Microsoft Defender for Endpoint Gets Streamlined Device Connectivity Experience

Windows Logo

Key Takeaways:

  • The streamlined device connectivity experience reduces the complexity of managing Defender for Endpoint services by consolidating and replacing multiple URLs with a simplified domain.
  • Security teams can now opt for static IP ranges dedicated to Defender for Endpoint or subscribe to Azure service tags.
  • The update includes a Defender for Endpoint client analyzer tool, allowing IT Pros to test the new connectivity mechanism in pre/post-onboarding scenarios.

Microsoft has released a new update that streamlines the device connectivity and onboarding experience for Microsoft Defender for Endpoint. The new feature is currently available in public preview for Windows PCs, with macOS and Linux support to follow in the coming months.

Up until now, security teams were required to separately set up and manage Microsoft Defender for Endpoint services within enterprise networks. Microsoft anticipates that this update will significantly cut down the Defender for Endpoint URL set, reducing it by more than 60 percent.

The simplified domain (*[.]endpoint[.]security[.]microsoft[.]com) will consolidate and replace URLs for various Defender for Endpoint services. This change will be applicable to malware sample submission storage, cloud-delivered protection (MAPS), automated investigation and remediation sample storage, Defender for Endpoint command and control, as well as Endpoint detection and response cyber data.

Microsoft Defender for Endpoint expands network configuration options

Microsoft is enhancing network configuration options by allowing the use of Defender for Endpoint-dedicated IP ranges instead of relying on URLs. The latest update is designed to streamline the configuration process for customers using older firewall devices that don’t support wildcard or hostname resolution. Microsoft also added support for Azure service tags, enabling administrators to define network access controls for Azure Firewall, network security groups, and user-defined routes.

“For more flexibility across diverse network environments, we now offer an alternative to URLs. Security teams can use static IP ranges that are dedicated to Defender for Endpoint or subscribe to the Azure service tag. – minimizing the complexity of frequent updates to network security rules,” Microsoft explained.

Lastly, Microsoft notes that administrators can use Defender for Endpoint client analyzer to test the new connectivity mechanism in pre-onboarding and post-onboarding scenarios. The tool helps to detect reliability or sensor health issues on onboarded devices.

To get started with the new onboarding experience, sign into the Microsoft 365 Defender portal and navigate to Settings > Endpoint > Onboarding. As of this writing, it supports Windows 11, Windows 10 version 1809 or higher, Windows Server 2019, Windows Server 2022, and Windows Server 2012/2016 R2. Microsoft notes that IT admins must ensure that all devices meet the specific requirements detailed in the official blog post.