Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see Secure your remote workforce.
Microsoft Defender ATP
Threat & Vulnerability Management
This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
- Risk-based Threat & Vulnerability Management
- Supported operating systems and platforms
- What's in the dashboard and what it means for my organization
- Exposure score
- Microsoft Secure Score for Devices
- Security recommendations
- Software inventory
Attack surface reduction
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
- Hardware based isolation
- Application control
- Device control
- Exploit protection
- Network protection, web protection
- Controlled folder access
- Network firewall
- Attack surface reduction rules
To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats.
- Behavior monitoring
- Cloud-based protection
- Machine learning
- URL Protection
- Automated sandbox service
Endpoint detection and response
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to intrusion attempts and active breaches. With Advanced hunting, you have a query-based threat-hunting tool that lets your proactively find breaches and create custom detections.
- Historical endpoint data
- Response orchestration
- Forensic collection
- Threat intelligence
- Advanced detonation and analysis service
- Advanced hunting
Automated investigation and remediation
In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
- Automated investigation and remediation
- View details and results of automated investigations
- View and approve remediation actions
Microsoft Defender ATP includes a Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
Microsoft Threat Experts
Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately.
- Targeted attack notification
- Configure your Microsoft Threat Protection managed hunting service
Centralized configuration and administration, APIs
Integrate Microsoft Defender Advanced Threat Protection into your existing workflows.
- API and SIEM integration
- Exposed APIs
- Role-based access control (RBAC)
- Reporting and trends
Integration with Microsoft solutions
Microsoft Defender ATP directly integrates with various Microsoft solutions, including:
- Office 365 ATP
- Azure ATP
- Azure Security Center
- Skype for Business
- Microsoft Cloud App Security
Microsoft Threat Protection
With Microsoft Threat Protection, Microsoft Defender ATP and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.