Businesses will now be able to use Microsoft Defender for Endpoint to secure their unmanaged endpoint devices (opens in new tab).
First announced in a public preview (opens in new tab) several months ago, the new capability gives Defender for Endpoint users visibility over unmanaged devices, which Microsoft argues (opens in new tab) pose the greatest risk to a corporate network’s security, especially in the new hybrid work (opens in new tab) environment.
“The riskiest threat is the one you don’t know about. Unmanaged devices are literally one of your weakest links. Smart attackers go there first,” said David Weston, Microsoft Director of Enterprise and OS Security.
- We've put together a list of the best endpoint protection (opens in new tab) software
- Here's our choice of the best malware removal (opens in new tab) software on the market
- And, these are the best firewall apps and services (opens in new tab)
Eye on your realm
Compromised unmanaged devices have been used in the past as springboards to launch broader attacks, such as the Equifax breach (opens in new tab), which can be traced back to an unpatched vulnerability on an internet-facing unmanaged server.
Microsoft further drives home the point of reigning in unmanaged devices by leveraging on its survey from October 2020 (opens in new tab) that revealed that users are 71 percent more likely to be infected on an unmanaged device.
With the new capability, Defender for Endpoint will be able to sniff out unmanaged workstations (opens in new tab), servers (opens in new tab), and mobile endpoints (Windows (opens in new tab), Linux (opens in new tab), macOS (opens in new tab), iOS (opens in new tab), and Android (opens in new tab)) that haven’t yet been onboarded and then secure them.
Furthermore, the new capability also discovers network devices, such as routers (opens in new tab), firewalls (opens in new tab), VPN (opens in new tab) gateways and adds them to the device inventory using periodic scans.
One of the interesting features of Defender for Endpoint’s new capabilities is the built-in logic that can differentiate between corporate and personal networks to ensure it doesn’t accidentally add your private devices not controlled by the organization to its list.
- Protect your devices with these best antivirus software (opens in new tab)