How can I tell if my organization is licensed for Microsoft Defender for Endpoint?
The following Microsoft Volume Licensing products support Defender ATP:
- Windows 10 Enterprise E5
- Windows 10 Education A5
- Microsoft 365 E5 (M365 E5) (this includes Windows 10 Enterprise E5)
- Microsoft 365 E5 Security
- Microsoft 365 A5 (M365 A5)
The easiest way to check current licensing information is to visit the Volume Licensing Service Center online: https://www.microsoft.com/Licensing/servicecenter/default.aspx
Accessing https://securitycenter.windows.com may produce a “No subscriptions found” warning message with the following text:
“No subscriptions found. Before you can start using Microsoft Defender Advanced Threat Protection, you need to subscribe to the service. See Microsoft Defender ATP product site or contact your Microsoft account team for information.”
What operating systems are supported by Microsoft Defender for Endpoint?
Microsoft Defender for Endpoint supports a wide range of Windows, macOS, and Linux operating systems. Learn more about operating systems supported by Microsoft Defender ATP.
Can I run Microsoft Defender for Endpoint with another endpoint security or antivirus program installed?
Defender for Endpoint relies on the Microsoft Defender AV to provide metadata to the sensor and service. Defender will enter “passive mode” when another AV tool is present, allowing these functions to operate normally. If your organization has fully disabled Defender via GPO or another method, you will need to re-enable Defender on machines that are scheduled for Defender for Endpoint enrollment. For more information, see Microsoft Defender Antivirus compatibility.
How is Microsoft Defender for Endpoint protected from tampering or disabling?
Disabling Microsoft Defender for Endpoint on Win10 is difficult for adversaries. Microsoft has hardened it in multiple ways so it’s highly unlikely that it could be disabled.
If you are deeply concerned about this risk, ensure that tamper protection is enabled for Windows Defender. This feature is supported in Windows 10 OS 1709, 1803, 1809, or later, together with Microsoft Defender Advanced Threat Protection E5.
Microsoft has an in-depth blog post on the various methods used to enable this technology here.
What other Microsoft solutions does Microsoft Defender for Endpoint currently integrate with?
Microsoft Defender ATP directly integrates with various Microsoft solutions, including:
- Office 365 Defender
- Defender for Azure
- Azure Security Center
- Skype for Business
- Microsoft Cloud App Security
- Azure Sentinel
What happens when a Microsoft Defender -protected endpoint loses connectivity?
The Microsoft Defender for Endpoint agent will cache data locally for roughly three days. If a machine has not communicated (sending via “cyber data channel” but not command and control) for over two days, the machine is considered impaired.