Microsoft Expands Advanced Threat Protection Preview for Windows 10 Clients

Microsoft announced today that it has expanded its Windows Defender Advanced Threat Protection service preview to "IT professionals and enterprise customers."

They can sign up to test the preview at this page. Microsoft first unveiled the Windows Defender Advanced Threat Protection preview back in March, suggesting that some early adopter companies had been testing it. However, it wasn't broadly available then, apparently.

Windows Defender Advanced Threat Protection is a post-breach machine-learning analysis service for Windows 10 clients. It shares the "Windows Defender" name, but this service is different from the client antimalware solution built into Windows clients. Windows Defender for clients tries to block malware up front, whereas the Windows Defender Advanced Threat Protection service kicks in after a security breach occurs, per Microsoft's announcement:

With a combination of client technology built into Windows 10 and a robust cloud service, it (Windows Defender Advanced Threat Protection) will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.

Windows Defender Advanced Threat Protection is currently being used across Microsoft's own network, "protecting more than 500,000 endpoints."

Microsoft has suggested the service can remove the drudgery of having to search through logs to detect security breaches. The service taps sensors in Windows clients using an "intelligent security graph" technology. It sends the info to an organization's "private, isolated, cloud instance of Windows Defender ATP," according to a TechNet library article description. Microsoft combines machine learning techniques and the security expertise of its partners to identify the attacks.

IT pros get a Windows Defender Advanced Threat Protection dashboard, which shows alerts. They can "drill down into security alerts and understand the scope and nature of a potential breach," Microsoft's TechNet article explained. Users can investigate files, IP addresses and malicious domains. It's also possible to submit files for analysis by Microsoft and its partners using the portal.

Setting up the service involves assigning end users via Azure Active Directory. It also seems that Group Policy, System Center Configuration Manager or scripting can be used for such "endpoint onboarding," per this TechNet article description.

The only clear requirement Microsoft lists for using the service is having Windows 10 Preview Build 14332 (or later) clients in place for testing. The service isn't available for Windows 7 or Windows 8.1 clients. The preview of this service doesn't support mobile versions of Windows or endpoints running Windows Server.

Microsoft isn't disclosing pricing details at this point. And the service's commercial availability will happen after Microsoft completes its testing, although the release is targeted for "later this year."

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.