Here is a summary of the changes and features introduced to Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection (ATP)) during the month.
- The plug-in Microsoft Defender for Endpoint for Windows Subsystem for Linux (WSL) is now available (GA version - 1.24.522.2). The plug-in allows Defender for Endpoint to provide greater visibility into all running WSL containers by connecting to the isolated subsystem.
- Preview enabling enable the Preview options in the main settings of Microsoft 365 Defender alongside other Microsoft 365 Defender Preview features. Customers who are not yet using the preview features will continue to see the old settings under Settings > Endpoints > Advanced features > Preview features.
- The streamlined device connectivity for Defender for Endpoint is now available for Windows, macOS and Linux. This experience simplifies the configuration and management of Defender for Endpoint services by reducing the number of URLs required for connectivity, providing support for IP service tags & Azure and simplifying network management after deployment.
- The service Microsoft Defender Core is generally available on Windows clients and helps with the stability and performance of Microsoft Defender Antivirus.
- In the May release of the Defender for Endpoint client for Windows Server 2012 R2 and 2016 (KB5005292 // 10.8750), a fix is included for an issue that caused empty policies to appear in the user interface and the configuration of Windows Defender Application Control (WDAC) policies to block the execution of unwanted applications on the device.
- In the May release of the Defender for Endpoint client for macOS (101.24042.0008 | Release version: 20.124042.8.0), bug fixes and performance improvements are included.
- In the May release of the Defender for Endpoint client for Linux (Build: 101.24042.0007 | Release version: 30.124042.0007.0), the following are included:
- In passive and on-demand modes, the antivirus engine remains inactive and is only used during scheduled custom scans. Thus, as part of performance improvements, Microsoft has made changes to keep the AV engine inactive in passive and on-demand mode, except during scheduled custom scans. If real-time protection is enabled, the antivirus engine will always be operational. This will have no impact on the protection of your server, regardless of the mode. To keep users informed of the antivirus engine status, Microsoft has introduced a new field called "engine_load_status" as part of the MDATP health status. It indicates whether the antivirus engine is running or not.
- Bug fixes to improve behavioural detections.
- Improved stability and performance.
- Other bug fixes.
- In the May release of the Defender for Endpoint client for Android (1.0.6508.0101), bug fixes and various improvements are included.
- In the May release of the Defender for Endpoint client for iOS (1.1.53080103), bug fixes and improvements are included.
More information on: What's new in Microsoft Defender for Endpoint | Microsoft Docs
Read also:
Your dynamic snippet will be displayed here... This message is shown because you have not defined the filter and template to use.