Microsoft Expands Advanced Threat Protection Preview for Windows 10 Clients
Microsoft announced today that it has expanded its Windows Defender Advanced Threat Protection service preview to "IT professionals and enterprise customers."
They can sign up to test the preview at this page. Microsoft first unveiled the Windows Defender Advanced Threat Protection preview back in March, suggesting that some early adopter companies had been testing it. However, it wasn't broadly available then, apparently.
Windows Defender Advanced Threat Protection is a post-breach machine-learning analysis service for Windows 10 clients. It shares the "Windows Defender" name, but this service is different from the client antimalware solution built into Windows clients. Windows Defender for clients tries to block malware up front, whereas the Windows Defender Advanced Threat Protection service kicks in after a security breach occurs, per Microsoft's announcement:
With a combination of client technology built into Windows 10 and a robust cloud service, it (Windows Defender Advanced Threat Protection) will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
Windows Defender Advanced Threat Protection is currently being used across Microsoft's own network, "protecting more than 500,000 endpoints."
Microsoft has suggested the service can remove the drudgery of having to search through logs to detect security breaches. The service taps sensors in Windows clients using an "intelligent security graph" technology. It sends the info to an organization's "private, isolated, cloud instance of Windows Defender ATP," according to a TechNet library article description. Microsoft combines machine learning techniques and the security expertise of its partners to identify the attacks.
IT pros get a Windows Defender Advanced Threat Protection dashboard, which shows alerts. They can "drill down into security alerts and understand the scope and nature of a potential breach," Microsoft's TechNet article explained. Users can investigate files, IP addresses and malicious domains. It's also possible to submit files for analysis by Microsoft and its partners using the portal.
Setting up the service involves assigning end users via Azure Active Directory. It also seems that Group Policy, System Center Configuration Manager or scripting can be used for such "endpoint onboarding," per this TechNet article description.
The only clear requirement Microsoft lists for using the service is having Windows 10 Preview Build 14332 (or later) clients in place for testing. The service isn't available for Windows 7 or Windows 8.1 clients. The preview of this service doesn't support mobile versions of Windows or endpoints running Windows Server.
Microsoft isn't disclosing pricing details at this point. And the service's commercial availability will happen after Microsoft completes its testing, although the release is targeted for "later this year."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.