Windows Defender Advanced Threat Protection

Detect, investigate and respond to advanced attacks.

start trialRequest a quote
Security shield icon

Post-breach detection, investigation and response

Even the best endpoint defenses will be breached eventually, as cyberattacks become more sophisticated and targeted. Windows Defender Advanced Threat Protection (ATP) helps our enterprise customers detect, investigate, and respond to advanced attacks and data breaches on their networks.

Windows Defender ATP app screenshot on generic device

Detect Attacks

Detect attacks and zero days using advance behavioral analytics and Machine Learning.

Uncover scope of breach

Visually investigate forensic evidence across your endpoints to easily uncover scope of breach.

Interactively hunt

Instantaneously search and explore 6 months of historical data across endpoints.

Respond and remediate

Quickly respond to contain the attack and prevent reoccurrence.

Protect icon


Today’s cloud-first, mobile-first world demands the highest level of identity & data security.

Windows Defender Advanced Threat Protection

Cloud detect icon


Comprehensive monitoring tools to help you spot abnormalities and respond to attacks faster.

Respond icon


Leading response and recovery technologies plus deep consulting expertise.

The Windows Defender ATP Advantage

Detecting the undetectable

Sensors built deep into the operating system kernel, Windows security experts, and unique optics from over 1B machines and signals across all Microsoft services.

Built in, not bolted on

Agentless with high performance and low impact, cloud-powered; easy management with no deployment.

Single pane of glass for windows security

Explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Windows Defender Antivirus and Device Guard.

The power of the Microsoft graph

Leverages the Microsoft Intelligence Security Graph to integrate detection and exploration with Office 365 ATP subscription, to track back and respond to attacks.

Windows 10 Creators Update advances security and best-in-class modern IT tools

What's new in Windows Defender ATP

How we protect your business from advanced threats

Windows Defender ATP combines sensors built-in to the operating system with a powerful security cloud service enabling Security Operations to detect, investigate, contain, and respond to advanced attacks against their network.

ATP icon

Agentless, built into the OS

Windows Defender Advanced Threat Protection (ATP) is powered by behavioral sensors built into Windows 10.

Cloud icon

Powered by the Cloud

The security analytics cloud detects attacks that have made it past all other defenses, using behavioral and Machine Learning detections over new and historical information to identify attacks.

People icon

Unparalleled Expertise and Data

Fueled by a combination of unparalleled threat optics and deep OS security and big data expertise.

Looking for mobile solutions for your industry?

view industry solutions
Businessman typing at a desktop computer

Windows Defender ATP Research

Read the research
Screenshot from Windows Defender ATP

Uncovering cross-process injection with Windows Defender ATP

Read the story
Ransomware graph

Post Breach Dealing with Advanced Threats Whitepaper

Advanced Threats white paper
Close up view of keys on keyboard, backlit by light

The New Post-Breach Approach to Endpoint Security

Watch the webcast