Microsoft Defender for Endpoint Can Now Discover Internet-Facing Devices

Cloud Computing

Microsoft Defender for Endpoint is getting a new update that will enable IT admins to discover internet-facing devices. The new feature leverages the existing network telemetry and RiskIQ integration to automatically map all onboarded devices that are connected to the internet.

Microsoft has clarified that identifying and prioritizing internet-facing devices to address potential security threats can be a challenging task for organizations. This is due to the fact that many customers use different classification logics, data sources, and public IP ranges to cross-reference devices in enterprise networks. It makes it difficult for IT admins to verify the accuracy of insights collected across their digital assets.

“Microsoft Defender for Endpoint will automatically map and flag onboarded devices that are exposed to the internet in the Microsoft 365 Defender portal, providing more context to security teams and deeper insights into device exploitability. By providing a view into internet-facing devices, security teams can better prioritize alerts, recommendations and incidents as internet-facing devices oftentimes become an adversary’s entry point into the corporate network,” Microsoft explained.

Microsoft Defender for Endpoint Can Now Discover Internet-Facing Devices

How does internet-facing device mapping enhance security in Microsoft Defender for Endpoint?

As shown in the screenshot above, IT admins can view the classified internet-facing devices on the device inventory page. The information is also available through Advanced Hunting. Microsoft says that administrators can view internet-facing properties in the device pane.

Microsoft Defender for Endpoint Can Now Discover Internet-Facing Devices

Microsoft notes that the ability to identify internet-facing devices is available in public preview for Microsoft Defender for Endpoint customers. It should help organizations remediate vulnerabilities within the network and bolster their overall security posture.

Microsoft Defender for Endpoint has recently introduced new device isolation support for Linux devices. This capability has been available to protect Windows PCs since June 2022. The device isolation feature helps to prevent hackers from connecting to compromised devices and stealing sensitive information.