Microsoft Defender for Endpoint’s new ability to monitor and protect unmanaged devices has now reached GA stage which enables the security team to assess the devices in the network onboard them to the defender and secure them from vulnerabilities.

Defender for Endpoint, gives visibility over unmanaged devices running on the networks. It’s a cloud-based security service that gives security teams incident response and investigation tools and lives as an instance in Azure. It’s distinct from Microsoft Defender antivirus that ships with Windows 10.

The post pandemic work meant to tackle the unknown threats that may arise from devices that have been compromised at home and then brought into work.

ROGUE

Defender for Endpoint will let teams discover unmanaged workstations, servers, and mobile endpoints across Windows, Linux, macOS, iOS, and Android platforms that haven’t been onboarded and secured. It also covers Switched, Routers,Firewalls, WLAN Controllers and VPN gateways

Security teams will be able to see the new features for unmanaged devices within the Microsoft 365 Defender user interface in “Device inventory“.

This is indicated by a banner that appears in the Endpoints\Device inventory section of the Microsoft 365 Defender console and from 19th July, 2021 this will get switched from basic to standard

Standard discovery is an active discovery method that relies on already-managed devices to probe the network for unmanaged devices on broader range.