Microsoft 365 - Endpoint Discovery

Endpoint Discovery

Discovery Mode

  • Tags assigns dedicated endpoints as probes (e.g. scoped deployment), instead of all endpoints, the ‘all devices’ setting is default and the recommended setting.
  • Exclusions adds IP-addresses or subnets to exclude from Standard discovery, for example highly sensitive devices. Basic discovery is always enabled.
  • Monitored networks provides an overview of Monitored networks (and the option to enable unmonitored networks that did not meet the enterprise network requirements).

Endpoints overview

  • Onboarded are endpoints are managed by MDE
  • Can be onboarded are discovered endpoints not managed by MDE
  • Unsupported are discovered endpoints not supported (e.g. not supported O.S.) by MDE
  • Insufficient Info are discovered endpoints but not enough information is available (e.g. deprecated endpoints)

Advanced hunting

Vulnerability Management

Microsoft 365 Security portal

  • Devices discovered in your organization — Summarizes discovered unmanaged endpoints distribution by device type.
  • Devices discovered in the last 7 days — Summarizes the number of new endpoints recently discovered.
  • Discovered devices to onboard — Presents the number of discovered supported endpoints that were not onboarded to Microsoft Defender for Endpoint.

--

--

--

Chief Technology Officer @ Nedscaper

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Bug Weekly #3: Injection

{UPDATE} Play Slots at The Phone Casino Hack Free Resources Generator

{UPDATE} We Happy Restaurant Hack Free Resources Generator

Beware of crypto scams

An OSINT Analysis of the Elon Musk Bitcoin scam

Security and Monitoring: The AWS way

The Dark Truth Behind Session Recording

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Derk van der Woude

Derk van der Woude

Chief Technology Officer @ Nedscaper

More from Medium

Let’s Create an Incident Response Plan

How Cobalt Strike became a potent tool for the Attackers

Introducing Hyper {Nano}: Hyper Cloud in a Bottle ⚡️🍷

Thoughts on Endpoint Organization — Senteon Updates April 2022