Windows Defender ATP preview features

Applies to:

  • Windows 10 Enterprise
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 10 Pro Education
  • Windows Defender Advanced Threat Protection (Windows Defender ATP)

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities.

Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.

You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.

Turn on the preview experience setting to be among the first to try upcoming features.

  1. In the navigation pane, select Preferences setup > Preview experience.

    Image of Preferences setup and preview experience

  2. Toggle the setting between On and Off and select Save preferences.

Preview features

The following features are included in the preview release:

  • Configure non-persistent virtual desktop infrastructure (VDI) machines
    You can now onboard VDI machines to the Windows Defender ATP service.

  • Configure server endpoints
    Windows Defender ATP supports the onboarding of the following servers:

    • Windows Server 2012 R2
    • Windows Server 2016
  • View the Windows Defender ATP Security analytics dashboard
    The Security Analytics dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.

  • Restrict app execution
    You can lock down a device and prevent subsequent attempts of potentially malicious programs from running.

  • Run Windows Defender Antivirus scan on a machine
    As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine.

  • Manage machine group and tags
    Machine group and tags support proper mapping of the network, enabling you to attach different tags to machines to capture context and to enable dynamic groups creation as part of an incident.

  • Create and build Power BI reports using Windows Defender ATP data
    Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.

  • Use the Windows Defender ATP exposed APIs
    Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.