| title | Overview of next-generation protection in Microsoft Defender for Endpoint | |||
|---|---|---|---|---|
| description | Get an overview of next-generation protection in Microsoft Defender for Endpoint. Reinforce the security perimeter of your network by using next-generation protection designed to catch all types of emerging threats. | |||
| ms.service | defender-endpoint | |||
| ms.localizationpriority | high | |||
| ms.topic | concept-article | |||
| author | batamig | |||
| ms.author | bagol | |||
| ms.reviewer | yongrhee | |||
| manager | bagol | |||
| ms.custom | nextgen | |||
| ms.subservice | ngp | |||
| ms.collection |
|
|||
| search.appverid | met150 | |||
| ms.date | 03/26/2025 | |||
| appliesto |
|
Microsoft Defender for Endpoint includes next-generation protection to catch and block all types of emerging threats. The majority of modern malware is polymorphic, meaning it constantly mutates to evade detection. As soon as one variant is identified, another takes its place. This rapid evolution underscores the need for agile and innovative security solutions.
Next-generation protections, such as Microsoft Defender Antivirus blocks malware using local and cloud-based machine learning models, behavior analysis, and heuristics. Microsoft Defender Antivirus uses predictive technologies, machine learning, applied science, and artificial intelligence to detect and block malware at the first sign of abnormal behavior.
In addition to Microsoft Defender Antivirus, your next-generation protection services include the following capabilities:
- Behavior-based, heuristic, and real-time antivirus protection, which includes always-on scanning using file and process behavior monitoring and other heuristics (also known as real-time protection). It also includes detecting and blocking apps that are deemed unsafe, but might not be detected as malware.
- Cloud-delivered protection, which includes near-instant detection and blocking of new and emerging threats.
- Dedicated protection and product updates, which includes updates related to keeping Microsoft Defender Antivirus up to date.
Next-generation protection is included in both Defender for Endpoint Plan 1 and Plan 2. Next-generation protection is also included in Microsoft Defender for Business and Microsoft 365 Business Premium.
To configure next-generation protection services, see Configure Microsoft Defender Antivirus features.
If you're looking for Microsoft Defender Antivirus-related information for other platforms, see one of the following articles:
- Set preferences for Microsoft Defender for Endpoint on macOS
- Microsoft Defender for Endpoint on Mac
- macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune
- Set preferences for Microsoft Defender for Endpoint on Linux
- Microsoft Defender for Endpoint on Linux
- Configure Defender for Endpoint on Android features
- Configure Microsoft Defender for Endpoint on iOS features
Tip
Performance tip Due to a variety of factors (examples listed below) Microsoft Defender Antivirus, like other antivirus software, can cause performance issues on endpoint devices. In some cases, you might need to tune the performance of Microsoft Defender Antivirus to alleviate those performance issues. Microsoft's Performance analyzer is a PowerShell command-line tool that helps determine which files, file paths, processes, and file extensions might be causing performance issues; some examples are:
- Top paths that impact scan time
- Top files that impact scan time
- Top processes that impact scan time
- Top file extensions that impact scan time
- Combinations – for example:
- top files per extension
- top paths per extension
- top processes per path
- top scans per file
- top scans per file per process
You can use the information gathered using Performance analyzer to better assess performance issues and apply remediation actions. See Performance analyzer for Microsoft Defender Antivirus.