Following the theme of the recently passed and egg-filled Easter, Above IT’s new ‘consigliere’ Matias Haapaniemi has blogged about Microsoft’s Defender endpoint protection and its history as a cybersecurity technology. Microsoft’s paid endpoint protection has a long and interesting history, which often remains unknown due to the product’s repeated rebranding. So, if you’re still wondering whether it’s worth putting all your IT environment’s cybersecurity eggs in one basket within Microsoft’s ecosystem, keep reading!
Defender's journey from history to the present day
Defender for Endpoint, part of Microsoft 365 services, was originally launched in 2016 under the name Windows Defender ATP. Initially, the product only supported the Windows operating system and didn’t gain significant market share because its performance and capabilities weren’t particularly impressive.
In 2018, Microsoft began to heavily invest in developing Windows Defender ATP. The product’s technical capabilities improved significantly, but despite this, its market share remained relatively low.
In 2019, Microsoft rebranded the product as Microsoft Defender Advanced Threat Protection and continued to invest heavily in endpoint protection. At the same time, the product expanded to support all major operating systems (Windows, MacOS, Linux, iOS, and Android). These changes attracted significantly more customers, but the original vision of comprehensive endpoint protection had not yet been fully realized.
In 2020, Microsoft once again rebranded, giving the product its current name, Defender for Endpoint. At this point, the long-term investments began to pay off, and Defender for Endpoint finally became a cybersecurity solution that truly impressed organizations.
The arrival of Defender for Endpoint
Although Defender for Endpoint succeeded in implementing Microsoft’s vision of comprehensive endpoint protection, it faced a new challenge: the product was aimed at organizations with over 300 users, which meant that a significant portion of smaller organizations using Microsoft 365 services were left without this solution.
As a solution to this, Microsoft launched a version for small and medium-sized businesses in 2021 called Defender for Business, which was packaged with Business Premium licensing. Technically and feature-wise, Defender for Business largely corresponds to the Defender for Endpoint product. The most significant difference is in log data processing: Defender for Business does not store log data collected from devices in the cloud long-term; instead, the data is deleted after processing. However, log retention can be implemented if needed, for example, using Microsoft Sentinel.
In their current form, both Defender for Endpoint and Defender for Business are highly impressive and offer comprehensive cybersecurity for organizations.
The technology in practice
Microsoft’s Defender XDR protects endpoints comprehensively. The new cloud-managed solutions utilize Windows’ built-in Windows Defender antivirus and Microsoft Endpoint Detection and Response (EDR) component, MsSense, for countering more sophisticated threats.
- Operating system-level firewall (FW)
- Windows Firewall
- Host-Based Intrusion and Detection system (HIDS/HIPS)
- MsSense (Defender for Business/Endpoint)
- Antivirus (AV)
- Windows Defender
- Endpoint Detection and Response (EDR)
- MsSense (Defender for Business/Endpoint)
- Vulnerability Management Tools
- MsSense (Defender for Business/Endpoint)
- Users and Entity Behaviour Analytics (UEBA)
- MsSense (Defender for Business/Endpoint)
- Cyber Threat Intelligence (CTI)
- MsSense (Defender for Business/Endpoint)
- Binary control
- Application Control for Windows
Facts about Defender's evolution
Microsoft has invested vast sums of money in cybersecurity and endpoint protection. The development of endpoint protection is easy to follow, for example, in Gartner’s research.
All eggs in one basket?
Now is an excellent time to centralize the entire organization’s cybersecurity into Microsoft’s products, as Defender for Endpoint and Defender for Business together offer genuinely comprehensive and unified protection for the entire device fleet. An integrated platform also means centralized management, enhanced reporting, and faster response to threats, as all telemetry and alert data flows seamlessly within the same ecosystem.
Microsoft’s continuous investments in artificial intelligence, user and entity behavior analytics (UEBA), and cloud-based EDR technology (MsSense) ensure that your organization stays one step ahead of both known and emerging threats. Additionally, easy integration of logs and alerts with Microsoft Sentinel or other SIEM solutions guarantees flexibility and scalability for businesses of different sizes.
When your IT management is considering the right and sufficient Microsoft 365 licensing, it’s worth turning to us to find an adequate and properly modeled solution for your needs. Transitioning to the unified Defender XDR product family makes cybersecurity simpler, reduces administrative work, and improves cost-effectiveness, which is why the acquisition is typically a ‘no-brainer’! Now is the time to put all your eggs in one basket and move to Microsoft’s cybersecurity products!
When your IT management is looking for savings, cybersecurity is usually not the first thing you should cut back on. However, with Microsoft’s Defender technologies, it’s possible to achieve savings, both administratively and by better protecting against threats. Our Microsoft Solution Partner status in the Security category is a sign that we are the right partner when you’re looking for real expertise to support your IT management!