An Introduction to Microsoft Defender Advanced Threat Protection

What Is Microsoft Defender Advanced Threat Protection

Microsoft Defender Advanced Threat Protection (ATP) is a Microsoft security product designed to help enterprise-level organizations detect and respond to security threats. ATP is a preventive and post-detection survey response function for Windows Defender.

Microsoft was previously known as Windows Defender ATP (or WDATP) and renamed the product to reflect that it is now also available for other operating systems (OS), such as macOSX, Linux, and Android.

What Does Microsoft Defender Advanced Threat Protection Do?

Microsoft Defender ATP (MDATP) automatically detects and repairs advanced attacks on endpoints. It investigates the scope and potential impact of each threat, provides reports on various threats to the organization’s machines, and enables you to mitigate and eliminate threats quickly and easily using advanced tools and automation.

You need to notice that Microsoft Defender ATP is not an antivirus (AV) product. Microsoft Defender is not Microsoft Defender ATP. Microsoft Defender provides anti-malware and anti-virus functions for the Windows 10 operating system, and the ATP product is a post-invasion solution complementary to Microsoft Defender AV.

How Does Microsoft Defender ATP Work?

Microsoft Defender ATM is agentless and requires no deployment or infrastructure since it is cloud-hosted. This technology uses “endpoint behavior sensors” located in the operating system of each device.

These sensors in Windows continuously collect data and feed it back to the organization’s own Microsoft Defender cloud instance. Microsoft Defender ATP then analyzes the behavior of the code running on the organization’s computers and determines whether there is anything that appears to be a threat.

Also see:

Features of Microsoft Defender ATP

The following are the main features of Microsoft Defender Advanced Threat Protection.

  • Threat and Vulnerability Management — Real-time software inventory execution on endpoints. This information is used to detect, prioritize, and mitigate security vulnerabilities related to installed applications and missing patches.

Minimum Requirements

There are some minimum requirements for adding devices to the software.

The software requires one of the following licensing options: Windows 10 Enterprise E5, Windows 10 Education A5, Microsoft 365 E5, Microsoft 365 E5 Security, or Microsoft 365 A5.

If your want to use the software on a Windows server, you must also have one of the following licensing options on the device: Azure Security Center with Azure Defender enabled or Endpoint for Servers (one for each covered server). According to the Microsoft website, you also need Google Chrome, Internet Explorer 11, or Microsoft Edge.

Final Words

Here is all information about Windows Defender ATP. You can know what it is and how it works. Besides, you can know the functions and features of Microsoft Defender for Endpoint.

Originally published at on September 7, 2021.