Microsoft Defender Advanced Threat Protection

Device screen showing the Microsoft Defender Security Center security operations dashboard

Secure your remote workforce with Microsoft Defender ATP

With the growing number of remote work devices in organizations, we’re offering guidance, recommendations, and tips to help you stay secure, get the most out of your investment, and unlock additional tools.

A complete endpoint security solution

Microsoft Defender Advanced Threat Protection (ATP) delivers preventative protection, post-breach detection, automated investigation, and response.

Agentless*, cloud powered

No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date.

Unparalleled optics

Built on the industry’s deepest insight into Windows threats and shared signals across devices, identities, and information.

Automated security

Take your security to a new level, by going from alert to remediation in minutes—at scale.

Device screen displaying Microsoft Defender ATP Threat & Vulnerability Management dashboard

Discover vulnerabilities and misconfigurations in real time

Bring security and IT together with Microsoft Threat & Vulnerability Management to quickly discover, prioritize, and remediate vulnerabilities and misconfigurations.

Get expert-level threat monitoring and analysis

Empower your security operations centers with Microsoft Threat Experts. Get deep knowledge, advanced threat monitoring, analysis, and support to identify critical threats in your unique environment.

Device screen displaying Microsoft Defender Security Center showing a critical active threat alert
Device screen displaying Microsoft Defender ATP investigation graph

Quickly go from alert to remediation at scale with automation

Automatically investigate alerts and remediate complex threats in minutes. Apply best practices and intelligent decision-making algorithms to determine whether a threat is active and what action to take.

Block sophisticated threats and malware

Defend against never-before-seen polymorphic and metamorphic malware and fileless and file-based threats with next-generation protection.

Device screen displaying Windows Security protection history and the details of a blocked threat

See what our customers are saying

Little Potato Company logo
Christus Health logo
Euclid Program Managers logo
Petrofac logo
Metro CSG logo
Clover Imaging Group logo

Learn more about our capabilities

Protect macOS devices with Microsoft

Extend security to your Mac devices. Protect against malware and detect and respond to advanced attacks.

Streamline and integrate via APIs

Integrate Microsoft Defender ATP with your security solutions and streamline and automate security workflows with rich APIs.

Trust a market-leading antivirus

Rely on antimalware capabilities that consistently achieve high scores in independent tests.

Quickly evaluate capabilities

Fully evaluate our capabilities with a few simple clicks at the Microsoft Defender ATP evaluation lab.

Use integrated partner solutions

Complement your Microsoft security investments with our partners' solution integrations.

Take advantage of best of suite

Unique value is unlocked with the integrated Microsoft Threat Protection solution.

Interested in becoming a partner?

Learn more about how to become a partner and integrate with Microsoft Defender ATP. Use our simple, step-by-step guide to easily get started with our flexible platform and rich APIs.

Get started with Microsoft Defender ATP

Opt in for public preview to try new capabilities and enhancements.

Additional resources

Gartner Magic Quadrant report

Gartner names Microsoft a Leader in the August 2019 Magic Quadrant for Endpoint Protection Platforms.

Forrester Wave report

Microsoft is named a Leader in The Forrester WaveTM: Enterprise Detection and Response, Q1 2020.

Watch our Ignite sessions

Missed Ignite? Want to re-watch a session? Check out the recordings.

Learn more about our features

Check out the set of educational videos for Microsoft Defender ATP.

Threat and Vulnerability Management

Bring security and IT together to discover, prioritize, and resolve vulnerabilities and misconfigurations.

Attack surface reduction

Reduce the surface area of attack by eliminating exploit options and pathways adversaries depend on the most.

Next-generation protection

Protect against file based and fileless malware with machine learning and deep analysis.

Endpoint detection and response

Monitor behaviors and use machine learning and analytics to spot, investigate, and respond to threats.

Auto investigation and remediation

Automatically investigate alerts, determine the appropriate course of action, and remediate complex threats.

Microsoft Threat Experts

Provide your security operations teams expert-level oversight and analysis to help detect critical threats.


Microsoft Defender ATP is a unified endpoint security platform for preventative protection, post-breach detection, automated investigation, and response.

We offer cross-platform support via our first-party offerings and through partners:


Windows Servers: Windows Server 2019, Windows Server 2016, Windows Server 2012R2, Windows Server 2008R2.


Client platforms: Windows 10, Windows 8.1, Windows 7 SP1, macOS.


Additional platform support via partners for macOS, Linux, Android, iOS.

Our solution is cloud powered, giving you the latest protection. On Windows 10, it’s completely agentless. Unparalleled optics into the threat landscape offer better detections. Automated response empowers your security teams. Tight integration with the Microsoft Security portfolio enables protection across the entire kill chain.

Threat and Vulnerability Management.
Tools to surgically reduce the attack surface.
Next-generation protection to block threats and malware. 
Endpoint detection and response to detect advanced attacks.
Automated investigation and remediation of threats.
Managed threat-hunting service.

Threat and Vulnerability Management offers security and IT teams the ability to discover vulnerabilities and misconfigurations continuously in real time. It offers context-aware prioritization of issues and has a built-in, end-to-end remediation process.

Attack surface reduction helps to eliminate risky or unnecessary attack vectors and restricts dangerous code from running. It allows you to harden your systems and to visualize and assess the impact of implementing granular controls.

Next-generation protection offers real-time, behavioral-based protection and leverages machine learning and deep analysis to block fileless and file-based threats. It also offers runtime emulation, sandboxing, reputation analysis, and script and memory scanning.

EDR monitors behaviors and attacker techniques to detect and respond to advanced attacks in real time. It records behaviors like file and process creation and network connections, and offers proactive hunting and investigation across six months of historical data.

AutoIR leverages artificial intelligence to automatically investigate alerts and remediate complex threats in minutes. It mimics the exact steps an analyst would take, saving time and allowing your security teams to focus on the threats that matter most.

Microsoft Threat Experts is a threat-managed hunting service that provides expert-level monitoring and support to help security operation centers (SOC) respond to critical threats in their unique environment.

Centralized management and reporting allow you to assess and configure your security and quickly understand your security posture to report back to stakeholders. Rich APIs enable you to integrate solutions and streamline security workflows.

No. Our antimalware solution is one of the best in the industry, consistently achieving high scores in independent tests, demonstrating the strength of our enterprise threat protection capabilities. Check out our AV test results to see for yourself.

Yes. Through AMSI, behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender ATP can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.

Yes. Machines that can’t connect to the internet still have client-based machine learning, behavioral analysis, heuristics, fileless detection, and process monitoring for protection. Check out the in-depth guidelines for protecting disconnected devices.

Yes. Microsoft Defender ATP can scale to nearly unlimited endpoints in your organization. Some of our customers have scaled far beyond this, in some cases scaling to more than one million endpoints.

Microsoft Defender ATP is built into the operating system, therefore, it’s agentless for newer Windows versions. Since Microsoft Defender ATP is a cloud-powered endpoint security solution, there is no on-premises infrastructure required.

Starting with Windows 10 1703 and Windows Server 2019, there is nothing to install, it’s agentless. See the onboarding guidance for more information and to learn about requirements for other platforms.

Access is controlled in two ways:


Basic permissions management: Set permissions to either full access or read-only access.


Role-based access control (RBAC): Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to machine groups.

Our current certifications are: 
FedRAMP High on Azure Commercial and Azure Gov 
ISO 27001, ISO 27018, ISO 22301 
DISA L4 Accreditation

Yes, we integrate with SIEMs via an API. See the documentation to learn more. There are integration scenarios for SIEM and ticketing systems using the alerts API. You can learn more in this blog post.

Microsoft Defender ATP easily integrates with Azure AD, Azure ATP, Azure Security Center, Azure Information Protection, Microsoft Cloud App Security, Microsoft Endpoint Manager, and Office 365 ATP. It’s part of the integrated Microsoft Threat Protection experience for detection, investigation, and remediation across endpoints, email, documents, identity, and infrastructure.

1. Microsoft Defender ATP is built into Windows 10 1703 and up and Windows Server 2019. It does not require any agents to be installed on these versions.

TM Forrester is a registered trademark and service mark of Forrester, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.