Windows Defender Advanced Threat Protection

Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.


A complete security solution

Agentless, cloud-powered

No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date.

Unparalleled optics

Built into Windows 10 for deeper insights. Exchanges signals with the Microsoft Intelligent Security Graph.

Automated security

Take your security to a new level, by going from alert to remediation in minutes – at scale.

Synchronized defense

Microsoft 3651 shares detection and exploration – across devices, identities and information - to speed up response and recovery.

Windows Defender ATP helps stop breaches

The security platform for intelligent protection, detection, investigation, and response. Windows Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. Security and data privacy is our priority. Windows Defender ATP is ISO 27001 certified.


Automation: From alert to remediation at scale - in minutes

Automatically investigate alerts and remediate complex threats in minutes. Applies industry best practices and intelligent decision-making algorithms to determine whether a threat - file or file-less - is active and what action to take.

Protect your business from advanced threats

Through the power of the cloud, machine learning and behavior analytics, Windows Defender ATP provides connected pre-breach protection.

Laptop sitting on desk displaying Windows Defender center on screen

Laptop sitting on desk displaying Windows Defender center on screen

Network protection

Prevent network-based attacks from attacking devices.

Exploit protection

Block exploitation of unpatched vulnerabilities including zero-days.

Reputation analysis

Steer users and devices clear of files and websites with malicious reputations.


When it comes to protecting devices from web-based threats, hardware based isolation changes the game.

Application control

Change your malware defense strategy, using the power of the cloud to automate application control.


Dynamic, cloud powered intelligence, defends you against known and unknown malware threats.

Behavior monitoring

Block malicious and suspicious behaviors using advanced runtime analysis.

Attack surface reduction

Eliminate the vectors of attack adversaries depend on by reducing the total surface area of attack.

Innovative Endpoint Detection and Response (EDR)

Cyber attacks remain a serious threat. Windows Defender ATP detects network attacks and data breaches, and gives you the insights and tools to close incidents quickly. Security and data privacy is our priority. Windows Defender ATP is ISO 27001 certified.

Surface laptop with Windows Defender Center on screen

Surface laptop with Windows Defender Center on screen

Detecting the undetectable

Spot attacks and zero-day exploits using advanced behavioral analytics and Machine Learning.

Uncover scope of breach

Visually investigate forensic evidence across your endpoints to easily uncover scope of breach.

Hunt interactively

Rapid access to 6 months of historical data to search and explore across endpoints.

Save time

Windows Defender ATP gives you the data within seconds, rather than tracking and tracing for hours.

Custom detections

Upload your own Indicators of Compromise (IOC) to be alerted by your custom Threat Intelligence.


Submit suspicious files for a deep inspection, and see a full analysis report in minutes.

See what our customers are saying

Read about how Windows Defender ATP is making a real impact with organizations across the globe, and keeping their employees and information safe.

One solution to protect, detect, and respond to advanced attacks

Customer security is a top priority, and we know that a mix of devices doesn’t always mean Windows. So, we’ve worked with industry partners to enable Windows Defender ATP to detect, protect and respond to threats on macOS, Linux, iOS and Android.

Windows Servers Windows Server 2016
Windows Server 2012R2
Supported Windows versions Windows 10 Windows 10
Windows 8.12
Windows 7 SP12
Other platforms (via partners) Android

Featured partners

Get started with Windows Defender ATP

We are continuously adding new capabilities and enhancements to our service – opt-in for public preview and be one of the first to try them out.


Reference the following research, reports, and webinars to get the very most out of Windows 10 security features like Windows Defender ATP.

Discover the right Windows 10 solutions for you

Windows 10 gives you the tools and solutions to do more and stay secure. Harness the power of the cloud to reduce the complexity of managing today's IT device environment.

Co-workers collaborating at table in open office

Co-workers collaborating at table in open office

Windows 10 Enterprise

Windows 10 Enterprise addresses the needs of large & midsize organizations, providing IT professionals with comprehensive device and app management.

Microsoft 365

A complete, intelligent solution, which brings together the best of Office 365, Windows 10 Enterprise, and Enterprise Mobility + Security, empowering everyone to be creative and work together, securely.

1 Some separate subscriptions may be required.
Currently in public preview.
TM Forrester is a registered trademark and service mark of Forrester, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. The Total Economic Impact™ Of Microsoft Windows Defender Advanced Threat Protection.