This article summarizes which device attributes can be enriched from our connector with Microsoft Defender, and the benefits of using that enriched data in policy.
Our integration with Microsoft Defender is intended to allow customers to use the most accurate device classifications in policy decisions. Microsoft Defender, built into Microsoft Windows, collects and identifies device details and attributes. Elisity leverages our own network based rapid device discovery mechanisms alongside Microsoft Defender so that our customer’s devices get the most appropriate policies applied in a timely manner.
When a new device is discovered by any of Elisity's methods, Cloud Control Center queries Microsoft Defender using the following parameters until a match is found:
1. MAC+IP Address first
2. MAC second
3. IP Last
Engage Elisity support to modify the behavior of the above query order.
A new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the Microsoft Defender name under the Trust Attributes section of IdentityGraph for a device. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp.
Risk Score
What is the Risk Score?
The Risk Score is a numerical value assigned to a device and calculated by Microsoft Defender. Risk Score can be leveraged as match criteria during Policy Group definition. Refer to the Microsoft Defender official documentation in order to understand the range and meaning of different risk score ranges.