Securing the Endpoint

This year Planet is continuing to build out a security and compliance practice and is partnering with Microsoft on their Zero Trust initiative. One of the core pillars of Zero Trust is devices which have always been one of the main attack surfaces for the bad guys. With the amount of Cyberattacks occurring today, not a week goes by that I don’t have at least one scoping call with a customer around securing the endpoint. In this blog, I’ll describe our approach to these projects and depending on the Microsoft licensing the client has, how we secure the endpoint (we’ll focus on Windows 10 today).  

Up to now, security features were limited in the most popular MS licensing, Microsoft 365 E3/G3. Customer could deploy MS Endpoint Manager (Configuration Manager and/or Intune) to manage Windows and enable MS Defender Antivirus with a security baseline that meets the customer’s needs. Endpoint Manager comes with several basic baselines that can be deployed and custom ones can be defined to define requirements on encryption, DLP, Malware Protection, etc. Customers who wanted to utilize the more advanced Microsoft Defender Endpoint features were required to purchase the Defender SKU, the M365 E5/G5 licensing or the E5/G5 Security Step-up SKU. Recently Microsoft released a new SKU into preview called Defender for Endpoint Plan 1 which includes the basic features of Defender for Endpoints. Expected to be released later this year, this SKU will be available in M365 E3/G3 licensing. These features are documented below with links to more information.  

More Info at: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide 

As noted above, traditional endpoint protection with the E3/G3 license was basic utilizing built in Window security features such as definition-based AV, Encryption, Hello, etc. which meant that customers had to either purchase the Defender suite or upgrade to E5/G5 to obtain Next Gen Malware protection that offers real time protection. With the new licensing, Defender for Endpoints will be available in E3/G3 with enhanced features still available in E5/G5 Security. 

Years ago, Microsoft’s security solutions were basic, just enough to get by and document the coverage. Since then, Microsoft has invested billions in ramping up an industry leading security portfolio. As evidence, Defender for Endpoints was recently announced as leader by both Forrester and Gartner. Links below. 

https://www.microsoft.com/security/blog/2021/10/18/microsoft-achieves-a-leader-placement-in-forrester-wave-for-xdr/ 

https://www.microsoft.com/security/blog/2021/05/11/gartner-names-microsoft-a-leader-in-the-2021-endpoint-protection-platforms-magic-quadrant/ 

Microsoft Defender Suite of products including Office 365, Azure, SQL, and many more all work together to push and pull information (signals) in and out of the security graph. Utilizing the Defender Suite along with other solutions such as AIP, DLP, and Cloud App Security allows customers to truly build out a Zero Security Trust program to protect their assets. 

Lastly, we discussed licensing above and hopefully we did a good job explaining but that is just the beginning. Fortunately, Microsoft has developed a live site that does a excellent job showing off M365 licensing complete with links to the products and technologies, check it out: Microsoft 365 Enterprise | M365 Maps