CrowdStrike Falcon Implementation

The university is implementing Enhanced Endpoint Protection powered by CrowdStrike Falcon at UM-Ann Arbor, UM-Dearborn, and UM-Flint. Falcon provides outstanding antivirus/anti-malware protection, along with industry-leading threat detection and mitigation capabilities. Falcon affords stronger protection for U-M owned machines against ransomware and other malicious attacks than currently deployed tools. In addition, Falcon's tenant/sub-tenant model allows units to have their staff monitor the Falcon console and respond to cyber threat detections directly.


ITS Information Assurance (IA) has provided local unit IT with the documentation, guidance, and other support they need to install Falcon, with the goal to have deployment across U-M owned computers and servers done by February 2021. Falcon has already been deployed to ITS-managed systems including MiWorkspace and MiServer machines.

  • ITS Information Assurance (IA) began partnering with a number of units to pilot Falcon in late 2020.
  • Remaining academic units are expected to complete a more tightly-scoped rollout by February 2021.
  • Additional unit follow up, training, and access to the console for some unit IT staff will occur during the winter 2021 semester.

Falcon Replaces Microsoft Defender for Windows and Sophos for Mac

Falcon replaces Defender (Windows) and Sophos (Apple/Mac) as the primary endpoint protection. The U-M contract for Sophos expired on December 31, 2020 and was not renewed.

Falcon for Linux

Falcon should be installed on university Linux machines, although ClamAV for Linux may still be of use.