Data storage and privacy for endpoints with Microsoft Defender

What information is gathered by Microsoft Defender for Endpoint?

For administrative, monitoring, and reporting needs, Microsoft Defender for Endpoint will gather and store data from your configured devices in a customer-specific, segregated tenancy.

File data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and device characteristics are among the types of information gathered (such as device identifiers, names, and the operating system version).

This data is maintained by Microsoft in compliance with Microsoft Trust Center rules and is securely stored on Microsoft Azure.

Defender for Endpoint may use this information to:

  • proactively discover indications of attack (IOAs) in your company
  • Alerts should be generated if a potential assault is found.
  • In order to analyse and study the presence of security risks on the network, provide your security operations a visibility into the devices, files, and URLs associated with danger signals from your network.

Encryption and Data Security

Modern data protection solutions that are based on Microsoft Azure infrastructure are used by the Defender for Endpoint service.

Our service handles a number of pertinent data protection-related issues. Data encryption at rest, data encryption in flight, and key management with Key Vault are some of the most essential encryption techniques. See Azure encryption overview for more details on additional technologies employed by the Defender for Endpoint service.

Data is always protected using 256-bit AES encryption, at the very least.

Place to store data

Defender for Endpoint is available in Microsoft Azure datacenters located in the United States, the United Kingdom, and the European Union. If Defender for Endpoint uses another Microsoft online service to process customer data, Defender for Endpoint may store customer data in the geolocation specified by the data storage policies of that other online service rather than (a) the geolocation of the tenant as identified during provisioning.

In the central storage and processing systems in the US, customer data may also be kept in pseudonymized form.

The place where your data is saved cannot be changed after it has been setup. By actively choosing the places where your data will be stored, this offers an easy solution to reduce compliance risk.

Microsoft Defender for Endpoint data sharing

The following Microsoft products, which the client has also licensed, exchange data, including customer data, with Microsoft Defender for Endpoint.

  • Windows Sentinel

Is my data separate from that of other customers?

Yes, your data is protected from outside access by logical segregation based on customer identifiers and access authentication. Each client is limited to using the general data that Microsoft offers and data gathered from inside its own company.

How does Microsoft stop employees from abusing high-privilege jobs and engaging in hostile insider activity?

By design, Microsoft administrators and developers have been granted the necessary rights to carry out their assigned responsibilities for running and improving the service. To assist prevent illegal developer and/or administrative activity, Microsoft uses combinations of preventative, detective, and reactive controls, including the following mechanisms:

  • access restrictions for sensitive data
  • controls used in combinations that dramatically improve independent malware detection
  • Multiple layers of logging, reporting, and surveillance

Additionally, Microsoft does background checks on selected members of its operations team, limiting access to software, systems, and network infrastructure in accordance with the thoroughness of those checks. When accessing a customer’s account or associated information is necessary for operations staff to accomplish their tasks, they follow a systematic process.

Only operational people who have been verified and approved to handle data subject to particular government rules and procedures, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS, are given access to data for services hosted in Microsoft Azure Government data centers.

Do other customers have access to my data?

No. Customer information is kept private and separate from that of other customers. However, insights into the data that Microsoft processed—and which did not include any customer-specific data—might be distributed to other clients. Each client is limited to using the general data that Microsoft offers and data gathered from inside its own company

How long will Microsoft keep my data in storage? What is Microsoft’s policy on data retention?

Data from Microsoft Defender for Endpoint is maintained at service onboarding for 180 days and is accessible throughout the site. However, it is available for 30 days via a question in the advanced hunting investigation experience.

Upon expiration or termination of the contract

While the licensee is in a grace period or suspended mode, your data will be retained and made accessible to you. No later than 180 days following the termination or expiration of the applicable Agreement, Microsoft will delete the relevant data from its systems in order to render it unrecoverable.

Data on advanced hunting

The threat-hunting feature known as “advanced hunting” allows you to search through up to 30 days’ worth of unprocessed data.

Can Microsoft help us stay in compliance with the law?

To assist customers in evaluating Defender for Endpoint services in comparison to their own legal and regulatory needs, Microsoft offers clients complete information on Microsoft’s security and compliance processes, including audit reports and compliance packages. A variety of certifications, including ISO, SOC, FedRAMP High, and PCI, have been attained by Defender for Endpoint. It also actively pursues other national, regional, and industry-specific certifications.

Microsoft helps clients achieve compliance for the infrastructure and apps they manage by offering them compliant, independently certified services.


Professional Labs is the Best Cloud Managed Services Provider USA, for more details contact prolabsit.com/contact-us/