Windows Defender Advanced Threat Protection Service To Get Autoremediation Capabilities Later This Year

Windows Defender Advanced Threat Protection (ATP) has hit a new milestone, and it soon will be capable of fixing security issues, instead of just detecting them.

Initially, the Windows Defender ATP service was described by Microsoft as a post-breach analysis tool to be used after an organization had experienced a security issue. Microsoft combines machine learning and security personnel expertise to deliver this forensics support with the service.

However, Microsoft has been working to integrate the service with security automation and remediation technology it acquired when it bought Hexadite, making Windows Defender ATP a tool that can fix security problems, too. Today Microsoft announced that it has completed that integration work. A preview of Windows Defender ATP with the new autoremediation capabilities is expected to be available sometime "later this year," Microsoft's announcement indicated.

The integrated Hexadite technology is designed to take over the forensic work that typically might have been done manually by humans. It uses artificial intelligence technology as part of that process.

Here's how Microsoft's announcement described it:

This [integration of Hexadite's technology] enables Windows Defender ATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting Windows Defender ATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. With this addition, Windows Defender ATP now covers the end-to-end threat lifecycle from detection to investigation and response automatically.

In late June, Microsoft described a forthcoming "Windows Defender ATP console" that will provide a single-pane security view, showing information from new security features. For instance, it'll show information from Windows Defender Exploit Guard (which blocks macros and executable files) and Windows Defender Application Guard (which protects the operating system from potentially malicious Web content at untrusted sites), among other such integrations. This "smarter" console is expected to appear with arrival of the Windows 10 "fall creators update," which Microsoft indicated would be available on Oct. 17.

The Windows Defender ATP service is currently available to Microsoft 365 Enterprise E5 subscribers, as shown in the table here, although the Hexadite technology aspect is yet to come. Microsoft recently changed its licensing branding to "Microsoft 365" from its older "Secure Productive Enterprise" name. For background on that switch, see this article.

Windows Defender ATP first reached "general availability" status last year when Microsoft released the Windows 10 "anniversary update," according to a Microsoft spokesperson. However, the service still gets new features added, which typically arrive in preview form first.

Microsoft's future plans for Windows Defender ATP include support for Windows Server products as well, "starting with Windows Server 2012 R2 and 2016 releases," Microsoft had indicated back in late June. In addition, Windows Defender ATP support is being planned for "more platforms beyond Windows," Microsoft had said.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.