Month: January 2020
Windows 10 Endpoint Security Matrix
Microsoft has a good matrix and comparison chart of the security product features built-in with Windows 10 Professional and Enterprise. Along with that matrix is a downloadable full comparison chart. What I really like about that full chart is that it compares Pro vs. Enterprise as a security function and capability, not just as a product name. Recently, I was asked if I could map the capability to the product name. As best as I could, below is the table that I created which marries those two by mapping the functionality to the product. Minus the licensing portion (Pro vs. Enterprise E3 vs. Enterprise E5) that is.
Functionality |
Product feature(s) |
| Attack Surface Reduction controls | |
| Integrity enforcement of operating system boot up process | System Guard |
| Integrity enforcement of sensitive operating system components | System Guard |
| Advanced vulnerability and zero-day exploit mitigations | Exploit Guard + WDAV |
| Reputation based network protection for Microsoft Edge, Internet Explorer and Chrome | SmartScreen |
| Host based firewall | Firewall |
| Ransomware mitigations | Exploit Guard + WDAV (with controlled folder access) |
| Hardware based isolation for Microsoft Edge | Application Guard |
| Application control powered by the Intelligent Security Graph | Application Control |
| Device Control (e.g.: USB) | Exploit Guard (hypervisor code integrity), MDATP (additional security) |
| Network protection for web-based threats | Exploit Guard |
| Enterprise management of hardware-based isolation for Microsoft Edge | Application Guard enterprise controls defined for internal/external sites |
| Host intrusion prevention rules | Exploit Guard (HIPS) |
| Customizable allow/deny lists (e.g.: IP/URL, Files, Certificates) | Exploit Gard (network protection) using MDATP |
| Device-based conditional access | MDATP integration with Intune device management |
| Centrally manageable tamper protection of operating system | MDATP |
| Next Generation Protection | |
| Pre-execution emulation executables and scripts | WDAV |
| Runtime behavior monitoring | WDAV |
| In memory anomaly and behavior monitoring | WDAV + Exploit Guard |
| Machine learning and AI based protection from viruses and malware threats | WDAV |
| Cloud protection for fastest responses to new/unknown webbased threats | WDAV (block at first sight) |
| Protection from fileless based attacks | WDAV + Exploit Guard |
| Advanced machine learning and AI based protection for apex level viruses and malware threats | WDAV + MDATP |
| Advanced cloud protection that includes deep inspection and detonation | MDATP |
| Emergency outbreak protection from the Intelligent Security Graph | WDAV + MDATP |
| Monitoring, analytics and reporting for Next Generation Protection capabilities | WDAV + MDATP |
| Endpoint Detection and Response | |
| Behavioral-based detection for advanced and targeted attacks (post-breach) | MDATP |
| Centralized security operations management with Windows Defender Security Center | MDATP |
| Rich investigation tools | MDATP |
| Forensic collection | MDATP |
| Response actions | MDATP |
| Advanced detonation service with deep file analysis | MDATP |
| Upload of Indicators of Compromise (IOC) for custom alerts | MDATP |
| Flexible hunting queries over historical data | MDATP |
| Custom alerts via powerful advanced hunting queries | MDATP |
| Discover and report SaaS app usage to MCAS | MDATP |
| Machine risk level to trigger conditional access | MDATP |
| Monitoring, analytics and reporting | MDATP |
| Automatic Investigation and Remediation | |
| Automated alert investigations using Artificial Intelligence | MDATP |
| Automated remediation of advanced threats | MDATP |
| Monitoring, analytics and reporting | MDATP |
| Security Score | |
| Assess and improve your organization security posture using Microsoft Secure Score for Windows | MDATP |
| Threat Analytics shows your organizations exposure to threats | MDATP |
| Security Management | |
| Monitoring, analytics and reporting | MDATP |
| Rich Power BI dashboards and reports | MDATP |
| Enterprise-grade Extensibility and Compliance | |
| Integrated endpoint protection for 3rd party platforms (macOS,Linux, iOS, Android) | MDATP (Note that Microsoft now has a client for macOS) |
| Open Graph APIs to integrate with your solutions | MDATP |
| Integration with Microsoft Advanced Threat Protection (ATP) products | MDATP |
| ISO 27001 compliance | MDATP |
| Geolocation and sovereignty of sample data | MDATP |
| Sample data retention policy | MDATP |
| Multi Factor and password-less Authentication | |
| Industry standards based multifactor authentication | Windows Hello for Business |
| Support for biometrics (Facial and Fingerprints) | Windows Hello for Business |
| Support for Microsoft Authenticator | Windows Hello for Business |
| Support for Microsoft compatible security key | Windows Hello for Business |
| Supports for Active Directory and Azure Active Directory | Windows Hello for Business |
| Credential Protection | |
| Hardware isolation of single sign-in tokens | Credential Guard |
| Centralized management, analytics, reporting, and operations | Credential Guard + MDATP |
| Full Volume Encryption | |
| Automatic encryption on capable devices | Win10 |
| Advanced encryption configuration options | BitLocker |
| Removable storage protection | BitLocker to Go |
| Direct Access & Always On VPN device Tunnel | Win10 |
| Centralized configuration mgmt, analytics, reporting, and security operations | MBAM (standalone, SCCM, Intune, MEM) + MDATP |
| Data Loss Prevention | |
| Personal and business data separation | Windows Information Protection |
| Application access control | Windows Information Protection |
| Copy and paste protection | Windows Information Protection |
| Removable storage protection | Windows Information Protection |
| Integration with Microsoft Information Protection | Windows Information Protection |
t3chn1ck 