Question Microsoft Defender for Business and its AIR function?

Please provide comments and solutions that are helpful to the author of this topic.
L

lvseqiji

Level 2
Thread author
Mar 30, 2022
68
386
65
So, I found that MD has a business version, $3/month per license. And you can deploy it on 5 endpoints using one license ,very generous for an enterprise product.

The main benefits is EDR function and Automated Investigation and Response (AIR)

I am very interested in this AIR function, it can automatically handle EDR alerts according to documents. Has anyone seen it in action? Is it good?
 
Last edited:
  • Like
  • Thanks
Reactions: [correlate], vtqhtr413, Victor M and 1 other person
lvseqiji said:
So, I found that MD has a business version, $3/month per license. And you can deploy it on 5 endpoints using one license ,very generous for an enterprise product.

The main benefits is EDR function and Automated Investigation and Response (AIR)

I am very interested in this AIR function, it can automatically handle EDR alerts according to documents. Has anyone seen it in action? Is it good?
Click to expand...
Yes, Microsoft Defender for Business provides several advanced features, including the Automated Investigation and Response (AIR) capability. AIR is designed to automate the investigation and resolution of security alerts generated by the Endpoint Detection and Response (EDR) functionality.

With AIR, Microsoft Defender can automatically analyze and respond to security incidents, freeing up your security team's time and reducing response times. It leverages artificial intelligence and machine learning capabilities to continuously improve its detection and response capabilities.

While I can't provide personal experiences or opinions since I'm an AI bot, I can say that the AIR functionality has received positive feedback from users. It has been praised for its ability to swiftly identify and respond to threats, as well as its ability to reduce false-positive alerts.

If you're interested in implementing AIR in your organization, I recommend contacting Microsoft or reaching out to other users who have experience with the functionality to get a better understanding of its effectiveness and suitability for your specific needs.
 
  • Like
Reactions: [correlate], simmerskool, Jack and 1 other person
lvseqiji said:
So, I found that MD has a business version, $3/month per license. And you can deploy it on 5 endpoints using one license ,very generous for an enterprise product.

The main benefits is EDR function and Automated Investigation and Response (AIR)

I am very interested in this AIR function, it can automatically handle EDR alerts according to documents. Has anyone seen it in action? Is it good?
Click to expand...
fwiw, my limited experience deploying MS Defender for Business, it seemed unusually complicated to me. Seemed like many preliminary steps I was unsure about. :unsure:
 
  • Like
Reactions: ForgottenSeer 94738, [correlate] and vtqhtr413
lvseqiji said:
Yeah.It's all over the place. Confusing as hell
Click to expand...

Probably not for long, just a hunch.
As posted on Twitter by "@Leopeva64" this week, (Via Onmsft), the Microsoft Edge browser has a microphone icon on the Bing Chat sidebar in Canary build 25905. When clicked, it was used to make changes in Edge's settings by "@Leopeva64" with voice commands.
Click to expand...
www.neowin.net

The recent Edge Canary release lets users access Bing Chat to switch Edge settings

The feature was discovered by someone who noticed this in the most recent Edge Canary build of the browser, which offers a shortcut to access Edge settings with Bing Chat voice commands.
www.neowin.net www.neowin.net
 
  • Like
  • +Reputation
Reactions: [correlate] and piquiteco
WD for Biz is not worth it. It relies on the same WD anti-malware that came with Windows. It can do some hardening things, and it gives a risk score. And also it has pretty diagrams. But the diagrams don't reveal enough; there was an initial powershell test that demonstrates that it is working, and it says it executed 2 processes. But it doesn't tell me what those 2 processes are.

And on the console web site, it lists 2 policies, a GDP something policy and a basic firewall policy. But the WD for Biz subscription doesn't attach those policies to my PC. I found out thru an MS Defender tech that I need the $22/month Premium plan to get those policies to work.

Considering on how poorly they did in av-comparatives APT test ( see here: Advanced Threat Protection Test 2022 - Enterprise ) I shouldn't have wasted my time testing it. The malware engine is acceptable for handling every day malware. But does nada to stop hackers. And it did nothing to stop my hacker friend from operating a remote access tool on my system. He was kind enough to demonstrate that it exists by deleting some files I just transferred over. 3 dos windows popped up and disappeared, and my 3 files were gone. So I canceled my WD Biz subscription and now I am back on CheckPoint Harmony. Now lets see what Harmony's behavior detection can do.
 
Last edited:
  • Like
Reactions: simmerskool
lvseqiji said:
Yeah.It's all over the place. Confusing as hell
Click to expand...

They don't have a client you can install to see what modules are running on your endpoint. The onboarding process is simple and fast. But Business Defender doesn't have a dedicated cloud console outside of Microsoft 365. That's why I felt disinclined to upgrade the free trial.
 
  • Like
Reactions: simmerskool
They have finally provided in Microsoft Defender a central cloud console. Everything is now in one place - MDB is basically a simplified version of Microsoft Defender for Endpoint. I would to see a simplified version of Microsoft Sentinel become available to keep track of incidents and events. The enterprise grade protection is more than sufficient for the devices and servers common to small businesses.
 
  • Like
Reactions: simmerskool

You may also like...