Windows Defender Advanced Threat Protection Service To Get Autoremediation Capabilities Later This Year

Windows Defender Advanced Threat Protection (ATP) has hit a new milestone, and it soon will be capable of fixing security issues, instead of just detecting them.

Initially, the Windows Defender ATP service was described by Microsoft as a post-breach analysis tool to be used after an organization had experienced a security issue. Microsoft combines machine learning and security personnel expertise to deliver this forensics support with the service.

However, Microsoft has been working to integrate the service with security automation and remediation technology it acquired when it bought Hexadite, making Windows Defender ATP a tool that can fix security problems, too. Today Microsoft announced that it has completed that integration work. A preview of Windows Defender ATP with the new autoremediation capabilities is expected to be available sometime "later this year," Microsoft's announcement indicated.

The integrated Hexadite technology is designed to take over the forensic work that typically might have been done manually by humans. It uses artificial intelligence technology as part of that process.

Here's how Microsoft's announcement described it:

This [integration of Hexadite's technology] enables Windows Defender ATP customers to leverage state of the art AI technology to solve their alert volume challenges by letting Windows Defender ATP automatically investigate alerts, apply artificial intelligence to determine whether a threat is real and to determine what action to take, going from alert to remediation in minutes at scale. With this addition, Windows Defender ATP now covers the end-to-end threat lifecycle from detection to investigation and response automatically.

In late June, Microsoft described a forthcoming "Windows Defender ATP console" that will provide a single-pane security view, showing information from new security features. For instance, it'll show information from Windows Defender Exploit Guard (which blocks macros and executable files) and Windows Defender Application Guard (which protects the operating system from potentially malicious Web content at untrusted sites), among other such integrations. This "smarter" console is expected to appear with arrival of the Windows 10 "fall creators update," which Microsoft indicated would be available on Oct. 17.

The Windows Defender ATP service is currently available to Microsoft 365 Enterprise E5 subscribers, as shown in the table here, although the Hexadite technology aspect is yet to come. Microsoft recently changed its licensing branding to "Microsoft 365" from its older "Secure Productive Enterprise" name. For background on that switch, see this article.

Windows Defender ATP first reached "general availability" status last year when Microsoft released the Windows 10 "anniversary update," according to a Microsoft spokesperson. However, the service still gets new features added, which typically arrive in preview form first.

Microsoft's future plans for Windows Defender ATP include support for Windows Server products as well, "starting with Windows Server 2012 R2 and 2016 releases," Microsoft had indicated back in late June. In addition, Windows Defender ATP support is being planned for "more platforms beyond Windows," Microsoft had said.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.