{"id":86587,"date":"2018-11-13T09:00:55","date_gmt":"2018-11-13T17:00:55","guid":{"rendered":""},"modified":"2025-12-15T13:53:19","modified_gmt":"2025-12-15T21:53:19","slug":"the-evolution-of-microsoft-threat-protection-november-update","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/","title":{"rendered":"The evolution of Microsoft Threat Protection, November update"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">At Ignite 2018, we <a href=\"https:\/\/myignite.techcommunity.microsoft.com\/sessions\/64344?source=sessions#ignite-html-anchor\">announced<\/a> Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure (Figure 1).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The foundation of the solution is the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noopener\">Microsoft Intelligent Security Graph<\/a>, which correlates 6.5 <strong><em>trillion signals daily from email alone<\/em><\/strong> and enables:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Powerful machine learning developed by Microsoft\u2019s <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2017\/05\/14\/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack\/\">3500 in-house security specialists<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\">Automation capabilities for enhanced hunting, investigation, and remediation\u2014helping reduce burden on IT teams<\/li>\n\n\n\n<li class=\"wp-block-list-item\">Seamless integration between disparate services<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"594\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-1-1024x594.png\" alt=\"Microsoft Threat Protection provides an integrated solution securing the modern workplace\" class=\"wp-image-86593\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-1-1024x594.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-1-300x174.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-1-768x446.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-1.png 1429w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 1: Microsoft Threat Protection provides an integrated solution securing the modern workplace<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Today, we revisit some of the solution capabilities announced at Ignite and provide updates on significant enhancements made since September. Engineers across teams at Microsoft are collaborating to unlock the full, envisioned potential of Microsoft Threat Protection. Throughout this journey, we want to keep you updated on its development.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"services-in-microsoft-threat-protection\">Services in Microsoft Threat Protection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft Threat Protection leverages the unique capabilities of different services to secure several attack vectors. Table 1 summarizes the services in the solution. As each individual service is enhanced, so too is the overall solution.<\/p>\n\n\n\n<figure class=\"wp-block-table table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Attack vector<\/strong><\/td><td><strong>Services<\/strong><\/td><\/tr><tr><td>Identities<\/td><td><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/active-directory\/?&amp;OCID=AID719825_SEM_hNzcjcap&amp;lnkd=Bing_Azure_Brand&amp;msclkid=7e5b643f7a14179cdd383f9ec06b60f3&amp;dclid=CJuOicCIxt0CFcYDrQYdC24IHg\">Azure Active Directory Identity Protection<\/a>\n<p><a href=\"https:\/\/azure.microsoft.com\/en-us\/features\/azure-advanced-threat-protection\/\">Azure Advanced Threat Protection<\/a><\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/information-protection?&amp;OCID=AID720916_SEM_QtKHjo04\">Microsoft Cloud App Security<\/a><\/p>\n<\/td><\/tr><tr><td>Endpoints<\/td><td><a href=\"https:\/\/www.microsoft.com\/en-us\/WindowsForBusiness\/windows-atp\">Windows Defender Advanced Threat Protection<\/a>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/software-download\/windows10\">Windows 10<\/a><\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/cloud-platform\/microsoft-intune\">Microsoft Intune<\/a><\/p>\n<\/td><\/tr><tr><td>User data<\/td><td><a href=\"https:\/\/products.office.com\/en-us\/exchange\/exchange-email-security-spam-protection\">Exchange Online Protection<\/a>\n<p><a href=\"https:\/\/products.office.com\/en-us\/exchange\/online-email-threat-protection\">Office 365 Advanced Threat Protection<\/a><\/p>\n<p><a href=\"https:\/\/portal.office.com\/signup\/logout?OfferId=d49e8fa3-0b3f-4541-9ae4-705740326f6a\">Office 365 Threat Intelligence<\/a><\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/WindowsForBusiness\/windows-atp\">Windows Defender Advanced Threat Protection<\/a><\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/information-protection?&amp;OCID=AID720916_SEM_QtKHjo04\">Microsoft Cloud App Security<\/a><\/p>\n<\/td><\/tr><tr><td>Cloud apps<\/td><td><a href=\"https:\/\/products.office.com\/en-us\/exchange\/exchange-email-security-spam-protection\">Exchange Online Protection<\/a>\n<p><a href=\"https:\/\/products.office.com\/en-us\/exchange\/online-email-threat-protection\">Office 365 Advanced Threat Protection<\/a><\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/information-protection?&amp;OCID=AID720916_SEM_QtKHjo04\">Microsoft Cloud App Security<\/a><\/p>\n<\/td><\/tr><tr><td>Infrastructure<\/td><td>Use one solution, <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/security-center\/\">Azure Security Center<\/a>, to protect all your workloads, including SQL, Linux, and Windows, in the cloud and on-premises.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Table 1: Services in Microsoft Threat Protection securing the modern workplace attack vectors<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"strengthening-identity-security\">Strengthening identity security<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">By fully integrating <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Secure-your-hybrid-cloud-environments-with-Azure-AD-Identity\/ba-p\/262400\">Azure Active Directory Identity Protection (Azure AD Identity Protection)<\/a> with Azure Advanced Threat Protection (Azure ATP) (Figure 2),&nbsp;<span style=\"font-size: 1.4rem;\">Microsoft Threat Protection is <\/span><span style=\"font-size: 1.4rem;\">able to strengthen identity security.<\/span>&nbsp;Azure AD Identity Protection uses dynamic intelligence and machine learning to automatically protect and detect against identity attacks. Azure ATP is a cloud-powered service leveraging machine learning to help detect suspicious behavior across hybrid environments from various types of advanced external and insider cyberthreats. The integration of the two enables IT teams to manage identities <em>and<\/em> perform security operations functions through a unified experience that was previously impossible. The integration allows SecOps investigations of risky users between the two products through a single pane of glass. We will start offering customers this integrated experience over the next few weeks.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"564\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-2-v2-1024x564.png\" alt=\"Figure 2: Integrating Azure ATP with the Azure AD Identity Protection console\" class=\"wp-image-86614\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-2-v2-1024x564.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-2-v2-300x165.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-2-v2-768x423.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-2-v2.png 1437w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 2: Integrating Azure ATP with the Azure AD Identity Protection console<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enhanced-security-for-the-endpoint\">Enhanced security for the endpoint<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Figure 3 illustrates how Microsoft Threat Protection addresses specific customer challenges.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-3-1024x576.png\" alt=\"Figure 3: Microsoft Threat Protection is built to address specific customer challenges\" class=\"wp-image-86599\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-3-1024x576.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-3-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-3-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-3.png 1429w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 3: Microsoft Threat Protection is built to address specific customer challenges<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Automation is a powerful capability, promising greater control and shorter threat resolution times even as the digital estate expands. We <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/Automating-investigation-and-response-for-memory-based-attacks\/m-p\/276354#M146\">recently demonstrated<\/a> our focus on automation by adding automated investigation and remediation capabilities for memory-based\/file-less attacks in our industry leading endpoint security service, <a href=\"https:\/\/www.microsoft.com\/en-us\/WindowsForBusiness\/windows-atp\">Windows Defender Advanced Threat Protection (Windows Defender ATP)<\/a>. Now the service can leverage automated memory forensics to incriminate malicious memory regions and perform required in-memory remediation actions. The unique new capability enables fully automated investigations and resolution flow for&nbsp;memory-based attacks, going beyond simply alerting and saving security teams precious time of manual memory forensic effort.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Figure 4 shows the investigation graph of an ongoing investigation in the Windows Defender Security Center. To enable the new feature, <a href=\"https:\/\/securitycenter.windows.com\/preferences2\/integration\">run the October 2018 update of Windows 10 and enable the preview features<\/a>. The capability was released earlier this year and can now mark your alerts as resolved automatically once automation successfully remediates the threat.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"462\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-4v2-1024x462.png\" alt=\"Figure 4: Investigation graph of ongoing investigation in Windows Defender Security Center\" class=\"wp-image-86617\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-4v2-1024x462.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-4v2-300x135.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-4v2-768x347.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-4v2.png 1433w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 4: Investigation graph of ongoing investigation in Windows Defender Security Center<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"elevating-user-data-and-cloud-app-security\">Elevating user data and cloud app security<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft Threat Protection secures user data by leveraging Office 365 threat protection services, including <a href=\"https:\/\/products.office.com\/en-us\/exchange\/online-email-threat-protection\">Office 365 Advanced Threat Protection (Office 365 ATP)<\/a>, which provides best-in-class security in Office 365 against advanced threats to email, collaboration apps, and Office clients. We <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Enhanced-User-Experience-for-Office-365-Advanced-Threat\/ba-p\/201121\">recently launched Native-Link Rendering<\/a>, (Figure 5)\u2014for both the Outlook Client and the Outlook on the Web application\u2014enabling users to view the destination URL for links in email. This allows users to make an informed decision before clicking through. This feature was a high demand request from customers who educate users on spotting suspicious links in email and we\u2019re excited to deliver on it. Office 365 ATP is the only email security service for Office 365 offering this powerful feature.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"614\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-5-1024x614.png\" alt=\"Figure 5: Native Link Rendering user experience in Office 365 ATP user\" class=\"wp-image-86605\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-5-1024x614.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-5-300x180.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-5-768x460.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-5.png 1430w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 5: Native Link Rendering user experience in Office 365 ATP user<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Enhancements have also been made in securing cloud apps, beginning with the <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Microsoft-Cloud-App-Security-and-Windows-Defender-ATP-better\/ba-p\/263265\">integration between Microsoft Cloud App Security and Windows Defender ATP<\/a>. Now, <a href=\"https:\/\/www.microsoft.com\/en-us\/cloud-platform\/cloud-app-security\">Microsoft Cloud App Security<\/a> leverages signal from Windows Defender ATP monitored endpoints, enabling discovery and recovery from unsupported cloud service (shadow IT) usage. <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB\/ba-p\/276401\">More<\/a> <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB\/ba-p\/276401\">recently<\/a>, <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB\/ba-p\/276401\">Microsoft Cloud App Security<\/a> further helps reduce impact from shadow IT by providing granular visibility into <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB\/ba-p\/276401\">Open Authentication (OAuth) application permissions<\/a> that have access to Office 365, G Suite, and Salesforce data. OAuth apps are a newer attack vector often leveraged in phishing attacks, where attackers trick users into granting access to rogue applications. In the managing apps view (Figure 6), admins see a full list of both permissions granted to an OAuth app and the users granting the apps access. The permission level details help admins decide which apps users can continue to have access and which ones will have access revoked.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-6-v2-1024x682.png\" alt=\"Figure 6: Microsoft Cloud App Security apps permission management view\" class=\"wp-image-86620\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-6-v2-1024x682.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-6-v2-300x200.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/The-evolution-of-Microsoft-Threat-Protection-6-v2-768x512.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Figure 6: Microsoft Cloud App Security apps permission management view<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"experience-the-evolution-of-microsoft-threat-protection\">Experience the evolution of Microsoft Threat Protection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Take a moment to <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\">learn more about Microsoft Threat Protection<\/a> and&nbsp;read our&nbsp;<a class=\"x-hidden-focus\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/the-evolution-of-microsoft-threat-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">monthly updates<\/a>.&nbsp;&nbsp;<a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/telit-professional-services-microsoft-365\">Organizations<\/a> have already transitioned to Microsoft Threat Protection and <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/SecOps-is-more-effective-thanks-to-Microsoft-Windows-Defender\/m-p\/272925#M145\">partners<\/a> are leveraging its powerful capabilities. Start your trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/winatpregistration-prd.trafficmanager.net\/UserAgreement?wt.mc_id=AID702266_QSG_245679&amp;ocid=AID702266_QSG_245679\">Windows Defender ATP trial<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/signup.microsoft.com\/signup\/logout?OfferId=101bde18-5ffb-4d79-a47b-f5b2c62525b3&amp;dl=ENTERPRISEPREMIUM&amp;culture=en-US&amp;country=US&amp;ali=1\">Office 365 E5 trial<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/portal.office.com\/signup\/logout?OfferId=87dd2714-d452-48a0-a809-d2f58c4f68b7&amp;ali=1\">Enterprise Mobility + Security (EMS) suite E5 trial<\/a><\/li>\n\n\n\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/account.azure.com\/signup?offer=ms-azr-0044p&amp;appId=102&amp;ref=azureplat-generic&amp;redirectURL=https%3a%2f%2fazure.microsoft.com%2fen-us%2fget-started%2fwelcome-to-azure%2f&amp;l=en-us&amp;correlationId=27471f9c-5084-45dc-8dd7-8e967de58165\">Azure Security Center trial<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Learn about the latest enhancements to Microsoft Threat Protection, the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.<\/p>\n","protected":false},"author":61,"featured_media":88369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","ms-ems-related-posts":[],"footnotes":""},"post_tag":[],"threat-intelligence":[],"content-type":[3662],"job-role":[],"product":[3690,3691,3694,3702,3703],"topic":[3667,3673],"coauthors":[1916],"class_list":["post-86587","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","product-microsoft-defender","product-microsoft-defender-for-cloud","product-microsoft-defender-for-endpoint","product-microsoft-entra","product-microsoft-entra-id","topic-cloud-security","topic-identity-and-access-management","review-flag-1694638265-576","review-flag-1694638265-83","review-flag-1-1694638265-354","review-flag-2-1694638266-864","review-flag-3-1694638266-241","review-flag-4-1694638266-512","review-flag-5-1694638266-171","review-flag-6-1694638266-691","review-flag-lever-1694638263-909","review-flag-machi-1694638272-641","review-flag-new-1694638263-340"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The evolution of Microsoft Threat Protection, November update | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The evolution of Microsoft Threat Protection, November update | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Learn about the latest enhancements to Microsoft Threat Protection, the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-13T17:00:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-15T21:53:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png\" \/>\n\t<meta property=\"og:image:width\" content=\"440\" \/>\n\t<meta property=\"og:image:height\" content=\"268\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Security Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security Team\"}],\"headline\":\"The evolution of Microsoft Threat Protection, November update\",\"datePublished\":\"2018-11-13T17:00:55+00:00\",\"dateModified\":\"2025-12-15T21:53:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\"},\"wordCount\":989,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png\",\"articleSection\":[\"AI and machine learning\",\"Automation\",\"Azure Information Protection\",\"Cybersecurity\",\"Evolution of Microsoft Threat Protection\",\"Microsoft Defender for Cloud Apps\",\"Microsoft Intelligent Security Graph\",\"Microsoft Intune\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\",\"name\":\"The evolution of Microsoft Threat Protection, November update | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png\",\"datePublished\":\"2018-11-13T17:00:55+00:00\",\"dateModified\":\"2025-12-15T21:53:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png\",\"width\":440,\"height\":268,\"caption\":\"MTP November update\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The evolution of Microsoft Threat Protection, November update\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/a385e64377ec1eb81d3bd7f9839f060b\",\"name\":\"Microsoft Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/0242738c3da64c97e705834683728e774a3f4e29c071681ed74a68e3a671d270?s=96&d=microsoft&r=gea2dea4ce5dbbbe4077dc25334909eb7\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0242738c3da64c97e705834683728e774a3f4e29c071681ed74a68e3a671d270?s=96&d=microsoft&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0242738c3da64c97e705834683728e774a3f4e29c071681ed74a68e3a671d270?s=96&d=microsoft&r=g\",\"caption\":\"Microsoft Security\"},\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mssecurity\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The evolution of Microsoft Threat Protection, November update | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/","og_locale":"en_US","og_type":"article","og_title":"The evolution of Microsoft Threat Protection, November update | Microsoft Security Blog","og_description":"Learn about the latest enhancements to Microsoft Threat Protection, the premier solution for securing the modern workplace across identities, endpoints, user data, apps, and infrastructure.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/","og_site_name":"Microsoft Security Blog","article_published_time":"2018-11-13T17:00:55+00:00","article_modified_time":"2025-12-15T21:53:19+00:00","og_image":[{"width":440,"height":268,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png","type":"image\/png"}],"author":"Microsoft Security Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Security Team","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-secure-blog-staff\/","@type":"Person","@name":"Microsoft Security Team"}],"headline":"The evolution of Microsoft Threat Protection, November update","datePublished":"2018-11-13T17:00:55+00:00","dateModified":"2025-12-15T21:53:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/"},"wordCount":989,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png","articleSection":["AI and machine learning","Automation","Azure Information Protection","Cybersecurity","Evolution of Microsoft Threat Protection","Microsoft Defender for Cloud Apps","Microsoft Intelligent Security Graph","Microsoft Intune"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/","name":"The evolution of Microsoft Threat Protection, November update | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png","datePublished":"2018-11-13T17:00:55+00:00","dateModified":"2025-12-15T21:53:19+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/01\/OfficeNews_SecurityBlog_Nov_Blog.png","width":440,"height":268,"caption":"MTP November update"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"The evolution of Microsoft Threat Protection, November update"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/a385e64377ec1eb81d3bd7f9839f060b","name":"Microsoft Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0242738c3da64c97e705834683728e774a3f4e29c071681ed74a68e3a671d270?s=96&d=microsoft&r=gea2dea4ce5dbbbe4077dc25334909eb7","url":"https:\/\/secure.gravatar.com\/avatar\/0242738c3da64c97e705834683728e774a3f4e29c071681ed74a68e3a671d270?s=96&d=microsoft&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0242738c3da64c97e705834683728e774a3f4e29c071681ed74a68e3a671d270?s=96&d=microsoft&r=g","caption":"Microsoft Security"},"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mssecurity\/"}]}},"bloginabox_animated_featured_image":null,"bloginabox_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/86587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=86587"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/86587\/revisions"}],"predecessor-version":[{"id":144558,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/86587\/revisions\/144558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/88369"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=86587"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/post_tag?post=86587"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=86587"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=86587"},{"taxonomy":"job-role","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/job-role?post=86587"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/product?post=86587"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=86587"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=86587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}