What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
I have demoed these solutions together. There are as well other alternatives that integrate with SaaS services.
Thank you for your help.
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Feb 15, 2023
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.
There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...
But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations.
Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...
Senior Associate Specialist at a financial services firm with 1,001-5,000 employees
Feb 16, 2023
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.
1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.
2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.
3. You can still use autopilot using both of these approaches.
Microsoft Windows Defender is a part of Windows 10 and is available at no additional cost. It offers basic protection against malware and viruses. For more comprehensive protection, you can upgrade to a paid subscription to Microsoft Defender Advanced Threat Protection.
ADTP is a cloud-based platform that delivers real-time security insights and advanced threat protection for endpoints across your enterprise. It features behavioral detection analytics, anti-ransomware, and anti-phishing technologies.
Microsoft Defender ATP starts at $15 per user per month. Volume discounts are available.
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution.
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. It includes risk-based vulnerability management, EDR, behavioral threat protection, automatic investigation and remediation, and managed threat hunting, all in a single, holistic solution.
MDE is designed to detect and remediate MITRE threats. It has a good threat detection rate, scans devices in real-time, and can monitor individual user computers. The best feature is the automated detection and remediation with a threat timeline.
It runs on few system resources, and it doesn’t slow your computer when scanning for threats. You only need one login to manage your dashboards, and it is compatible across Mac, iOS, Windows, and Ubuntu Linux.
There are downsides to MDE, though. It doesn’t have web filtering on the macOS (although you can do it via Microsoft Intune). It also doesn’t integrate with the MS Cloud app.
We use Symantec EP on all our devices. It also features a cloud management platform and a central server that reports on all the endpoints.
Symantec offers powerful network threat detection and protection. Symantec detects zero-day threats and mutates malware. The advanced behavioral analysis uncovers malicious files masking as legitimate. The license is also affordable for medium-sized companies.
There is room for improvement, though. If you’ve got Macs in your environment, I will discourage Symantec. The cloud platform and the server sometimes don’t talk to each other. The system also is poor in auto repair.
Which solution you choose will depend on your use case. If you are a small business and not invested in MS products, Symantec is a great option. If you already run MS Enterprise, by all means, go for MDE.