Microsoft Defender Advanced Threat Protection

Microsoft Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.


A complete security solution

Agentless, cloud-powered

No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date.

Unparalleled optics

Built into Windows 10 for deeper insights. Exchanges signals with the Microsoft Intelligent Security Graph.

Automated security

Take your security to a new level, by going from alert to remediation in minutes – at scale.

Synchronized defense

Microsoft 3651 shares detection and exploration – across devices, identities and information - to speed up response and recovery.

Announcing Threat & Vulnerability Management

Threat and Vulnerability Management is a new capability within Microsoft Defender ATP designed to empower security teams to discover, prioritize and remediate vulnerabilities, and misconfigurations.


Announcing Microsoft Threat Experts

Microsoft Threat Experts further empowers your Security Operations Centers by providing them with deep knowledge, expert level threat monitoring, analysis, and support to identify critical threats in your unique environment.


Microsoft Defender ATP helps stop breaches

The security platform for intelligent protection, detection, investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. Security and data privacy is our priority. Microsoft Defender ATP is ISO 27001 certified.


Automation: From alert to remediation at scale - in minutes

Automatically investigate alerts and remediate complex threats in minutes. Applies industry best practices and intelligent decision-making algorithms to determine whether a threat - file or file-less - is active and what action to take.

Protect your business from advanced threats

Through the power of the cloud, machine learning and behavior analytics, Microsoft Defender ATP provides connected pre-breach protection.

Laptop sitting on desk displaying Microsoft Defender center on screen

Laptop sitting on desk displaying Windows Defender center on screen

Network protection

Prevent network-based attacks from attacking devices.

Exploit protection

Block exploitation of unpatched vulnerabilities including zero-days.

Reputation analysis

Steer users and devices clear of files and websites with malicious reputations.


When it comes to protecting devices from web-based threats, hardware based isolation changes the game.

Application control

Change your malware defense strategy, using the power of the cloud to automate application control.


Dynamic, cloud powered intelligence, defends you against known and unknown malware threats.

Behavior monitoring

Block malicious and suspicious behaviors using advanced runtime analysis.

Attack surface reduction

Eliminate the vectors of attack adversaries depend on by reducing the total surface area of attack.

Innovative Endpoint Detection and Response (EDR)

Cyber attacks remain a serious threat. Microsoft Defender ATP detects network attacks and data breaches, and gives you the insights and tools to close incidents quickly.

Surface laptop with Microsoft Defender Center on screen

Surface laptop with Windows Defender Center on screen

Detecting the undetectable

Spot attacks and zero-day exploits with deep optics into the OS and by using advanced behavioral analytics and Machine Learning.

Uncover scope of breach

Visually investigate forensic evidence across your organization to easily uncover scope of breach.

Proactively hunt

Rapid access to 6 months of historical data to search and explore across endpoints.

Save time

Microsoft Defender ATP gives you the data within seconds, rather than tracking and tracing for hours.

Custom detections

Write your own detections or upload your own Indicators of Compromise (IOC) to be alerted by your own Threat Intelligence.

Interactive reports

Understand the nature of significant and emerging threats, assess impact on your environment and get recommended actions to increase security resilience.


Submit suspicious files for a deep inspection and see a full analysis report in minutes. Easily understand what the file is capable to do.

See what our customers are saying

Read about how Microsoft Defender ATP is making a real impact with organizations across the globe, and keeping their employees and information safe.

One solution to protect, detect, and respond to advanced attacks

Customer security is a top priority, and we know that a mix of devices doesn’t always mean Windows. So, we’ve worked with industry partners to enable Microsoft Defender ATP to detect, protect and respond to threats on macOS, Linux, iOS and Android.

Windows Servers
Windows Server 2016
Windows Server 2012R2
Supported Windows versions Windows 10
Windows 10
Windows 8.12
Windows 7 SP12
Other platforms (via partners)
macOS (currently in preview)

Featured partners

Get started with Microsoft Defender ATP

We are continuously adding new capabilities and enhancements to our service – opt-in for public preview and be one of the first to try them out.


Reference the following research, reports, and webinars to get the very most out of Windows 10 security features like Microsoft Defender ATP.

Discover the right Windows 10 solutions for you

Windows 10 gives you the tools and solutions to do more and stay secure. Harness the power of the cloud to reduce the complexity of managing today's IT device environment.

Co-workers collaborating at table in open office

Co-workers collaborating at table in open office

Windows 10 Enterprise

Windows 10 Enterprise addresses the needs of large & midsize organizations, providing IT professionals with comprehensive device and app management.

Microsoft 365

A complete, intelligent solution, which brings together the best of Office 365, Windows 10 Enterprise, and Enterprise Mobility + Security, empowering everyone to be creative and work together, securely.

1 Some separate subscriptions may be required.
2 Currently in public preview.
TM Forrester is a registered trademark and service mark of Forrester, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. The Total Economic Impact™ Of Microsoft Defender Advanced Threat Protection.