Join Robert Buktenica and Jonathan Hazelden in the newest installment of The Late Night Brew. In this installment, they explore the diverse endpoints protected by Defender, from Windows devices and servers to surprising inclusions like Mac OS, Linux, and even mobile platforms. Learn how administrators master Defender’s capabilities through Intune and MECM, and anticipate upcoming episodes for deeper insights.
TIMESTAMP
00:07 – Introduction
00:38 – The Brew
01:30 – What Endpoints can Defender Protect?
04:20 – How do administrators manage Defender for Endpoints?
TRANSCRIPT
Introduction
Robert Buktenica: Hello, everyone, and welcome to another episode of the Late Night Brew, where we talk the brews first, then we get around what we’re supposed to after the fact. Joining me, once again, for the next installment of the Defender series, is Mister Jonathan Hazelden, once more. Jon, welcome back.
Jonathan Hazelden: Hey, Buck, glad to be back again.
Robert: As always. Now, before we dive into what endpoints can Defender protect, you know the drill, what brew are you having with me today?
The Brew
Jonathan: I actually have a glass of Rosé, which I’m told is the first time anyone’s done that on your show.
Robert: It is, it is. It’s fermented, it’s close enough to being brewed, so I’ll take it. It’s summer, so I don’t blame you.
Jonathan: Exactly.
Robert: On that, I’ve actually got a Mimosa sour beer. It’s quite light. It’s not very soury, but I guess it’s good because you can drink a lot of them, so good and bad, depending on how you look at it.
Jonathan: I’ve never heard of that, it’s very interesting.
Robert: Hambo, in Australia, always says he wants to visit the US just so he can sample all of the different ones that I’ve had.
What Endpoints can Defender Protect?
Robert: All right, let us dive into now what endpoints or what operating systems can Defender help protect.
Jonathan: Defender can help protect, as you would imagine Windows devices, so Windows 10 and 11 from your workstations, and then everything from server 2012 up to 2022 from your server platforms. That can be whether the Cloud, in the Cloud or whether they’re on-premise. That’s from a Windows’ perspective.
It also protects Mac OS and Linux. Not with the complete set of capabilities that Windows has, but the majority of them.
Robert: So it’s still possible to monitor and protect?
Jonathan: Yes, it definitely gives you a good level of protection. It’s more the automation, the automated response capabilities that it doesn’t have for those platforms. We have seen a number of customers that we work with directly, maybe they’re mainly Windows operation, but they also have onboarded Linux and Macs.
That’s the workstation side of things, but Defender also protects mobile devices, so IOS and Android. They call it Mobile Threat Defense. It works in a slightly different way. Ultimately, those devices use the Microsoft Defender app that gets installed to be able to use some of the Defender capabilities and report back to the Defender servers in the Cloud.
Robert: Interesting. I think the most surprising takeaway for that was actually Linux was already rolled into it, and servers. I didn’t realise servers could be pulled in.
A quick question of clarification before we roll to our next official question, do devices need to be enrolled in Intune in order to get protection from Defender for endpoint?
Jonathan: No, they don’t, but it’s better if they do depending on what capabilities you want and how much coverage you want in terms of how the device is configured. There’s a lot more you can do if they are enrolled in Intune, but it’s not a necessity.
How do administrators manage Defender for Endpoints?
Robert: Okay, cause I’m sure somebody has that question out there that’s listening. On that topic, actually, that’s a great segue, unintentionally, of how administrators manage Defender for Endpoint?
Jonathan: Yes, so there is a multitude of ways to manage it. I mean, the two most common ways are, number one, Intune, number two, MECM or SECM if you’re still running device management on-prem.
We’ve worked with customers that use both or even co-manage configuration. If you’re using Macs, maybe Jamf, those are kind of the main platforms for management. Within those platforms, that’s how you– Intune, for example, is easy to onboard the machines because Defender is generally, it’s part of the operating system. It’s already there.
It’s essentially, it’s just the case of onboarding them, and then all the configuration from your antivirus policies through to your kind of attack service reduction policies and some of the advance features can all be configured and managed directly through Intune or MECM.
Robert: The Defender portal, I believe there’s a lot of reporting elements, which I think we’re going to get into another episode. I’m going to stop myself there, as I realised what I say.
Awesome. Well, that I believe, wraps up everything. No more questions, from this side at least. Thank you very much, Jon, once again, for joining. If you have any questions, or anyone watching has any questions, please feel free to reach out. As always, our contact info is below.
Thank you very much, my friend, and until next episode, cheers.
To watch other Late Night Brew episodes and explore more cybersecurity insights, check out our series playlist. If you have any questions or want to learn more about how Microsoft Defender can enhance your organisation’s security, feel free to contact us.