Windows Defender ATP (Advanced Threat Protection) service has been expanded to providing end-to-end protection for Windows endpoints by adding support for Windows Server 2012R2 and 2016 endpoints.
Features such as prevention, detection, investigation, response and management, are all now available in the Windows Defender ATP (WDATP) Windows 10 Fall Creators Update.
The centralized management for managing various Windows Security stack products, is now available in System Center Configuration Manager (SCCM) starting with version 1710, and in Microsoft Intune. In addition, enhanced VDI support for organizations wanting to secure their desktop virtualization environment is added, too.
See events reported across the stack in each machine's timeline, including:
"Windows security features working in unison – Get visibility into security alerts coming from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard."
Here's what Security Operations (SecOps) is now able to achieve:
- See alerts and events from Windows Defender SmartScreen that show if an employee within the company clicked on a specific URL despite receiving warning message
- See Windows Defender Device Guard events surfacing attempts to run unauthorized applications that have been restricted from running in the organization
- See applications blocked or audited by the Windows Defender Exploit Guard protection rules
- See Windows Defender Antivirus detections and Windows Defender Firewall blocks
- View security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers
Highlights on some more features:
Detection capabilities are evolved now provide visibility into dynamic script-based attacks, network explorations, and keylogging alerts, as well as enhanced alerts, showing more data, introduces automatic detection correlation and grouping of related alerts.
In addition, a new ability to manage high value assets by tags and grouping capabilities is added as well. Also, response capabilities are enhanced, now add more granular machine isolation, ability to restrict machine to run only trusted binaries and initiating Windows Defender AV update and scan.
Security Analytics, a new dashboard sheds light on configuration issues and provide view to machines where security features are misconfigured or out of date. The dashboard also provides view into top non-compliant machines sorted by number of issues and provide recommendation on actions to take.
Customized reporting created with Power BI report, provides view on alerts, for example: severity and time to resolve, and machines, for example: sensor health state and OS platform, domain.
Programmatic APIs, part of Microsoft Intelligence Security Graph, enable automating workflows and innovate based on Windows Defender ATP capabilities.
If interested, you can start experiencing all this new capabilities by joining 90-day free trial.