Windows endpoint security features and settings
Local Admin Password Solution (LAPS)
LAPS is a Microsoft solution designed to enhance security by automatically managing and randomizing local administrator account passwords on Windows endpoints. This prevents the propagation of common passwords across multiple machines, reducing the risk of unauthorized access and lateral movement in the event of a compromised credential.
Defender Antivirus
Microsoft Defender Antivirus is a robust and integrated antivirus solution that provides real-time protection against various types of malware, including viruses, ransomware, and spyware. It helps safeguard endpoints by continuously monitoring and scanning for malicious activities, thereby reducing the likelihood of infections and protecting sensitive data.
Defender for Endpoint
Defender for Endpoint is an advanced security platform that goes beyond traditional antivirus measures. It offers endpoint detection and response capabilities, threat analytics, and automated response features, providing comprehensive protection against sophisticated and targeted attacks.
Block Potentially Unwanted Applications (PUA)
This feature within Microsoft Defender Antivirus helps prevent the installation of potentially unwanted applications that may exhibit unwanted behavior or negatively impact system performance. By blocking PUAs, organizations can enhance security and maintain better control over their endpoint environments.
Block at First Sight
Microsoft Defender Antivirus utilizes machine learning and cloud-based threat intelligence to identify and block new and emerging threats "at first sight." This proactive approach helps prevent the execution of malicious code before traditional signatures are available, offering an additional layer of defense against zero-day attacks.
Tamper Protection
Tamper Protection is a security feature that prevents unauthorized changes to key security settings and configurations on Windows endpoints. It enhances the overall security posture by safeguarding against tampering attempts by malicious actors or unauthorized users.
Defender Credential Guard
Credential Guard is a security feature in Windows that helps protect against Pass-the-Hash (PtH) attacks by isolating and securing Kerberos authentication credentials. It leverages virtualization-based security to store sensitive credential information in a protected environment.
Defender Application Guard
This feature provides application isolation in Microsoft Edge, ensuring that potential threats encountered while browsing the web are contained and cannot impact the underlying system. It enhances endpoint security by isolating untrusted websites and minimizing the risk of compromise.
Defender SmartScreen
SmartScreen is a reputation-based security feature that helps protect users from phishing attacks and malicious websites. It analyzes website reputation and blocks access to known harmful sites, adding an additional layer of defense against online threats.
AppLocker
AppLocker is an application control feature that allows organizations to define and enforce policies regarding which applications are allowed to run on Windows endpoints. It helps prevent the execution of unauthorized or malicious software, reducing the attack surface.
Defender Application Control
Formerly known as Device Guard, this feature allows organizations to control which applications can run on their endpoints. It uses code integrity policies to ensure that only trusted and signed applications are allowed to execute.
BitLocker
BitLocker is a full-disk encryption feature that protects data on Windows endpoints by encrypting the entire disk. It helps safeguard against data theft and unauthorized access, especially in the event of a lost or stolen device.
Recommended by LinkedIn
UEFI scanning
UEFI scanning in Defender for Endpoint extends protection to the firmware level, detecting and mitigating threats that may target the Unified Extensible Firmware Interface (UEFI) during the system boot process.
Behavioral Blocking and Containment
Defender for Endpoint employs behavioral analysis to detect and block suspicious activities indicative of malicious behavior. In the event of a confirmed threat, automated containment measures are triggered to isolate and remediate the affected endpoint.
Windows Hello
Windows Hello is a biometric authentication feature that enables secure and password-less access to Windows devices. It enhances endpoint security by replacing traditional passwords with more secure authentication methods, such as facial recognition or fingerprint scanning.
Attack Surface Reduction (ASR)
ASR is a set of security controls within Defender for Endpoint that helps organizations minimize their attack surface by controlling how certain processes and functionalities can be exploited. It mitigates common attack vectors and enhances overall endpoint security.
Exploit Protection
This feature in Defender for Endpoint helps protect against software vulnerabilities and exploits by applying advanced mitigation techniques. It reduces the risk of successful exploitation by addressing known vulnerabilities and vulnerabilities discovered post-deployment.
Device Control
Defender for Endpoint includes Device Control features that enable organizations to manage and control removable storage devices, reducing the risk of data leakage and preventing the introduction of malicious content through external devices.
Controlled Folder Access
This security feature prevents unauthorized access to sensitive files and folders by allowing organizations to define specific folders that are protected against ransomware and other malicious activities.
Network Protection
Network Protection in Defender for Endpoint helps safeguard endpoints by blocking outbound connections to malicious domains. It adds an additional layer of defense against malware attempting to communicate with command and control servers.
Web Protection
Defender for Endpoint includes web protection features that help block access to malicious websites and URLs. It enhances security while browsing the internet, reducing the risk of users encountering phishing sites or downloading malicious content.
Security Baselines
Security baselines in Microsoft Endpoint Manager (Intune) provide recommended configurations to enhance the security posture of Windows devices. They include settings for Windows Defender Antivirus, BitLocker, Windows Firewall, and more.
Endpoint Privilege Management
Endpoint Privilege Management features in Microsoft Endpoint Manager (Intune) help organizations manage and control user privileges on Windows devices. This includes defining least privilege access, limiting lateral movement, and enhancing overall security.
