Microsoft Expands Advanced Threat Protection Preview for Windows 10 Clients

Microsoft announced today that it has expanded its Windows Defender Advanced Threat Protection service preview to "IT professionals and enterprise customers."

They can sign up to test the preview at this page. Microsoft first unveiled the Windows Defender Advanced Threat Protection preview back in March, suggesting that some early adopter companies had been testing it. However, it wasn't broadly available then, apparently.

Windows Defender Advanced Threat Protection is a post-breach machine-learning analysis service for Windows 10 clients. It shares the "Windows Defender" name, but this service is different from the client antimalware solution built into Windows clients. Windows Defender for clients tries to block malware up front, whereas the Windows Defender Advanced Threat Protection service kicks in after a security breach occurs, per Microsoft's announcement:

With a combination of client technology built into Windows 10 and a robust cloud service, it (Windows Defender Advanced Threat Protection) will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.

Windows Defender Advanced Threat Protection is currently being used across Microsoft's own network, "protecting more than 500,000 endpoints."

Microsoft has suggested the service can remove the drudgery of having to search through logs to detect security breaches. The service taps sensors in Windows clients using an "intelligent security graph" technology. It sends the info to an organization's "private, isolated, cloud instance of Windows Defender ATP," according to a TechNet library article description. Microsoft combines machine learning techniques and the security expertise of its partners to identify the attacks.

IT pros get a Windows Defender Advanced Threat Protection dashboard, which shows alerts. They can "drill down into security alerts and understand the scope and nature of a potential breach," Microsoft's TechNet article explained. Users can investigate files, IP addresses and malicious domains. It's also possible to submit files for analysis by Microsoft and its partners using the portal.

Setting up the service involves assigning end users via Azure Active Directory. It also seems that Group Policy, System Center Configuration Manager or scripting can be used for such "endpoint onboarding," per this TechNet article description.

The only clear requirement Microsoft lists for using the service is having Windows 10 Preview Build 14332 (or later) clients in place for testing. The service isn't available for Windows 7 or Windows 8.1 clients. The preview of this service doesn't support mobile versions of Windows or endpoints running Windows Server.

Microsoft isn't disclosing pricing details at this point. And the service's commercial availability will happen after Microsoft completes its testing, although the release is targeted for "later this year."

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.