Microsoft Defender for Endpoint
- Security settings management is available for multi-tenant environments in Microsoft Defender XDR
- Microsoft Defender for Endpoint’s Safe Deployment Practices
- Detect compromised RDP sessions with Microsoft Defender for Endpoint
- Reduce friction and protect faster with simplified Android onboarding
- Get more device control flexibility with BitLocker settings in Defender for Endpoint
- Detect suspicious processes running on hidden desktops
- Simplify triage with the new Alert Timeline
- Offline Security Intelligence Update is now GA
- Use the new investigation and response capabilities for macOS and Linux
- Manage your devices with ease using dynamic rules for device tagging in Microsoft Defender
- Get greater flexibility across iOS deployments with User Enrollment support in Defender for Endpoint
- Ignite News: Augment your EDR with deception tactics to catch adversaries early
- Simplified security settings management is now generally available
- Announcing a streamlined device connectivity experience for Microsoft Defender for Endpoint
- Microsoft Defender data can now be hosted locally in Australia
- Announcing mobile device tagging for iOS and Android
- Optimizing endpoint security with Microsoft Defender for Endpoint's flexible licensing options
- Use the new eBPF-based sensor for Defender for Endpoint on Linux
- Now in Public Preview: Device isolation and AV scanning for Linux and macOS
- Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint
- Announcing the monthly security summary report for Microsoft Defender for Endpoint
- Discovering internet-facing devices using Microsoft Defender for Endpoint
- Enrich your advanced hunting experience using network layer signals from Zeek
- Defender for Endpoint and disconnected environments. Cloud-centric networking decisions
- Microsoft awarded Best Advanced Protection for Corporate and Consumer Users by AV-TEST
- Defender for Endpoint and disconnected environments. Which proxy configuration wins?
- Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices
- Announcing device isolation support for Linux
- Recovering from Attack Surface Reduction rule shortcut deletions
- Introducing tamper protection for exclusions
- Disconnected environments, proxies and Microsoft Defender for Endpoint
- New network-based detections and improved device discovery using Zeek
- Announcing new removable storage management features on Windows
- Use the new Microsoft 365 Defender API for all your alerts
- Detecting and remediating command and control attacks at the network layer
- Tamper protection will be turned on for all enterprise customers
- Microsoft Defender for Endpoint is now available on Android company-owned personally enabled devices
- Improving device discoverability and classification within MDE using Defender for Identity
- Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender
- How to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations
- Network Protection and Web Protection for macOS and Linux is now in Public Preview!
- Tamper protection on macOS is now generally available
- New Device Health Reporting for Microsoft Defender for Endpoint is now in Public Preview
- Announcing File page enhancements in Microsoft Defender for Endpoint
- Introducing the new alert suppression experience
- Mobile Network Protection in Microsoft Defender for Endpoint on Android & iOS now in Public Preview
- Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”
- Mobile device support is now available for US Government Customers using Defender for Endpoint
- Hunting for network signatures in Microsoft Defender for Endpoint
- Evaluation Lab: new domain-joined devices support in Public Preview
- Troubleshooting mode for Microsoft Defender for Endpoint now Generally Available
- Announcing the public preview of Defender for Endpoint personal profile for Android Enterprise
- Security Settings Management in Microsoft Defender for Endpoint is now generally available
- Tamper Protection is now available on macOS
- Device Inventory - The evolution of the endpoint view
- Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android
- Enhanced antimalware engine capabilities for Linux and macOS
- New Reporting Functionality for Device Control and Windows Defender Firewall
- Unified submissions in Microsoft 365 Defender now Generally Available!
- Announcing expanded support and functionality for Live Response APIs
- Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study
- The Splunk Add-on for Microsoft Security is now available
- Deprecating the legacy SIEM API
- Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
- Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview
- Announcing Preview of New Security Management Capabilities for Microsoft Defender for Endpoint.
- Evaluation Lab: Expanded OS support & Atomic Red Team simulations
- Announcing the public preview of Microsoft Defender for Endpoint Mobile - Tamper protection
- AI-driven adaptive protection in Microsoft Defender for Endpoint
- Microsoft Defender for Endpoint Plan 1 Now Generally Available
- Announcing performance analyzer for Microsoft Defender Antivirus
- Device Control Device Installation update
- Defending Windows Server 2012 R2 and 2016
- Announcing live response for macOS and Linux
- Web content filtering now generally available on Windows
- Boost protection of your Linux estate with behavior monitoring, extended distro coverage, and more
- Introducing Microsoft Defender for Endpoint Plan 1
- Make sure Tamper Protection is turned on
- Announcing Apple M1 native support
- Public Preview: Custom file IoC enhancements and API schema update
- Best practices for optimizing custom indicators
- Microsoft Defender for Endpoint Ninja Training: August 2021 update
- DeepSurface integrates with Microsoft's vulnerability management capabilities
- Download quarantined files now in public preview
- Protect your removable storage and printers with Microsoft Defender for Endpoint
- Announcing live response API public preview
- Evaluation lab updates: device renewal and new simulations
- Endpoint Discovery - Navigating your way through unmanaged devices
- Network device discovery and vulnerability assessments
- Configuring exclusions for Splunk on RedHat Linux 7.9
- New threat and vulnerability management experiences in Microsoft 365 security
- Enhancing Linux antivirus with behavior monitoring capabilities!
- Mac updates: Control your USB devices with Microsoft Defender for Endpoint on Mac!
- Migrate advanced hunting from Microsoft Defender for Endpoint to Microsoft 365 Defender
-Announcing a global switch for tamper protection
- Investigating the Print Spooler EoP exploitation
- Advanced hunting: updates to threat and vulnerability management tables
- One app for VPN and mobile threat defense
- Delivering world class SecOps experiences
- MITRE ATT&CK Techniques now available in the device timeline
- Protecting sensitive information on devices
- Microsoft Defender Antivirus: 12 reasons why you need it
- Extending threat and vulnerability management to more devices
- Windows Virtual Desktop support is now generally available
- How to use tagging effectively (Part 3)
- Microsoft Defender for Endpoint: Automation defaults are changing
- EDR for Linux is now generally available
- How to use tagging effectively (Part 2)
- How to use tagging effectively (Part 1)
-Announcing EDR in block mode general availability
-Microsoft Defender for Endpoint on iOS is generally available
- EDR for Linux is now available in public preview
- Microsoft Defender for Endpoint adds depth and breadth to threat defense across platforms
- Microsoft Defender ATP for Mac is moving to system extensions
- How behavioral blocking & containment stops post-exploitation tools like BloodHound, Kerberoasting
- Introducing EDR in block mode: Stopping attacks in their tracks
- Introducing an improved timeline investigation with event flagging
- Announcing high value asset tagging in Microsoft Defender ATP
- SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2
- Microsoft Defender ATP awarded a perfect 5-star rating by SC Media
- Introducing event timeline – an innovative, new way to manage your security exposure
- An update on Web Content Filtering
- Configuring Microsoft Defender Antivirus for non-persistent VDI machines
- Improving defenses against Exchange server compromise
- Microsoft Defender ATP for Linux is now generally available!
- Announcing Microsoft Defender ATP for Android
- Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
- A deeper dive into the APT29 MITRE ATT&CK evaluation
- Microsoft Defender ATP has a new UEFI scanner
- New partnerships with innovative leaders helps you fight advanced threats!
- Say hello to the new alert page in Microsoft Defender ATP
- Migrate the old Power BI App to Microsoft Defender ATP Power BI templates!
- Microsoft Defender ATP evaluation lab breach & attack simulators are now available in public preview
- Demystifying attack surface reduction rules - Part 4
- Defending networks against human-operated ransomware
- Automate the boring for your SOC with automatic investigation and remediation!
- Indicators enhancements: Allow/Block by certificates & more
- Demystifying attack surface reduction rules - Part 3
- Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP
- Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
- Deploy Microsoft Defender ATP for Mac in just a few clicks
- MITRE ATT&CK evaluation results
- Demystifying attack surface reduction rules - Part 2
- Demystifying attack surface reduction rules - Part 1
- Live response for earlier versions of Windows is now in public preview
- Secure your remote workforce with Microsoft Defender ATP
- Secure Configuration Assessment (SCA) for Windows Server now in public preview
- Microsoft Defender ATP service notification improvements
- Connect the dots using a device network overview Power BI report
- Raw data export: Announcing Microsoft Defender ATP Streaming API GA
- Microsoft Defender ATP for Linux is coming! ...And a sneak peek into what’s next
- Enable tamper protection in Threat & Vulnerability Management to increase your security posture
- Put regulation fears to rest when deploying Microsoft Defender ATP
- Web content filtering with Microsoft Defender ATP now in public preview
- Extending Microsoft Defender ATP network of partners
- Enforcement of TLS 1.2 for connections to Microsoft Defender ATP
- EDR capabilities for macOS have now arrived
- Advanced hunting data schema changes
- Short & sweet educational videos for Microsoft Defender ATP
- Create custom reports using Microsoft Defender ATP APIs and Power BI
- Recordings now online: Microsoft Defender ATP sessions from #MSIgnite 2019
- Microsoft Defender ATP for Mac - EDR in Public Preview
- How insights from system attestation and advanced hunting can improve enterprise security
- Microsoft Defender ATP sessions at #MSIgnite 2019
- Tamper protection now generally available for Microsoft Defender ATP customers
- Manage Windows Defender Firewall with Microsoft Defender ATP and Intune
- Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave
- Enhanced visibility into web threats with Microsoft Defender ATP
- Microsoft Defender ATP EDR support for Windows Server 2008 R2 now generally available
- New! API Explorer and Connected applications
- MITRE ATT&CK technique info in Microsoft Defender ATP alerts
- Microsoft Defender ATP supports custom IOCs for URLs, IP addresses, and domains
- Enhance your SOC with Microsoft Defender ATP Automatic Investigation and Remediation
- Test security products the right way and find new protection features with MDATP evaluation lab
- Advanced hunting updates: USB events, machine-level actions, and schema changes
- Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant
- Microsoft Defender ATP 'Ask Me Anything' August 2019 - Summary
- Migrate your custom Threat Intelligence (TI) to indicators!
- The Golden Hour remake - Defining metrics for a successful security operations
- Download files for in-depth investigation
- MDATP Streaming API - Public Preview - DIY example
- Microsoft Defender ATP Evaluation lab is now available in public preview
- Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!
- Microsoft Defender ATP automation & cloud app discovery now available in previous Windows 10 builds!
- Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
- MDATP Python automation - Automate machine isolation with Python script
- Microsoft Defender ATP unified indicators of compromise (IoCs) experience
- Microsoft Defender ATP for Mac now in open public preview
- Incident response at your fingertips with Microsoft Defender ATP live response
- Microsoft Defender ATP and Malware Information Sharing Platform integration
- Updates to attack surface reduction rules for Office apps
- Pushing custom Indicator of Compromise (IoCs) to Microsoft Defender ATP
- Microsoft Defender ATP third-party solution integrations
- Microsoft Threat Experts reaches general availability
- Protecting disconnected devices with Microsoft Defender ATP
- Tamper protection in Microsoft Defender ATP
- Announcing Microsoft Defender ATP for Mac
- Palo Alto Networks and WDATP ad-hoc integration
- MITRE evaluation highlights industry-leading EDR capabilities in Windows Defender ATP
- Automate Windows Defender ATP response action: Machine isolation
- Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules
- Ticketing system integration – Alert update API
- Help protect the exec – go with the Flow!
- WDATP API “Hello World” (or using a simple PowerShell script to pull alerts via WDATP APIs)
- Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices
- Microsoft Defender ATP built-in threat summary and health reports
- What’s new in Windows Defender ATP, November 2018
- New! Windows Defender ATP Incidents narrate the end-to-end attack story
- Automating investigation and response for memory-based attacks
- SecOps is more effective thanks to Microsoft Windows Defender Advanced Threat Protection
- Microsoft Cloud App Security and Windows Defender ATP - better together
- WDATP September 2018 preview features are out
- Hunting tip of the month: Downloads originating from email links
- Optimized reporting latency and expedite mode
- Interpreting Exploit Guard ASR audit alerts
- Improve your defensive posture with Exploit Guard ASR
- Advanced hunting now includes network adapters information
- Hunting tip of the month: Browser downloads
- Getting Started with Windows Defender ATP Advanced Hunting
- Hunting tip of the month: PowerShell commands
- What’s new in the WDATP Portal?
- Protecting Windows Server with Windows Defender ATP
- Enhancing conditional access with machine-risk data from Windows Defender Advanced Threat Protection
- New demo: Advanced Threat Protection across Windows 10 and Office
- Exploit Guard - Network Protection
- Announcing: Windows Defender ATP support for Windows 7 and Windows 8.1
- Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
- Microsoft partners extend Windows Defender ATP across platforms
- Windows Defender ATP helps analysts investigate and respond to threats
- Windows Defender ATP Windows 10 Fall Creators Update now open for public preview
- Windows Defender ATP machine learning: Detecting new and unusual breach activity
- Windows Defender ATP Fall Creators Update
- Microsoft signs agreement to acquire Hexadite
- Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack
- The Story of Windows Defender
- Windows 10 to offer application developers new malware defenses
- What’s in a name?? A lot!! Announcing Windows Defender!
GitHub