Microsoft Defender ATP preview features

Applies to:

The Microsoft Defender ATP service is constantly being updated to include new feature enhancements and capabilities.

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.

For more information on new capabilities that are generally available, see What's new in Microsoft Defender ATP.

Turn on preview features

You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.

Turn on the preview experience setting to be among the first to try upcoming features.

  1. In the navigation pane, select Settings > Advanced features > Preview features.

  2. Toggle the setting between On and Off and select Save preferences.

Preview features

The following features are included in the preview release:

  • Evaluation lab
    The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of machine and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.

  • Windows Server 2008 R2 SP1
    You can now onboard Windows Server 2008 R2 SP1.

  • Microsoft Defender ATP for Mac
    Microsoft Defender ATP for Mac brings the next-generation protection, and endpoint detection and response coverage to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices.

  • Live response
    Get instantaneous access to a machine using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats – real-time.

  • Threat & Vulnerability Management
    A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

  • Machine health and compliance report The machine health and compliance report provides high-level information about the devices in your organization.

  • Information protection
    Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. Microsoft Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices.


    Partially available from Windows 10, version 1809.

  • Integration with Microsoft Cloud App Security
    Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored machines.


    Available from Windows 10, version 1809 or later.

  • Onboard Windows Server 2019
    Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines.

  • Power BI reports using Microsoft Defender ATP data
    Microsoft Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.

Want to experience Microsoft Defender ATP? Sign up for a free trial.