Microsoft Defender ATP is an incredibly powerful post-breach solution that provides automated endpoint detection and response. Formerly known as Windows Defender ATP (or WDATP), Microsoft rebranded the product to reflect the fact that it is now also available on other operating systems (OSs) such as macOSX, Linux and Android. Apr 27, 2021 Right-click on the policy you created, then select Deploy to target the Microsoft Defender for Endpoint policy to clients. In the Configuration Manager console, navigate Monitoring Security and then select Microsoft Defender ATP. Review the Microsoft Defender for Endpoint dashboard.

(Microsoft Intelligent Security Solutions, Part 2)

Data Breach and Endpoint Protection

This blog on Microsoft Defender ATP is Part 2 of my 3-part series covering Microsoft Intelligent Security Solutions. Part 1 covers the Microsoft Secure Score service, explaining the world’s current cybersecurity environment and how Microsoft Secure Score helps organizations to identify their Office 365 security weaknesses and then implement fixes.

Here, Part 2 in the series covers the Microsoft Defender Advanced Threat Protection (ATP) platform and how it offers Windows users best-in-class cybersecurity breach detection, post-breach investigation, and synchronized defense across your entire IT ecosystem.

Microsoft Defender Atp E5

What is Microsoft Defender Advanced Threat Protection (ATP)?

Microsoft Defender Atp Mac

Simply put, Microsoft Defender ATP is an optional add-on to Windows Defender Antivirus, which is the free antivirus software included with every Windows 10 install. Windows Defender Antivirus program is Microsoft’s own comprehensive, real-time software protection against malware, viruses, and spyware, defending your endpoints across email, apps, and the web. Organizations can opt for additional layer of security in Microsoft Defender ATP to increase visibility and provide additional features to secure your environment.

Major features of Microsoft Defender ATP include:

• Threat & Vulnerability Management
• Attack Surface Reduction
• Intelligent Security Graph
• Endpoint Detection & Response
• Auto Investigation & Remediation
• Microsoft Threat Experts

When enabled, Microsoft Defender ATP provides an additional layer of protection based on a cloud-hosted SaaS solution that leverages Windows Defender Antivirus telemetry and features for an agentless security fabric solution that enhances endpoint security by harnessing behavioral analytics backed by the Microsoft Intelligent Security Graph. Microsoft Defender ATP telemetry is then fed into your Secure Score Portal for single pane visibility into your environmental security posture, including the edge nodes! Part 1 of my blog series covers Microsoft Secure Score. So now you see now Microsoft offers a complete end-to-end cybersecurity solution to secure the enterprise with single glass-pane access and reporting that encompasses all workloads and devices.

Why Enable Microsoft Defender ATP?

Leveraging Windows Defender Antivirus, the Microsoft Defender ATP platform gives you an agentless security solution baked into the operating system, regularly updated with Windows Update, to help secure your IT ecosystem at the edge, wherever that happens to be. Driving the ability to safely allow anywhere, anytime access to cloud services.

Monitor Every Endpoint in Your IT Ecosystem

With Microsoft Defender ATP tied into that OS-level monitoring and telemetry, it becomes nearly impossible for cybercriminals to disable or compromise any part of the system without triggering an alert. (Additional layers of security can be had by enabling purpose-built attack surface reduction rules available only in Windows 10 Enterprise.)

Monitor for ALL Known Exploits

Microsoft Defender ATP is backed by the Microsoft Intelligent Security Graph, a central repository of cybersecurity exploits and security signals , which is curated by experts and researchers and backed by AI behavioral analytics. Over 800 million endpoints report near real-time telemetry to this repository. The repository is further enhanced with content from Microsoft Security researchers’ deep analysis of advanced threat actors’ patterns of infiltration and persistence methods.

Automate Inoculation Upon Attack

Plan. Expand. Optimize. A Cloud Migration Workbook.

Strategize the next steps of your organization's application modernization journey leveraging our experts' pragmatic approach.

Get the Guide

If any Microsoft Defender ATP endpoint gets attacked at the edge, that information is immediately reported to the Security Graph repository, and automated remediation is attempted. This new attack data is then pushed out to the Microsoft Security Graph and then shared down to each of the endpoints enrolled with Windows Defender ATP.

This response effectively inoculates the rest of the endpoints from that same attack. This creates a huge cost-mountain for cybercriminals to climb, because all known exploits are already monitored for, and even if a new type of exploit is used to break in successfully, that exploit immediately becomes a “one-and-done” for all the other 800 million endpoints reporting to the Security Graph.

Beat the Cybersecurity Clock

This is the benefit of automated security where you pit computer against computer and go from an extremely manual process to an automated one, taking you from alert to remediation in a matter of minutes. With the ability of ransomware to propagate as soon as domain dominance has occurred, time is not on your side if you are manually intervening. Microsoft Defender ATP solves this critical time problem with synchronized environmental defense.

Microsoft Defender ATP Covers Everything

All parts of your current on-premises and cloud-based infrastructure are covered.

1. Network Protection – Prevent network-based attacks on devices.
2. Exploit Protection – Block exploits including zero days.
3. Reputation Analysis – Steer users and devices away from files and websites that have known malicious reputations.
4. Isolation – Help isolate hardware and firmware from web-based persistent threats.
5. Application Control – Update your defense against malware with cloud-based AI backed automated application control.
6. Antivirus – Use cloud-based, AI-backed intelligent AV for your endpoints.
7. Behavior Monitoring – Detect and block suspicious out-of-the-normal behavior with automated baseline behavior models.
8. ASR (attack surface reduction) – Enable built-in attack surface reduction rules to eliminate the basic vectors of attack and reduce the overall attack surface of your Windows endpoints.

Take Advantage of the Joint Cybersecurity Effort

Microsoft is part of a broad Cybersecurity Tech Accord coalition of companies that all report security telemetry to the Security Graph, and that partnership is growing larger every day. This Intelligent Security Association has a mission to help secure the world of tomorrow, improving all security products, and providing a common platform and repository for security researchers and experts to contribute to. Add in the real-world data that 800 million endpoints provide, and the odds are now stacked against cybercriminals and Advanced Threat Actors.

Implement Effective Post-Breach Response

As we talked about in Part 1 of this series, the new cybersecurity model is “assume breach” and preparing for breach means being able to effectively produce a post-breach response report that outlines how, what, where, and for how long your data or environment had been at risk.

Automating the details of that report are critical to ensuring a timely response by your organization when breach does occur, and Microsoft Defender ATP is the only solution with the global insight and intelligent security that provides deep insight into breaches in near real time.

In fact, the reporting side of Microsoft Defender ATP is as important a topic as its detection capabilities. With all the new global government regulations like GDPR, CCPA, and HIPPA, having this reporting available to meet these strict regulations , in some breach situations, within 72 hours you need to know everything about that breach and what was the scope.

Can Your Current Cybersecurity Solution Do All That?

Mostly likely not. Access to seasoned Microsoft Threat Experts and SecOps teams is the type of next-level services that only Microsoft offers. Global experience gained from monitoring and protecting 800 million endpoints gives Microsoft the edge in this cybersecurity contest.

From the smallest hack on a mom-and-pop shop to attacks on critical government and public infrastructure, Microsoft (and its partner Perficient) have the talent and expertise to help get you secure, and get you back to normal operation post-breach. That’s way more comforting than asking your in-house IT department to find the new persistent, file-less threat attacking your network at 3am.

Ready to implement all-encompassing cybersecurity with Microsoft Defender ATP? Sign up for your free trial and contact Perficient today for assistance.

What’s next…

Now that we’ve finished going over Microsoft Defender ATP, return in a few days and I’ll share Part 3 of this series that dives deeper into the Microsoft Intelligent Security Graph.

Microsoft Defender Atp For Linux

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

For more info about Windows 10 Enterprise Edition features and functionality, see Windows 10 Enterprise edition.

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Defender for Endpoint uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:

• Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and send this sensor data to your private, isolated, cloud instance of Microsoft Defender for Endpoint.

• Cloud security analytics: Leveraging big-data, device-learning, andunique Microsoft optics across the Windows ecosystem,enterprise cloud products (such as Office 365), and online assets, behavioral signalsare translated into insights, detections, and recommended responsesto advanced threats.

• Threat intelligence: Generated by Microsoft hunters, security teams,and augmented by threat intelligence provided by partners, threatintelligence enables Defender for Endpoint to identify attackertools, techniques, and procedures, and generate alerts when theyare observed in collected sensor data.

Microsoft Defender for Endpoint

Tip

• Learn about the latest enhancements in Defender for Endpoint: What's new in Microsoft Defender for Endpoint.
• Microsoft Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: Insights from the MITRE ATT&CK-based evaluation.

Threat & Vulnerability Management
This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

Attack surface reduction
The attack surface reduction set of capabilities provides the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, the capabilities resist attacks and exploitation. This set of capabilities also includes network protection and web protection, which regulate access to malicious IP addresses, domains, and URLs.

Next-generation protection
To further reinforce the security perimeter of your network, Microsoft Defender for Endpoint uses next-generation protection designed to catch all types of emerging threats.

Endpoint detection and response
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. Advanced hunting provides a query-based threat-hunting tool that lets you proactively find breaches and create custom detections.

Automated investigation and remediation
In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.

Microsoft Secure Score for Devices

Microsoft Defender Atp For Mac

Defender for Endpoint includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.

Microsoft Threat Experts
Microsoft Defender for Endpoint's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.

Microsoft Defender Atp Antivirus

Important

Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.

If you are not enrolled yet and would like to experience its benefits, go to Settings >General >Advanced features >Microsoft Threat Experts to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription.

Microsoft Defender Atp Download

Centralized configuration and administration, APIs
Integrate Microsoft Defender for Endpoint into your existing workflows.

Integration with Microsoft solutions
Defender for Endpoint directly integrates with various Microsoft solutions, including:

Microsoft Defender Atp Logo

• Azure Defender
• Azure Sentinel
• Intune
• Microsoft Cloud App Security
• Microsoft Defender for Identity
• Microsoft Defender for Office
• Skype for Business

Microsoft 365 Defender
With Microsoft 365 Defender, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.