Security

Windows 10 Endpoint Security Matrix

Posted on Updated on

Microsoft has a good matrix and comparison chart of the security product features built-in with Windows 10 Professional and Enterprise.  Along with that matrix is a downloadable full comparison chart. What I really like about that full chart is that it compares Pro vs. Enterprise as a security function and capability, not just as a product name.  Recently, I was asked if I could map the capability to the product name.  As best as I could, below is the table that I created which marries those two by mapping the functionality to the product.  Minus the licensing portion (Pro vs. Enterprise E3 vs. Enterprise E5) that is.

Functionality

Product feature(s)

Attack Surface Reduction controls
Integrity enforcement of operating system boot up process System Guard
Integrity enforcement of sensitive operating system components System Guard
Advanced vulnerability and zero-day exploit mitigations Exploit Guard + WDAV
Reputation based network protection for Microsoft Edge, Internet Explorer and Chrome SmartScreen
Host based firewall Firewall
Ransomware mitigations Exploit Guard + WDAV (with controlled folder access)
Hardware based isolation for Microsoft Edge Application Guard
Application control powered by the Intelligent Security Graph Application Control
Device Control (e.g.: USB) Exploit Guard (hypervisor code integrity), MDATP (additional security)
Network protection for web-based threats Exploit Guard
Enterprise management of hardware-based isolation for Microsoft Edge Application Guard enterprise controls defined for internal/external sites
Host intrusion prevention rules Exploit Guard (HIPS)
Customizable allow/deny lists (e.g.: IP/URL, Files, Certificates) Exploit Gard (network protection) using MDATP
Device-based conditional access MDATP integration with Intune device management
Centrally manageable tamper protection of operating system MDATP
Next Generation Protection
Pre-execution emulation executables and scripts WDAV
Runtime behavior monitoring WDAV
In memory anomaly and behavior monitoring WDAV + Exploit Guard
Machine learning and AI based protection from viruses and malware threats WDAV
Cloud protection for fastest responses to new/unknown webbased threats WDAV (block at first sight)
Protection from fileless based attacks WDAV + Exploit Guard
Advanced machine learning and AI based protection for apex level viruses and malware threats WDAV + MDATP
Advanced cloud protection that includes deep inspection and detonation MDATP
Emergency outbreak protection from the Intelligent Security Graph WDAV + MDATP
Monitoring, analytics and reporting for Next Generation Protection capabilities WDAV + MDATP
Endpoint Detection and Response
Behavioral-based detection for advanced and targeted attacks (post-breach) MDATP
Centralized security operations management with Windows Defender Security Center MDATP
Rich investigation tools MDATP
Forensic collection MDATP
Response actions MDATP
Advanced detonation service with deep file analysis MDATP
Upload of Indicators of Compromise (IOC) for custom alerts MDATP
Flexible hunting queries over historical data MDATP
Custom alerts via powerful advanced hunting queries MDATP
Discover and report SaaS app usage to MCAS MDATP
Machine risk level to trigger conditional access MDATP
Monitoring, analytics and reporting MDATP
Automatic Investigation and Remediation
Automated alert investigations using Artificial Intelligence MDATP
Automated remediation of advanced threats MDATP
Monitoring, analytics and reporting MDATP
Security Score
Assess and improve your organization security posture using Microsoft Secure Score for Windows MDATP
Threat Analytics shows your organizations exposure to threats MDATP
Security Management
Monitoring, analytics and reporting MDATP
Rich Power BI dashboards and reports MDATP
Enterprise-grade Extensibility and Compliance
Integrated endpoint protection for 3rd party platforms (macOS,Linux, iOS, Android) MDATP (Note that Microsoft now has a client for macOS)
Open Graph APIs to integrate with your solutions MDATP
Integration with Microsoft Advanced Threat Protection (ATP) products MDATP
ISO 27001 compliance MDATP
Geolocation and sovereignty of sample data MDATP
Sample data retention policy MDATP
Multi Factor and password-less Authentication
Industry standards based multifactor authentication Windows Hello for Business
Support for biometrics (Facial and Fingerprints) Windows Hello for Business
Support for Microsoft Authenticator Windows Hello for Business
Support for Microsoft compatible security key Windows Hello for Business
Supports for Active Directory and Azure Active Directory Windows Hello for Business
Credential Protection
Hardware isolation of single sign-in tokens Credential Guard
Centralized management, analytics, reporting, and operations Credential Guard + MDATP
Full Volume Encryption
Automatic encryption on capable devices Win10
Advanced encryption configuration options BitLocker
Removable storage protection BitLocker to Go
Direct Access & Always On VPN device Tunnel Win10
Centralized configuration mgmt, analytics, reporting, and security operations MBAM (standalone, SCCM, Intune, MEM) + MDATP
Data Loss Prevention
Personal and business data separation Windows Information Protection
Application access control Windows Information Protection
Copy and paste protection Windows Information Protection
Removable storage protection Windows Information Protection
Integration with Microsoft Information Protection Windows Information Protection