0
1.0.9
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The Microsoft Defender for Endpoint enables organizations to proactively inspect, analyze, and contain known and unknown threats on any endpoint.
The Security Incident Response integration with Microsoft Defender for Endpoint makes it easier and more efficient for Security Analysts to investigate and remediate security incidents without having to navigate between tools. You can use network containment to perform remediation actions on the endpoints, implement profiles to gather specific details about the host, and perform actions on the endpoint.
- Perform host enrichment actions to gather more information about the endpoint such as host details and user details.
- Perform Enterprise Security Search to sight potential malicious observables across endpoints, and take remediation actions.
- Retrieve machine details that accessed various observables as a part of the security incident analysis.
- Perform remediation actions on endpoints like Run Anti-virus scan, Restrict app execution, Removing app restriction, Stop and Quarantine a file.
- Create or update indicators in Microsoft Defender for Endpoint.
Changed:
- Migration of Workflows to Flow Designer flows.
Before you use the Security Incident Response integration with Microsoft Defender for Endpoint, you must install the application and configure it.