Microsoft's Extending its Security Graph to MacOS, Adding More Services to ATP
If you haven’t been paying close attention, you could easily miss that Microsoft has quietly become a security vendor. From offering desktop services and endpoint protections, the company now provides a nearly-complete approach to protecting your data and your environments.
Starting today, Microsoft is bringing Defender Advanced Threat Protection (ATP) to the Mac. While the offering is entering private preview today, in the near future, if you currently use ATP in your environment, you will soon be able to extend that protection to MacOS devices.
With the service coming to MacOS, it opens the door to the question of when will Linux and Android be natively supported by ATP? While this functionality can be implemented with partner solutions, I fully expect these, and other platforms, to be supported in the near future; I asked Microsoft if they had this planned and they would not definitively say support is coming.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
In addition to supporting MacOS, the company is also announcing that Threat and Vulnerability Management (TVM) capabilities are now available in Microsoft Defender ATP; this enables the ability to discover, prioritize and remediate threats and vulnerabilities. This service is available starting in preview with general availability expected in the not-to-distant future.
TVM is a new feature of Defender ATP that makes it easier to understand your vulnerabilities, prioritize remediation based on signals from ATP, and then resolve the weaknesses using tools and assistance from Microsoft. Further, customers will be able to use built-in remediation processes to help bridge gaps between security and IT teams.
Extending the existing capabilities of Microsoft Defender ATP, Threat and Vulnerability Management adds:
- Real-time detection insights correlated with endpoint vulnerabilities
- Machine vulnerability context during incident investigations
- Built-in remediation processes through integration with Microsoft Intune and Microsoft System Center Configuration Manag
Microsoft says that a public preview of TVW will arrive next month and that additional functionality and support will be announced later down the road. For now, this is another big step for Microsoft into the lucrative security segment and I fully expect them to continue to grow their presence in this space.