Microsoft Expands Advanced Threat Protection Preview for Windows 10 Clients

Microsoft announced today that it has expanded its Windows Defender Advanced Threat Protection service preview to "IT professionals and enterprise customers."

They can sign up to test the preview at this page. Microsoft first unveiled the Windows Defender Advanced Threat Protection preview back in March, suggesting that some early adopter companies had been testing it. However, it wasn't broadly available then, apparently.

Windows Defender Advanced Threat Protection is a post-breach machine-learning analysis service for Windows 10 clients. It shares the "Windows Defender" name, but this service is different from the client antimalware solution built into Windows clients. Windows Defender for clients tries to block malware up front, whereas the Windows Defender Advanced Threat Protection service kicks in after a security breach occurs, per Microsoft's announcement:

With a combination of client technology built into Windows 10 and a robust cloud service, it (Windows Defender Advanced Threat Protection) will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.

Windows Defender Advanced Threat Protection is currently being used across Microsoft's own network, "protecting more than 500,000 endpoints."

Microsoft has suggested the service can remove the drudgery of having to search through logs to detect security breaches. The service taps sensors in Windows clients using an "intelligent security graph" technology. It sends the info to an organization's "private, isolated, cloud instance of Windows Defender ATP," according to a TechNet library article description. Microsoft combines machine learning techniques and the security expertise of its partners to identify the attacks.

IT pros get a Windows Defender Advanced Threat Protection dashboard, which shows alerts. They can "drill down into security alerts and understand the scope and nature of a potential breach," Microsoft's TechNet article explained. Users can investigate files, IP addresses and malicious domains. It's also possible to submit files for analysis by Microsoft and its partners using the portal.

Setting up the service involves assigning end users via Azure Active Directory. It also seems that Group Policy, System Center Configuration Manager or scripting can be used for such "endpoint onboarding," per this TechNet article description.

The only clear requirement Microsoft lists for using the service is having Windows 10 Preview Build 14332 (or later) clients in place for testing. The service isn't available for Windows 7 or Windows 8.1 clients. The preview of this service doesn't support mobile versions of Windows or endpoints running Windows Server.

Microsoft isn't disclosing pricing details at this point. And the service's commercial availability will happen after Microsoft completes its testing, although the release is targeted for "later this year."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus