Windows Defender for enterprise scans for malware on Macs too

  • Liam Tung (CSO Online)
  • 22 March, 2019 08:17

Microsoft is ditching the “Windows” brand in its enterprise-only anti-malware Defender Advanced Threat Protection (ATP) and replacing it with "Microsoft" because the product now not only protects Windows 10, but also Apple’s macOS devices. 

The newly named Microsoft Defender Advanced Threat Protection (ATP) for Mac is available to enterprise customers today in limited preview. Originally a Windows 10-only security platform, Microsoft recently added support for Windows 7 and Windows 8.1 and now wants to give admins a way to protect all desktop devices in the enterprise, regardless of the operating system.

Defender ATP is only available to enterprise customers with a Windows 10 Enterprise or Education E5 volume license, as well as to customers with Microsoft 365 E5.   

Defender ATP for Mac brings across a similar user interface for the next-gen anti-malware product for Windows 10 devices, and it enables Mac devices to report to the Defender portal, which is used by admins to monitor and respond to security alerts from device fleets. 

For end-users it should behave like an anti-malware product, enabling full and quick file scans of a system and providing a snapshot of any suspicious files found, as well as quarantine, remove and allow actions. 

The benefit for admins should come by way of protecting Windows 10 and macOS device with through a single management interface in the Defender portal, giving security teams the ability to review security alerts from devices using either OS. 

And following last month’s launch of the Defender ATP “Threat Experts” managed threat hunting service, the company has announced the Defender ATP Threat & Vulnerability Management service.

Mac and Windows machines with Defender ATP installed report a range of data about the security health and safety of a device, including details about each device’s configurations, installed software and any patches that are needed, as well as details about vulnerable software libraries, and risky configurations, such as disabled antivirus. 

All this can be seen by admins in a dashboard that shows snapshot in aggregate of the state of an organization's devices and how much more an organization needs to do to respond to a current threat.  

The service is meant to help customers prioritize security response to focus on devices that need the most urgent action. Microsoft claims it will be able to tell which vulnerabilities are being actively exploited in an organization and will call attention to exposed machines running critical applications. 

The Threat and Vulnerability Management service will be available in preview next month to Microsoft Defender ATP customers who’ve enabled preview features.