Endpoint/Device Security, DevSecOps, EDR

LimaCharlie Adds Endpoint Protection Controls to Streamline Microsoft Defender Management

LimaCharlie has expanded its SecOps Cloud Platform (SCP) with a new extension that simplifies and strengthens how security teams manage Windows endpoint protection. The update introduces native support for Microsoft Defender Anti-Virus—previously known as Windows Defender—through a centralized, scalable interface.

Security teams and managed service providers can now control Defender across all Windows machines, without the need for custom integrations. This new capability enables fast assessments, consistent telemetry collection, and remote actions—all from a single console.

The extension delivers three core functions immediately upon activation:

  • Defender Check: Query machines to confirm whether Microsoft Defender is active. This helps teams quickly locate any unprotected systems across one or more tenants.
  • Defender Alerts: Capture high-speed telemetry directly from Microsoft Defender, with real-time alerts triggered when threats are detected.
  • Remote AV Scan: Run on-demand or scheduled antivirus scans across endpoints, enabling proactive defense without hands-on device access.

    • LimaCharlie Endpoint Protection also works alongside third-party EDR solutions to provide a broader and more integrated view of endpoint security. While this extension currently applies to Microsoft Windows Defender, the LimaCharlie agent communicates directly with Defender to:

    • Check its operational status
    • Transfer security event data
    • Trigger antivirus scans and remediation actions

      • This connection ensures better visibility into endpoint health and enables teams to take quick action when issues arise.

      To help security teams get started quickly, the extension automatically sets up a basic set of detection and response (D&R) rules. These rules are built around best practices for event collection and threat detection. Teams can modify these rules to better reflect the needs of their specific environment, whether that involves more complex infrastructure or industry-specific threats.

      This extension is ready to use out of the box—no additional tools or integrations are needed. It provides a cost-effective and reliable way to manage and secure endpoints across large environments, whether you're managing a single enterprise or multiple tenant

      Suparna Chawla Bhasin

      Suparna serves as Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E.  She plays a key role in content development, optimizing editorial workflows, aligning storytelling with audience needs, and collaborating across teams to deliver timely, high-impact content. Her background spans technology, media, and education, and she brings a unique blend of strategic thinking, creativity, and executional excellence to every project.

      Related

      Related Terms

      BannerCorruptionDLL InjectionDNS SpoofingDarknetData MiningDeauthentication AttackDenial of ServiceDictionary AttackDynamic Link Library

      You can skip this ad in 5 seconds