top of page
  • gwestgate

Why use Microsoft Defender for Business?

Microsoft Defender is more than just Anti-Virus, it is an essential part of securing your business. In this post, I will talk about some of the features that differentiate Microsoft Defender for Desktop from other anti-virus solutions. I’ll be focusing on small and medium-sized businesses which Microsoft defines as having under 300 users. If you read my post about licensing then you know I recommend small and medium-sized businesses purchase Microsoft 365 Business Premium. Microsoft 365 Business Premium includes the license for Microsoft Defender for Desktop as part of that offering.

In my IT consulting company GLM West, Inc. I routinely go through the exercise of evaluating the state of IT and cybersecurity for my clients. I also perform due diligence reviews for potential acquisitions since most of my clients are alternative asset firms. To be able to measure the quality of a company’s information technology it is imperative to have a complete list of all devices that have access to company data. Most, if not all, small businesses I have had engagements with are not able to produce an accurate inventory. Given the majority of my clients are in regulated industries and almost every company I have evaluated has outsourced its information technology to a third-party consulting firm this is unacceptable. Especially since they are all using some version of Microsoft 365. What are those consulting companies doing? Here is a simple recipe to turn this around:

  1. Change your Microsoft Licenses to Microsoft 365 Business Premium (unless you are using E5)

  2. Configure Microsoft End Point management and onboard every device

  3. Configure Microsoft Defender and deploy it to every device (Windows 10,11, macOS, Android, iOS)

  4. Create conditional access policies that prevent devices that are not protected with Defender from downloading company data.

After this is completed use the Microsoft Security Dashboard to review the health and cyber risk of all of your devices including applications. You cannot secure what you don’t know you have, so just by following this recipe you have already taken huge steps forward in securing your environment. You are also 100% confident that you know about every device that connects to your environment because you have created a conditional access policy. Devices not configured correctly cannot access your data. Other anti-virus solutions probably have dashboards similar to Microsoft’s Security dashboard but they have a huge disadvantage to Microsoft, they are not connected directly to the data you are trying to protect. Third-party solutions create risk by forcing you to store highly-confidential information about your endpoints in an IT environment separate from Microsoft. You have to create separate user accounts in their system and manage what users from your company have access to that system. Vendor management is an entire field of IT security and compliance outside the scope of this post. The point I’m trying to make is, you reduce risk by having fewer vendors. A third-party security solution will have to go above and beyond what Microsoft offers to justify that risk.

A common saying in the cybersecurity community is “security in layers.” This means that no one single security protection will be all the protection you need. You need multiple layers of security to truly be protected. Microsoft Defender for Business is a club sandwich of security layers.

Defender does the traditional Anti-Virus things you would expect. For example, it uses virus signatures. Virus signatures are a pattern that is used to identify a specific virus. This signature can be a unique identifier for the virus, or it can be a portion of code that is known to be associated with the virus. Virus signatures are created by antivirus researchers and are used by antivirus software to detect and remove currently known viruses. Defender uses Heuristics, which means it will look for behavior that looks like viruses and can block those as well. Most leading anti-virus programs do this too, but Microsoft has many advantages over its competition. Anti-Virus Heuristics is one area where artificial technology and machine learning are incredibly impactful. In 2021, Microsoft announced a Defender feature called AI-driven adaptive protection against human-operated ransomware. This feature allows Defender to protect devices from threats that other anti-virus solutions would consider benign.

Microsoft Defender also does another thing that is important and unique. Microsoft calls it Behavioral Containers. This is a technology that Microsoft has been perfecting for years with Windows Defender on the desktop and now they have finally brought it to mobile devices. Behavioral Containers work by creating an isolated, virtual container on the device for each app. So even if an app is infected with malware, the malware is contained within that app and cannot spread to other apps or compromise the underlying operating system. This is a huge deal. It means that even if a user downloads a malicious app, it cannot do any damage. The user will get a notification that the app is dangerous and they can delete it. That’s it. No data loss. No ransomware encrypting files. And no expensive clean-up costs for your IT department.

Vulnerability management is another incredibly important facet of cybersecurity. Entire companies exist to help corporations mitigate threats in outdated firmware and software patches. Vulnerability management is not often included as part of the scope of an anti-virus program, however, Microsoft Defender includes it. Using the Microsoft Security Dashboard I can see at a glance which computers in my environment are the most at risk from vulnerabilities, or what program exists in my environment that I need to make sure gets removed or patched.

Defender runs on most platforms, including iOS, macOS, Android, and Windows. This means your decision to use Defender is wholistic and there is no need to consider alternative solutions for iPhones, Android, Devices, or iPads. The Microsoft Security Dashboard gives you a security score that compares your security posture to other companies your size. It gives you actionable insights on how to resolve threats and it’s completely integrated with Office 365 and Azure. I don’t know of another solution that provides so much value.

My company, GLM West, inc., offers consulting services that can help you with this and other IT outsourcing services, check out our website for more info!

11 views0 comments


bottom of page