Microsoft Defender For Endpoint Overview
Microsoft Defender For Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats. It uses the followng combination of technology built into Windows 10 and Microsoft's cloud service:
Endpoint behavioral sensors: These collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender For Endpoint.
Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, this enables Microsoft Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data.