News

Windows Defender ATP Gets New Name, Added Mac Support

• By Kurt Mackie
• 03/25/2019

Microsoft is rebranding its Windows Defender Advanced Threat Protection (ATP) product to "Microsoft Defender ATP" to reflect its newly added support for Mac clients.

The name change is one of several Microsoft security enhancements announced recently. The Microsoft Defender ATP for Mac protections are available at the "limited preview" stage for testing, per Microsoft's announcement. Organizations need to be using the Microsoft 365 E5 plan to have access to Microsoft Defender ATP, according to this plan comparison page.

New Threat Vulnerability Management
There's also a preview coming "within the next month" of a new capability in Microsoft Defender ATP that's called "Threat and Vulnerability Management" (TVM). TVM is a "discovery, prioritization and remediation" solution to address device "endpoint vulnerabilities and misconfigurations," according to a Microsoft Tech Community post.

The "built-in remediation" aspect of TVM takes place when TVM is associated with either the Microsoft Intune PC and mobile management solution or System Center Configuration Manager. Microsoft is open to supporting other management systems as well with TVM. "We plan to expand this capability to other IT security management platforms," the post indicated.

The TVM service doesn't require the installation of an agent as client devices report back their state.

"Devices onboarded to Microsoft Defender ATP automatically report and push vulnerability and security configuration data to the dashboard," Microsoft's post explained.

The TVM solution provides "actionable mitigation recommendations" for both Microsoft and non-Microsoft applications. It'll report "misconfigurations" and similar issues, such as configurations that use the insecure Server Message Block 1 protocol or client devices with disabled antivirus software. Users get an "exposure score," showing the state of devices with respect to vulnerabilities. There's also a "configuration score" that compares device configurations with security best practices.

Microsoft 365 Admin Center
Microsoft is dispensing with the Office 365 Admin Center in favor of the Microsoft 365 Admin Center, which will be the new default management portal for organizations using Office 365 services, according to this Microsoft Tech Community post. Microsoft actually indicated last year that it had initiated this portal switch, but now it's saying that the Office 365 Admin Center will be the default portal "soon" for organizations.

Organizations are getting "onboarding tools" to ease the switch to the Microsoft 365 Admin Center. Users will get best-practice default configurations. Alternatively, they can customize using the advanced settings.

Microsoft made it easier for organizations to see group management details in the Microsoft 365 Admin Center for applications, namely SharePoint, Microsoft Teams and Outlook. Microsoft is also promising that IT pros will have more emphatic trouble-ticketing in the Microsoft 365 Admin Center:

New support features coming soon to the Microsoft 365 admin center will help reduce time to resolution and improve the overall transparency and effectiveness of the support process. You'll be able to schedule a callback, view your full-page ticket history within the admin center, and leverage intelligent self-service solutions.

Configuration Manager Version 1902
Microsoft is planning to release System Center Configuration Manager (SCCM) current branch 1902 "soon," according to a Tech Community post. Microsoft typically releases these current branch upgrades of the SCCM product three times per year. These SCCM releases are designed keep pace with biannual Windows 10 feature update releases, which happen in the spring and fall.

SCCM version 1902 will have "native integration with the Office Readiness Toolkit," which will provide organizations with help when they are planning to move to Office 365 ProPlus, Microsoft's suite of productivity applications offered with Office 365 subscriptions.

Microsoft is also making it easier to run queries using the CMPivot tool in SCCM version 1902. It's now accessible "from the Configuration Manager Central Admin Site," Microsoft indicated. Microsoft added the CMPivot tool with the release of SCCM version 1806. CMPivot is described as "a new in-console utility that now provides access to real-time state of devices in your environment," per this Microsoft document.

The Management Insights dashboard in SCCM is getting new rules for "optimizing and simplifying collections and packages." Management Insights also is getting more detailed device status reporting.

Microsoft plans to add a "Phased Deployments" monitoring node in SCCM version 1902. Organizations can use it for operating system and application deployments. It lets them "set the order of updates based on device collections, set parameters for those deployments including success criteria, and then execute all phases sequentially," according to Microsoft's post.

Microsoft also is making it easier to map end user "known folders" (such as Documents, Photos, etc.) to OneDrive cloud-based storage using SCCM version 1902. Such a thing might be done to "simplify user data migration during OS updates," Microsoft suggested.

Microsoft Intune
Microsoft is promising to bring "some of the most requested macOS management features" to Intune to manage Apple Mac devices. These capabilities will be "soon available in Microsoft Intune," per a Tech Community post. Highlights include "FileVault full-disk encryption" and "volume purchasing plans support for macOS."

Other Intune perks include Windows 10 Security Baselines (in preview), administrative templates (available), new capabilities for Win32 app deployments, and simplified Windows Autopilot integration as "maximized with co-management." Comanagement is Microsoft's scheme for combining the use of Intune with SCCM.

Intune's app protection policies are being extended to the Microsoft Edge browser for the Android and iOS operating systems, according to a Tech Community post. It'll be possible to use "Azure Active Directory conditional access, App Proxy integration [and] single sign-on" technologies with Microsoft Edge on those OSes.

There's already an Intune Managed Browser in existence, but Microsoft is promising to deliver "the same application management and security scenarios" with the Edge browser on Android and iOS systems. It'll also be possible for end users to use Edge for both work and personal activities. Microsoft expects that these Intune app protection policies for the Edge browser will reach "general availability" status by the end of this month.

Another coming Microsoft Intune improvement is the "Security Tasks" remediation capability. Examples of such tasks might be updating a vulnerable application, updating an OS or changing the configurations on a device. Security Tasks in Microsoft Intune actually are an extension of the new TVM capability, according to this Tech Community post. Security Tasks will be available as a preview in Microsoft Intune "within the next month," the post indicated.

Microsoft Intune is also getting management support for ruggedized devices made by Zebra Technologies, Microsoft announced in a Tech Community post. Support for managing Android Enterprise on those devices will be coming "later this year." It'll be possible to use Zebra StageNow configuration profiles with Intune, as well as traditional mobile device management policies.