Productivity Library

Explore simple ways to get going fast

Search below or click Finance, HR, Marketing, or Sales
Learn about Microsoft 365

Protect, detect, investigate, and respond to advanced threats

The cyberthreat landscape today requires an ongoing and relentless focus on security, and IT administrators need tools that help them prevent, protect, defend, and respond to threats in addition to modernizing their workplace to empower employee creativity and productivity. Windows Defender in Windows 10 Enterprise changes the game for security in organizations by protecting user identities, information, and devices from threats, with a comprehensive and fully integrated set of advanced security capabilities. Windows Defender provides both pre-breach threat resistance, removing or defending against the attack vectors used by the malware and hacking industry, and post-breach protection, detection, and response capabilities, all within a single end-to-end solution.

Get Started

1
Detect, investigate, and respond to security attacks

Enterprise organizations need investigation capabilities to drill down into security alerts and understand the scope and nature of a potential breach. The money and time spent on recovering from any large-scale breach can add up quickly.

Windows Defender Advanced Threat Protection (ATP) is a cloud-powered agent, built into Windows 10 Enterprise, that works behind the scenes to detect threats on the network and helps an IT team investigate and remediate data breaches. Windows Defender ATP uses behavior learning to detect attacks that have made it past all other defenses. That means that as the service runs on end users’ devices, it learns how to distinguish between normal and abnormal behavior for your organization. It draws on real-time and historic information to identify attacks and expose previously undetected threats, providing actionable alerts for known and unknown adversaries. A security operations console provides IT with an easy way to investigate alerts, proactively explore the network for signs of attacks, perform forensics of specific machines, track attacker actions across machines in the network, and get a detailed file footprint across the organization.

View Training

2
Protect against viruses and malware

Today, enterprise organizations are subject to increasingly sophisticated virus and malware attacks. Attackers and hackers are at work each day crafting new ways to sneak in to systems and steal sensitive data. These may come in the form of “zero-day attacks,” before organizations are even aware of the issue, or other highly orchestrated, targeted, and complex crimes.

Windows Defender Antivirus (AV) is built in to Windows 10 and provides virus and malware protection for desktop and mobile devices. Windows Defender AV makes extensive use of cloud-based detection, advanced real-time heuristics, and integrated reputation-based identification of files, URLs, and emails. These technologies, along with Microsoft’s detailed and rapid signature delivery system and malware analysis, work together to provide fast detection and pre-infection response—without the traditional reliance on periodically downloaded signatures only.

View Training

3
Safely browse and download content from the internet

The threat landscape is continually evolving for enterprise institutions. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks.

Windows Defender SmartScreen in Microsoft Edge helps to defend against downloads of malicious software, as well as phishing attacks (such as tricking users into entering passwords into a fake website) by performing reputation checks on visited sites and blocking any sites that are thought to be phishing sites. Microsoft Edge also protects against hacking attacks (running malicious code on a user’s device) through Windows Defender Application Guard, which opens untrusted sites in an isolated virtualized container separate from the host operating system, so that hackers can’t get to enterprise data even if the device is compromised.

View Training

4
Prevent malicious applications from running

Enterprise organizations also need to provide protection from determined attackers or malware that has successfully breached defenses.

Windows Defender Application Control (WDAC) flips the model from one where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. WDAC allows enterprises to leverage Microsoft’s cloud-powered Intelligent Security Graph (ISG) to automatically authorize well-known and reputable apps built from a catalog of billions of apps and binaries that run on Windows. This allows IT administrators to easily allow commonly used and prevalent software like Microsoft Office and Adobe Reader, while preventing unknown and known-bad software from running.

View Training

5
Protect against credential theft

As enterprise organizations embrace customer-centricity and new technologies that allow them to better meet their customers’ expectations for services, they need new ways to make employees more mobile and productive while still staying secure.

Windows Defender Credential Guard protects credentials from “pass-the-hash” and other advanced persistent attacks, by isolating user credentials inside a hardware-based container. Even if a device is compromised, Credential Guard isolates secrets so that only privileged system software can access them.

View Training

6
Reduce the attack surface of apps

Finally, enterprise organizations need to prevent threats (such as Office-based malicious macro code and PowerShell, VBScript, and JavaScript scripts) from using vulnerabilities to gain access to the network and devices, and prevent unknown or unauthorized apps (including ransomware encryption malware) from writing to sensitive folders, such as folders containing confidential or business-critical data.

Windows Defender Exploit Guard is a rich set of intrusion-prevention capabilities for Windows 10 that reduce the attack and exploit surface area of Windows and applications. Exploit Guard can apply exploit mitigation techniques to apps your organization uses, both individually and to all apps. Attack surface reduction rules can reduce the attack surface of your apps with intelligent rules that block the vectors used by Office-based, script-based, and mail-based malware. Network protection extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Controlled folder access also helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware.

View Training