Credits: ABC News
The change is necessary, as Microsoft is unleashing its endpoint protection platform onto the hitherto virgin territory of macOS.
Windows Defender first put in an appearance in Windows XP as an anti-malware component, evolving over the years until being renamed Windows Defender Antivirus as the software dug itself deeper into the Windows 10 operating system.
The Advanced Threat Protection (ATP) incarnation extended the functionality for Microsoft 365 customers, adding in detection and exploration over devices and identities, as well as automation to clean up the messes inflicted by miscreants where possible.
In February the gang added “Microsoft Threat Experts” into the mix, to speed up the response to threats.
According to Microsoft 365 head honcho, Brad Anderson, around 27 per cent of Windows 7 users actually use thing. The figure rises to 55 per cent of all commercial PCs on Windows 10 either because, as Anderson said, “It’s built in. It’s a great experience. It’s always up to date. It’s always compatible” or maybe just because it is hard to avoid it, and IT admins like an easy life.
To be fair, in my experience, Windows Defender is far less of a resource hog than the products of certain other vendors, although customers have plenty of choice. A report by Statista put AVAST as the number one Windows anti-malware application vendor followed by Malwarebytes. The latter also enjoys quite a bit of love in the Apple community, according to one enterprise specialist we spoke to.
As part of Microsoft’s ongoing effort to move beyond Windows with the likes of Microsoft 365, it is extending this protection to other operating systems, starting with macOS. After all, once you’re paying for Office, what’s a little extra anti-malware between friends?
The newly renamed Microsoft Defender ATP is available for macOS now in a limited preview.
Threat and Vulnerability Management
The Defender ATP team has also pushed out to preview additional technology to deal with known vulnerabilities and misconfigurations that can be exploited by miscreants. Dubbed ‘Threat and Vulnerability Management’, the tech is geared up to scan the endpoints of an organisation and flag up weaknesses.
Anderson told us that technology was agentless (Defender having been built into the operating system for a while now). “It’s constantly monitoring the configuration and the settings of the device and when it sees that there is anything that is a known threat or a known vulnerability that is exposed, it automatically brings that to the attention of IT and IT can take automated action on that to clean it.”
Players of the Redmond drinking game will be delighted to spot the acronym “AI” in the announcement of the technology as an aid to identify nefarious activity. Admins should, however, be aware that in order to do the magic, Microsoft does need to suck telemetry from devices into its cloud.
According to Anderson, “It is just diagnostic data that allows us to make sure that we’re giving the direction to IT to take action.”
While Microsoft has published the definition for the data it is collecting, Anderson stated the obvious, “When you sign up to use this threat and vulnerability management, that does get commensurate with a level of that telemetry. And so it ties into a level of telemetry that you have to enable on Windows that is published.”
In other words, if you want to use Microsoft’s new smarts, you’re going to have hand over some data.
Wary perhaps of the notoriously litigious world of anti-virus, Microsoft stated that the new toys would be “in addition to the existing partner integrations already available.”
Handy, because only this week anti-virus vendor McAfee was trumpeting its own integration in Microsoft Teams.
The Teams app will, of course, be a standard part of Office 365 ProPlus as default by the end of March.