Microsoft's security tool can now spot rogue devices on your network

Microsoft's new security tool will let managed devices discover unmanaged devices on the corporate network.
Written by Liam Tung, Contributing Writer

Microsoft Defender for Endpoint's new ability to monitor and protect unmanaged devices has now reached general availability. 

Microsoft Defender for Endpoint (formerly Defender ATP), gives security teams visibility over unmanaged devices running on their networks. It's a cloud-based security service that gives security teams incident response and investigation tools and lives as an instance in Azure. It's distinct from Microsoft Defender antivirus that ships with Windows 10.    

Microsoft pushed the public preview of this unmanaged device capability to public preview in April, as ZDNet reported at the time. The feature aims to alleviate post-pandemic hybrid work security risks, where people may be using their own computers and devices from home, then bring them to work and connect to the corporate network.

SEE: Security Awareness and Training policy (TechRepublic Premium)

It's meant to tackle the unknown threats that may arise from devices that have been compromised at home and then brought into work. 

The new capabilities should make it easier to discover and secure unmanaged PCs, mobile devices, servers, and network devices on a business network.

The GA release allows security teams to discover devices connected to a corporate network, onboard devices once they've been discovered, and then review assessments and address threats and vulnerabilities on newly discovered devices. 

Defender for Endpoint will let teams discover unmanaged workstations, servers, and mobile endpoints across Windows, Linux, macOS, iOS, and Android platforms that haven't been onboarded and secured. 

It also covers network devices, such as switches, routers, firewalls, WLAN controllers, VPN gateways. These can also can be discovered and put on the device inventory using periodic authenticated scans of preconfigured network devices.

SEE: This new ransomware group claims to have breached over 30 organisations so far

Security teams will be able to see the new features for unmanaged devices within the Microsoft 365 Defender user interface in "Device inventory". 

"Now that these features have reached general availability, you will notice that endpoint discovery is already enabled on your tenant. This is indicated by a banner that appears in the Endpoints\Device inventory section of the Microsoft 365 Defender console," said Microsoft's Chris Hallum

The banner will vanish on July 19, 2021 and the default behavior for discovery will be switched from Basic to Standard. Standard discovery is an active discovery method that relies on already-managed devices to probe the network for unmanaged devices.

"At this time, Standard discovery will enable the collection of a broader range of device-related properties and it will also perform improved device classification. The switch to Standard mode was verified as having negligible network implications during the public preview," said Hallum.   

Editorial standards