Gartner named Microsoft a Leader in the 2019 Gartner Magic Quadrant for Endpoint Protection Platforms positioned highest in execution.
Team looking at Microsoft Defender Advanced Threat Protection in a security control room

Microsoft Defender Advanced Threat Protection

Microsoft Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.

A complete security solution

Agentless, cloud-powered

No additional deployment or infrastructure. No delays or update compatibility issues.

Always up to date.

Unparalleled optics

Built into Windows 10 for deeper insights. Exchanges signals with the Microsoft Intelligent Security Graph.

Automated security

Take your security to a new level, by going from alert to remediation in minutes – at scale.

Synchronized defense

Microsoft 3651 shares detection and exploration – across devices, identities and information – to speed up response and recovery.

Threat & Vulnerability Management

Threat and Vulnerability Management is designed to empower security teams to discover, prioritize and remediate vulnerabilities, and misconfigurations.

Screenshot of Microsoft Defender ATP Threat & Vulnerability Management feature
Infographic of Microsoft Threat Experts feature

Microsoft Threat Experts

Microsoft Threat Experts further empowers your Security Operations Centers by providing them with deep knowledge, expert level threat monitoring, analysis, and support to identify critical threats in your unique environment.

Automation: From alert to remediation in minutes - at scale

Automatically investigate alerts and remediate complex threats in minutes. Applies industry best practices and intelligent decision-making algorithms to determine whether a threat - file or fileless - is active and what action to take.

Infographic of Microsoft Threat Experts
Laptop sitting on desk displaying Microsoft Defender center on screen

Protect your business from advanced threats

Through the power of the cloud, machine learning and behavior analytics, Microsoft Defender ATP provides connected pre-breach protection.

Network protection

Prevent network-based attacks from attacking devices.

Exploit protection

Block exploitation of unpatched vulnerabilities including zero-days.

Reputation analysis

Steer users and devices clear of files and websites with malicious reputations.


When it comes to protecting devices from web-based threats, hardware based isolation changes the game.

Application control

Change your malware defense strategy, using the power of the cloud to automate application control.


Dynamic, cloud powered intelligence, defends you against known and unknown malware threats.

Behavior monitoring

Block malicious and suspicious behaviors using advanced runtime analysis.

Attack surface reduction

Eliminate the vectors of attack adversaries depend on by reducing the total surface area of attack.

Innovative Endpoint Detection and Response (EDR)

Cyber attacks remain a serious threat. Microsoft Defender ATP detects network attacks and data breaches, and gives you the insights and tools to close incidents quickly.

Screenshot of Microsoft Defender ATP EndPoint Detection and Response (EDR)

Detecting the undetectable

Spot attacks and zero-day exploits with deep optics into the OS and by using advanced behavioral analytics and Machine Learning.

Uncover scope of breach

Visually investigate forensic evidence across your organization to easily uncover scope of breach.

Proactively hunt

Rapid access to 6 months of historical data to search and explore across endpoints.

Save time

Microsoft Defender ATP gives you the data within seconds, rather than tracking and tracing for hours.

Custom detections

Write your own detections or upload your own Indicators of Compromise (IOC) to be alerted by your own Threat Intelligence.

Interactive reports

Understand the nature of significant and emerging threats, assess impact on your environment and get recommended actions to increase security resilience.


Submit suspicious files for a deep inspection and see a full analysis report in minutes. Easily understand what the file is capable to do.

Microsoft Defender ATP helps stop breaches

The security platform for intelligent protection, detection, investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents, and improves security posture. Security and data privacy is our priority.

Microsoft Defender ATP is ISO 27001 certified.

Threat and Vulnerability Management icon

Threat & Vulnerability Management

Empowers security teams to discover, prioritize and remediate vulnerabilities, and misconfigurations.

Attack surface reduction icon

Attack surface reduction

Reduces the total surface area of attack by eliminating the exploit options and pathways that your adversaries depend on the most.

Intelligent Security Graph icon

Next generation protection

The Intelligent Security Graph provides the fuel needed to protect you from the most advanced ransomware, fileless, and other types of attacks.

Endpoint detection and response icon

Endpoint Detection & Response

Monitors behaviors, applies machine learning, and security analytics to spot attacks. Provides SecOps rich tools to investigate and respond to threats.

Auto investigation and remediation

Auto investigation & remediation

Automatically investigate alerts to determine the appropriate course of action and remediate complex threats in minutes, without human intervention.

Microsoft Threat Experts icon

Microsoft Threat Experts

Microsoft Threat Experts provide SecOps teams expert level oversight and analysis to help ensure that critical threats don’t get missed.

See what our customers are saying

Read about how Microsoft Defender ATP is making a real impact with organizations across the globe, and keeping their employees and information safe.

One solution to protect, detect, and respond to advanced attacks

Customer security is a top priority, and we know that a mix of devices doesn’t always mean Windows. So, we’ve worked with industry partners to enable Microsoft Defender ATP to detect, protect and respond to threats on macOS, Linux, iOS and Android.

Windows Servers

Windows Server 2019

Windows Server 2016 

Windows Server 2012R2

Supported platforms

Windows 10 

Windows 8.1

Windows 7 SP1


Other platforms (via partners)





Featured partners

Bitdefender company logo

Bitdefender GravityZone

Lookout company logo

Lookout Mobile Endpoint Security

SentinelOne company logo

SentinelOne Endpoint Protection

Ziften company logo

Ziften Zenith

Get started with Microsoft Defender ATP

We are continuously adding new capabilities and enhancements to our service – opt-in for public preview and be one of the first to try them out.

Discover the right Windows 10 solutions for you

Windows 10 gives you the tools and solutions to do more and stay secure. Harness the power of the cloud to reduce the complexity of managing today’s IT device environment.

Coworkers collaborating at table in open office

Coworkers collaborating at table in open office

Windows 10 Enterprise

Windows 10 Enterprise addresses the needs of large & midsize organizations, providing IT professionals with comprehensive device and app management.

Microsoft 365

A complete, intelligent solution, which brings together the best of Office 365, Windows 10 Enterprise, and Enterprise Mobility + Security, empowering everyone to be creative and work together, securely.

1 Some separate subscriptions may be required.

TM Forrester is a registered trademark and service mark of Forrester, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. The Total Economic Impact™ Of Microsoft Defender Advanced Threat Protection.