The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Microsoft defends previous Windows releases

Microsoft defends previous Windows releases

Microsoft are adding “down-level” support to Windows Defender Advanced Threat Protection (ATP), making it available to protect machines running Windows 7 and Windows 8.1.

Microsoft are building a behavioural based Endpoint Detection and Response (EDR) solution specifically for the older Windows editions. For Windows 10 devices, they recommend that it be run alongside Windows Defender Antivirus which, in these “down-level” scenarios, they call System Center Endpoint Protection (SCEP).

A public preview will be made available in “spring” 2018.

What is Windows Defender ATP?

Windows Defender Advanced Threat Protection is the difference between Windows 10 E3 and Windows 10 E5 and:

“provides preventative protection, detects attacks and zero-day exploits, and gives you centralized management for your end-to-end security lifecycle”

Its aim is to help organisations detect and investigate cyber attacks in a faster, more efficient manner using a combination of behavioural analytics, machine learning and human researchers.

What does this mean for ITAM?

For organisations with devices still running Windows 7 SP1 and/or Windows 8.1 (which is many), this will enable a stronger security baseline across the desktop as Windows Defender Advanced Threat Protection offers several tools and reports to help improve and maintain an organisation’s security.

ITAM should be integral to the successful running of WDATP – or similar tools. While Security Operations and Security Management teams will, most likely, be the ones using the tools – knowing how many devices there are, where they are and what type of OS they’re running will be key to ensuring proper protection. If devices are missing from asset scans, that might indicate a potential security problem.

There are advanced features within Windows Defender Advanced Threat Protection that can be turned on, if there are other licenses present.
For example, the “Office 365 Threat Intelligence connection” enables a centralised security report across Windows devices and Office 365 mailboxes. Being able to produce a report of all users licensed with Windows 10 E5 and Office 365 E5 (or the Threat Intelligence add-on) will make it possible to check that this feature is enabled and working everywhere it should be.

Non-Windows devices

Microsoft have also extended Windows Defender ATP to run cross-platform across Linux, iOS, Android and macOS, through work with solutions from BitDefender, LookOut, Ziften and SentinelOne.

Again, ITAM being able to present a complete overview of all devices – not just Windows desktops but all mobile devices too – will be hugely beneficial to the success of such a deployment.

Do you have that level of insight into your mobile estate currently? Even if it’s unlikely that you’ll deploy Windows 10 E5 and Windows Defender ATP, as ITAM and Security become ever more entwined – visibility of phones, tablets, smart watches etc. will surely be a key part of Next Generation ITAM.

Further Reading

Image credit

email

About Rich Gibbons

Rich has been in the world of IT and software licensing since 2003, having been a software sales manager for a VAR, a Microsoft licensing endorsed trainer, and now an ITAM analyst looking at software licensing and cloud.

A Northerner renowned for his shirts, Rich is a big Hip-Hop head, and loves travel, football in general (specifically MUFC), baseball, Marvel, and reading as many books as possible. Finding ways to combine all of these with ITAM & software licensing is always fun!

Connect with Rich on Twitter or LinkedIn.

Leave a Comment