Microsoft Defender Advanced Threat Protection
Discover vulnerabilities and misconfigurations in real time
Bring security and IT together with Threat and Vulnerability Management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.
Get expert-level threat monitoring and analysis
Empower your security operations centers with Microsoft Threat Experts. Get deep knowledge, advanced threat monitoring, analysis, and support to identify critical threats in your unique environment.
Quickly go from alert to remediation at scale with automation
Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to determine whether a threat is active and what action to take.
Block sophisticated threats and malware
Defend against never-before-seen polymorphic and metamorphic malware and fileless and file-based threats with next-generation protection.
Detect and respond to advanced attacks with behavioral monitoring
Spot attacks and zero-day exploits with endpoint detection and response using advanced behavioral analytics and machine learning. Get instant access to compromised machines to further investigate threats.
Elevate your security teams and streamline workflows
Gain visibility to assess and configure your security with a dedicated security management experience. Use a variety of APIs to help streamline your security workflows.
See what our customers are saying
Get started with Microsoft Defender ATP
Opt in for public preview to try new capabilities and enhancements.
Microsoft Defender ATP is a unified endpoint security platform for preventative protection, post-breach detection, automated investigation, and response.
We offer cross-platform support via our first-party offerings and through partners:
Windows Servers: Windows Server 2019, Windows Server 2016, Windows Server 2012R2, Windows Server 2008R2.
Client platforms: Windows 10, Windows 8.1, Windows 7 SP1, macOS
Additional platform support via partners for macOS, Linux, Android, iOS
Our solution is cloud powered, giving you the latest protection. On Windows 10, it’s completely agentless. Unparalleled optics into the threat landscape offer better detections. Automated response empowers your security teams. Tight integration with the Microsoft Security portfolio enables protection across the entire kill chain.
Threat and Vulnerability Management.
Tools to surgically reduce the attack surface.
Next-generation protection to block threats and malware.
Endpoint detection and response to detect advanced attacks.
Automated investigation and remediation of threats.
Managed threat-hunting service.
Threat and Vulnerability Management offers security and IT teams the ability to discover vulnerabilities and misconfigurations continuously in real time. It offers context-aware prioritization of issues and has a built-in, end-to-end remediation process.
Attack surface reduction helps to eliminate risky or unnecessary attack vectors and restricts dangerous code from running. It allows you to harden your systems and to visualize and assess the impact of implementing granular controls.
Next-generation protection offers real-time, behavioral-based protection and leverages machine learning and deep analysis to block fileless and file-based threats. It also offers runtime emulation, sandboxing, reputation analysis, and script and memory scanning.
EDR monitors behaviors and attacker techniques to detect and respond to advanced attacks in real time. It records behaviors like file and process creation and network connections, and offers proactive hunting and investigation across six months of historical data.
AutoIR leverages artificial intelligence to automatically investigate alerts and remediate complex threats in minutes. It mimics the exact steps an analyst would take, saving time and allowing your security teams to focus on the threats that matter most.
Microsoft Threat Experts is a threat-managed hunting service that provides expert-level monitoring and support to help security operation centers (SOC) respond to critical threats in their unique environment.
Centralized management and reporting allow you to assess and configure your security and quickly understand your security posture to report back to stakeholders. Rich APIs enable you to integrate solutions and streamline security workflows.
No. Our antimalware solution is one of the best in the industry, consistently achieving high scores in independent tests, demonstrating the strength of our enterprise threat protection capabilities. Check out our AV test results to see for yourself.
Yes. Through AMSI, behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender ATP can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
Yes. Machines that can’t connect to the internet still have client-based machine learning, behavioral analysis, heuristics, fileless detection, and process monitoring for protection. Check out the in-depth guidelines for protecting disconnected devices.
Yes. Microsoft Defender ATP can scale to nearly unlimited endpoints in your organization. Some of our customers have scaled far beyond this, in some cases scaling to more than one million endpoints.
Microsoft Defender ATP is built into the operating system, therefore, it’s agentless for newer Windows versions. Since Microsoft Defender ATP is a cloud-powered endpoint security solution, there is no on-premises infrastructure required.
Starting with Windows 10 1703 and Windows Server 2012R2, there is nothing to install, it’s agentless. See the onboarding guidance for more information and to learn about requirements for other platforms.
Access is controlled in two ways:
Basic permissions management: Set permissions to either full access or read-only access.
Role-based access control (RBAC): Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups.
Our current certifications are:
FedRAMP High on Azure Commercial and Azure Gov
ISO 27001, ISO 27018, ISO 22301
SOC I, II, III
DISA L4 Accreditation
Microsoft Defender ATP easily integrates with Azure AD, Azure ATP, Azure Security Center, Azure Information Protection, Microsoft Cloud App Security, Microsoft Endpoint Manager, and Office 365 ATP. It’s part of the integrated Microsoft Threat Protection experience for detection, investigation, and remediation across endpoints, email, documents, identity, and infrastructure.
* Some separate subscriptions may be required.
TM Forrester is a registered trademark and service mark of Forrester, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. The Total Economic Impact™ of Microsoft Defender Advanced Threat Protection.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.