Microsoft Defender ATP in Microsoft Threat Protection

Applies to:

Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace.

For more information on Microsoft Threat Protection, see Announcing Microsoft Threat Protection.

Microsoft's multiple layers of threat protection across data, applications, devices, and identities can help protect your organization from advanced cyber threats.

Each layer in the threat protection stack plays a critical role in protecting customers. The deep integration between these layers results in better protected customers.

Azure Advanced Threat Protection (Azure ATP)

Suspicious activities are processes running under a user context. The integration between Microsoft Defender ATP and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities.

Azure Security Center

Microsoft Defender ATP provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.

Azure Information Protection

Keep sensitive data secure while enabling productivity in the workplace through data discovery and data protection.

Conditional Access

Microsoft Defender ATP's dynamic machine risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources.

Microsoft Cloud App Security

Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored machines.

Office 365 Advanced Threat Protection (Office 365 ATP)

Office 365 ATP helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender ATP enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.


Office 365 ATP data is displayed for events within the last 30 days. For alerts, Office 365 ATP data is displayed based on first activity time. After that, the data is no longer available in Office 365 ATP.

Skype for Business

The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal.