home  >  service  >  information security  >  Guidelines for the Use of Security Software >  What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint

2026/04/17 更新

1.What is Microsoft Defender for Endpoint (MDE)?

Microsoft Defender for Endpoint (MDE) is a comprehensive endpoint security platform for enterprises that goes beyond traditional antivirus software.

By onboarding devices to MDE, administrators can centrally monitor the organization’s overall security posture and enable real-time threat detection, analysis, and remote response.
Onboarding refers to the process of applying a configuration program to your device and registering it with the organization’s management system (MDE).

This means that the organization manages your device and, for security analysis purposes, sends information such as running processes and connected domains to Microsoft’s cloud.

Therefore, if you wish to use this service, you are required to review the Privacy Policy below and submit an application form.

　Microsoft Defender for Endpoint のデータ保管とプライバシーについて

2. The Three Pillars of MDE

This section explains how MDE differs from traditional antivirus software by outlining its three key capabilities.

2.1 Prevention (Next-Generation Protection)

By leveraging AI and machine learning, MDE can block previously unknown (zero-day) threats and sophisticated fileless attacks before they are executed.

2.2 Detection and Response (EDR)

This capability operates on an “assume breach” model. In the event of an attack, it detects and records malicious activity in real time, enabling administrators to take immediate actions such as isolating affected devices.

2.3 Vulnerability Management

It automatically identifies and lists missing patches in the OS and applications, and provides recommendations to eliminate vulnerabilities before they can be exploited.

3. Personal Antivirus vs. Organizationally Managed MDE

Commercial antivirus software that individuals purchase is primarily designed to protect their own privacy and data. In contrast, MDE is designed to maintain the security of the entire organization, allowing administrators to manage and control individual devices.

3.1 Administrator Capabilities
MDE is a security platform that, by onboarding devices, enables administrators to centrally monitor the organization’s overall security posture and perform real-time threat detection, analysis, and remote response.
On onboarded (connected) devices, administrators can perform the following actions and access relevant information:

　・Security Visibility:
　　　Administrators can identify potential vulnerabilities, such as outdated OS versions or disabled antivirus protection.

　・Detailed Behavior Analysis upon Detection:
　　　When a threat is detected, administrators can analyze detailed attack traces (logs), such as which files were accessed, when they were opened, and which websites were visited.

　・Remote Response for Incident Containment:
　　　When a critical threat is detected, administrators can remotely perform actions such as network isolation and scan execution without requiring user involvement.

　・Web Access Control:
　　　Based on organizational policies, access to phishing sites and websites deemed inappropriate for work may be restricted (blocked).

3.2 Approach to Privacy

While the term “managed” may raise concerns about privacy—such as whether personal activities or research content might be monitored—MDE is specifically designed for security monitoring purposes.
File contents are not visible: Administrators do not have the ability to access or view the contents of your documents or photos.

4. Target Users
This service is limited to devices used by full-time faculty members (up to five devices per person).
It cannot be applied to devices used by students, including shared computers in laboratories.
Use outside these conditions may constitute a violation of the licensing terms.

5. Application Procedure

Please submit your application using the form below.

　https://surl.jp/MDEreqForm
　※Access and application are limited to full-time faculty members only.

Questions About This Page

Please contact us at goiken@sic.shibaura-it.ac.jp.

For more details on how to make an inquiry, please refer to the information provided here.