• Insights

Microsoft Defender Advanced Threat Protection – Are your endpoints well protected against cyberthreats?

Mohamed Kamel

2 min read

All Insights

UPDATE (December, 2020):
Recently, Microsoft has changed the name of their Defender technologies including Advanced Threat Protection. The new names of each product are:

  • Microsoft 365 Defender (previously Microsoft Threat Protection).
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection).
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection).
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection).

When considering IT security, there are many things to worry about, including security updates and patches, anti-malware, and ransomware attacks. There are common methods used to address these concerns, traditionally relying on strong patch management by applying patches on a monthly or even weekly basis. This is not enough.

In response to the current threat landscape, Microsoft has made it easier to protect your endpoints and infrastructure against attacks and data breaches by developing an excellent enterprise endpoint security platform called “Microsoft Defender Advanced Threat Protection” (Defender ATP).

Microsoft defines this tool as “an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

This product can help you answer important questions such as “what KBs are missing?” or “how well are the network configurations secured?” This tool helps you with remediation by providing detailed explanations of detected threats or incidents and how to address them.

How does Defender ATP work?

Defender ATP uses a combination of technologies, including sensors integrated into the Windows 10 operating system that detect suspicious activity and Microsoft cloud services that leverage big data and online assets signals from Microsoft endpoints across the globe. All of that is analyzed and delivered to clients on dashboards that contain insights into the overall health of the environment as a score, threat and incident detection events, and recommendations that can be broken down to the computer or user level.

While Defender ATP has multiple security features, the Threat & Vulnerability Management dashboard is the most popular. It leverages software inventory information to deliver important KPIs (“Key Performance Indicators”), detections, and recommendations. As shown below, it provides scores for current exposures, device configuration, and exposure distribution.

Security Recommendations

Utilizing the information provided on the security recommendations page (pictured below) can be invaluable, as it prioritizes where to focus your efforts to harden your endpoints or infrastructure. These recommendations are a result of real-time scanning of endpoints summarized as actions to mitigate the risk.

License Requirements and Supported Platforms

  • Licensed via any of the following: Windows 10 Enterprise E5, Microsoft 365 E5 (M365 E5), or Microsoft 365 A5.
  • Supported operating systems: Windows 10 (1607 or later) Windows Server (2008 R2 up to 2019), Linux, Android, and MacOS.

What about Privacy?

Sensor data is stored in your private and isolated cloud instance that you configure when you start configuring Defender ATP.

Other benefits of Defender ATP

There are many benefits of leveraging Defender ATP. For instance, Advanced Hunting that comes with a decent library of queries either provided by the tool or developed by the security community and available on Github. Defender ATP also provides interactive reports and charts that summarizes important KPIs and reflect how well the environment is protected.

In summary, Defender ATP is an important tool to help ensure your endpoints are well protected through proactive management. To learn more, please schedule time with our team.

Security Operations Center