Standard mode uses smart, active probing to discover additional information about observed devices to enrich existing device information. In addition to devices that were observed using the passive method, standard mode also leverages common discovery protocols that use multicast queries in the network to find even more devices. Standard discovery (recommended): This mode allows endpoints to actively find devices in your network to enrich collected data and discover more devices - helping you build a reliable and coherent device inventory.
With basic discovery, you'll only gain limited visibility of unmanaged endpoints in your network. Endpoints will simply extract data from every network traffic that is seen by an onboarded device. Basic discovery uses the SenseNDR.exe binary for passive network data collection and no network traffic will be initiated. There are two modes of discovery available:īasic discovery: In this mode, endpoints will passively collect events in your network and extract device information from them. The mode controls the level of visibility you can get for unmanaged devices in your corporate network. You can choose the discovery mode to be used by your onboarded devices. In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing Microsoft Defender Vulnerability Management experience.
#APC DEVICE DISCOVERY TOOL HOW TO#
Watch this video for a quick overview of how to assess and onboard unmanaged devices that Microsoft Defender for Endpoint discovered.
Microsoft Defender for Endpoint provides a device discovery capability that helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome process changes. However, mapping devices in a network can often be expensive, challenging, and time-consuming. Protecting your environment requires taking inventory of the devices that are in your network.
0 kommentar(er)
