Get started with Microsoft Defender Advanced Threat Protection

Applies to:


Learn about the minimum requirements and initial steps you need to take to get started with Microsoft Defender ATP.

The following capabilities are available across multiple products that make up the Microsoft Defender ATP platform.

Threat & Vulnerability Management
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience.

Attack surface reduction
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.

Next generation protection
To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.

Endpoint detection and response
Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.

Auto investigation and remediation
In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.

Secure score
Microsoft Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.

Microsoft Threat Experts
Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.

Advanced hunting
Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Microsoft Defender Security Center.

Management and APIs
Integrate Microsoft Defender Advanced Threat Protection into your existing workflows.

Microsoft threat protection
Bring the power of Microsoft Threat Protection to your organization.

In this section

Topic Description
Minimum requirements Learn about the requirements for onboarding machines to the platform.
Validate licensing and complete setup Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
Preview features Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
Data storage and privacy Explains the data storage and privacy details related to Microsoft Defender ATP.
Assign user access to the portal Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
Evaluate Microsoft Defender ATP Evaluate the various capabilities in Microsoft Defender ATP and test features out.
Access the Microsoft Defender Security Center Community Center The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product.