Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Managed Windows Defender
Environment: Windows OS
Summary: Viewing Windows Defender alerts and detections via the Huntress Management Portal
Windows Defender - Huntress interacts with the AV portion of the Windows Defender suite (read-only on the firewall portion). This is the data we're scanning and surfacing to help protect you.
Microsoft Defender - This is a broader security suite that is included with Microsoft 365 and extends protection to macOS, Android, and iOS devices.
Will Managed Defender expose the alerts from Windows Defender through the Huntress interface?
Yes, all Windows Defender detections can be seen on the Managed Defender Dashboard by navigating to your Managed AV dashboard (on the left click EDR > Managed Antivirus) and then clicking "View all Antivirus Events" in the top centered card.
Example of Managed Defender Dashboard using Huntress "new look":
Note that if you're not using Huntress New Look you'll need to click on "View All.." button and then click "Antivirus Events" to see alerts from Windows Defender.
Example of Managed Defender Dashboard using Huntress classic look:
Example of Defender Antivirus Events page, in which the detections from Windows Defender are displayed at the bottom:
In addition to exposing alerts, the Huntress SOC Team will also send off an Incident Report for any Windows Defender detections that are actionable, i.e. there's some action needed by you to improve security or investigate further.