Microsoft Defender for Endpoint: Features and Capabilities


In this blog we will explore features and capabilities of Microsoft Defender for Endpoint. To start, Endpoint Detection and Response (EDR) is the new endpoint (anti-virus) protection software model. EDR is intelligence-driven, and unlike traditional anti-virus software that kicks in when malware is detected, EDR can identify and prevent threats before they run or impact systems. 

Additionally, EDR can take a centralised, company-wide view of what’s happening and, where necessary, initiate automated investigations, block irregular activity (not just malware) and compile a forensic analysis of the situation. IT or security operations teams can also leverage EDR tools to manually initiate investigations to search for known vulnerabilities and threats on a company-wide level. 

Microsoft Defender

The new products in Defender are designed to fully integrate with Windows 10 and Microsoft 365.  

We reconmmend Microsoft’s Defender for Endpoint as a EDR solution. The best part is that, any existing anti-virus can be replaced by Microsoft Defender for Endpoint either by subscribing to a per-user plan or per-month subscription.

  • Cloud Security Analytics – Microsoft uses device learning and big data analytics technologies to transform behavioural signals into recommended responses to detection, insights, and threats.  
  •  Threat Intelligence – Microsoft threat hunters and security teams use threat intelligence gathered across the ecosystem and provided by partners to gain insights. Threat intelligence helps Defender for Endpoint identify attackers’ tactics, techniques, and procedures (TTPs). It also generate alerts.  

Let’s discuss the features of Microsoft Defender for Endpoint as it is available in the following two plans: 

Defender for Endpoint Plan 1 Features 

The green boxes in the image below represents the features of Defender for Endpoint Plan 1. 

Defender for Endpoint

The capabilities provided by Defender for Endpoint Plan 1 are: 

  • Next Generation Protection – Provides malware and virus protection. 
  • Manual Response Actions – Allows security professionals and teams to perform specific actions. For example, you can quarantine a file when Defender detects a threat. 
  • Attack surface reduction – detect zero-day attacks and enhanced devices. It also provides fine-grained access control for endpoints. 
  • Centralized Management and Configuration-Use the Microsoft365Defender portal to integrate with Microsoft Endpoint Manager. 
  • Protecting Other Platforms-Helps Protect Windows, iOS, macOS, and Android Devices. 

Microsoft Defender for Endpoint (Plan 2) Features 

Microsoft Defender for Endpoint (Plan 2) was formerly known as Defender for Endpoint. 

Secure Your Network: Learn about Microsoft Defender for Endpoint

Learn More

Threat and Vulnerability Management 

The threat vulnerability management features provided by Plan 2 are as follows: 

  • Use sensors to identify configuration errors and vulnerabilities in real time without having to deploy regular scans or agents  on your endpoints. 
  • Prioritize vulnerabilities according to threat status, sensitive data on vulnerable devices, detection within your organization, and business context. 
  • Provides real-time protection. 
  • A completely cloud-based platform. 
  • Integrate with Microsoft Intelligent Security Graphs and Knowledge Base for application analysis. 
Customer size < 300 Seats > 300 Seats > 300 Seats
Endpoint Capabilities Microsoft Defender for Business

Microsoft Defender for Endpoint Plan 1

Microsoft Defender for Endpoint Plan 2
Centralised Management
Simplified Client Configuration
Threat and Vulnerability Management
Attack Surface Reduction
Next-Gen Protection
Endpoint Detection and Response
Automated Investigation and Response
Threat Hunting with 6-Months Data Retention
Threat Analytics
Cross-platform Support for Windows, MacOS, iOS, and Android
Microsoft Threat Experts
Partner APIs


In this blog, we have explored the features and capabilities of Microsoft Defender for Endpoint (formerly Microsoft Defender ATP). It is a holistic, cloud-delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral-based and cloud-powered next-generation protection, endpoint detection, and response (EDR).