoft Defender for Endpoint in Microsoft Intune.

From deployment to maintenance, SureDeploy's robust endpoint management solutions empower your team to easily oversee, secure and optimise your entire endpoint fleet.