An Introduction to Microsoft Defender Advanced Threat Protection [MiniTool Wiki]
What Is Microsoft Defender Advanced Threat Protection
Microsoft Defender Advanced Threat Protection (ATP) is a Microsoft security product designed to help enterprise-level organizations detect and respond to security threats. ATP is a preventive and post-detection survey response function for Windows Defender.
Microsoft was previously known as Windows Defender ATP (or WDATP) and renamed the product to reflect that it is now also available for other operating systems (OS), such as macOSX, Linux, and Android.
What Does Microsoft Defender Advanced Threat Protection Do?
Microsoft Defender ATP (MDATP) automatically detects and repairs advanced attacks on endpoints. It investigates the scope and potential impact of each threat, provides reports on various threats to the organization's machines, and enables you to mitigate and eliminate threats quickly and easily using advanced tools and automation.
You need to notice that Microsoft Defender ATP is not an antivirus (AV) product. Microsoft Defender is not Microsoft Defender ATP. Microsoft Defender provides anti-malware and anti-virus functions for the Windows 10 operating system, and the ATP product is a post-invasion solution complementary to Microsoft Defender AV.
How Does Microsoft Defender ATP Work?
Microsoft Defender ATM is agentless and requires no deployment or infrastructure since it is cloud-hosted. This technology uses "endpoint behavior sensors" located in the operating system of each device.
These sensors in Windows continuously collect data and feed it back to the organization's own Microsoft Defender cloud instance. Microsoft Defender ATP then analyzes the behavior of the code running on the organization's computers and determines whether there is anything that appears to be a threat.
- Windows Defender ATP Improves Threat Protection Ability
- Windows Defender ATP Supports USB & Removable Devices
Features of Microsoft Defender ATP
The following are the main features of Microsoft Defender Advanced Threat Protection.
- Threat and Vulnerability Management - Real-time software inventory execution on endpoints. This information is used to detect, prioritize, and mitigate security vulnerabilities related to installed applications and missing patches.
- Microsoft Threat Protection - ATP is designed to work with other components in the Microsoft Threat Protection solution to achieve end-to-end security. Some other layers of protection include Azure Advanced Threat Protection, Azure Security Center, Azure Information Protection, Conditional Access, Microsoft Cloud Application Security, and Office 365 Advanced Threat Protection.
- Reduce the attack surface - reduce the overall attack surface of the system through hardware isolation and application control. By default, applications are no longer considered trusted, and only trusted applications are allowed to run.
- Automated investigation and repair - If not checked, network endpoints may generate a large number of security alerts. Windows Defender ATP uses automated investigations to check for alarms and eliminate "noise" alarms. This allows security professionals to focus on more relevant alerts.
- Next-generation protection - ATP performs continuous scanning to detect and stop threats. Machine learning and security maps are used to discover emerging threats.
- Endpoint detection and response - ATP groups related attacks into incidents. This type of aggregation makes it easier for security professionals to prioritize, investigate, and respond to threats.
- Safety Score - ATP uses safety scores to evaluate the current safety configuration. Provide prescriptive guidance to help safety professionals improve safety scores.
- Microsoft Threat Experts - Microsoft Threat Experts is a managed hunting service that uses artificial intelligence to detect and prioritize attacks.
- Management and API - The API collection allows Windows Defender ATP to be integrated into the workflow of the organization.
There are some minimum requirements for adding devices to the software.
The software requires one of the following licensing options: Windows 10 Enterprise E5, Windows 10 Education A5, Microsoft 365 E5, Microsoft 365 E5 Security, or Microsoft 365 A5.
If your want to use the software on a Windows server, you must also have one of the following licensing options on the device: Azure Security Center with Azure Defender enabled or Endpoint for Servers (one for each covered server). According to the Microsoft website, you also need Google Chrome, Internet Explorer 11, or Microsoft Edge.
Here is all information about Windows Defender ATP. You can know what it is and how it works. Besides, you can know the functions and features of Microsoft Defender for Endpoint.