Easy Read Time: 3 Minutes

In Configuration Manager hierarchy, Microsoft Endpoint Protection administers antimalware policies and Windows Firewall security for client computers. Microsoft’s endpoint security platform, Microsoft Defender Advanced Threat Protection (ATP), has continuously evolved over the past few years by further enhancing existing features and adding new and innovative capabilities. Capabilities for the detection of malware can vary thus advanced solutions use multiple detection methods, from static IOCs to behavioral analysis. Endpoint protection tools are mainly cloud-managed so that operation data can be constantly tracked and processed, along with the ability to take remote remediation steps, whether the source is on the corporate network or outside the workplace.

Through the last few years, Microsoft Defender’s protection technology has evolved enormously by adding new features and enhancing existing ones. These features include:

  • Multi-layer protection
  • Threat analysis
  • New approach to vulnerability management
  • Cloud protection
  • Behavioral observation
  • Automated security
  • advance threat protection (ATP)

You get a number of advantages and features in Microsoft Defender — Advanced Threat Protection (ATP) with Configuration Manager.

What's new in Windows Defender ATP - Microsoft Security

Features and Capabilities.

You can configure antimalware policies in the Windows Firewall settings and manage advanced threat protection from Microsoft Defender to selected computer groups. It provides multi-layered security system. Microsoft Defender ATP offers multi-layered defense against file-based ransomware, malicious files, memory-based attacks and other sophisticated threats (built into the endpoint and cloud-powered). Descriptive vulnerability assessments offer near real-time insight to SecOps on how attacks impact their organizations. Microsoft used a modern approach to handle threat and risk. Real-time detection, context-based market prioritization, complex threat environment, and automated remediation processes can speed up risk reduction and misconfiguration.

Microsoft Defender provides built-in, cloud-driven protections. Real-time threat detection and protection with built-in advanced capabilities protect against widespread and targeted attacks such as phishing and malware campaigns. For behavioral detections, endpoint detection and response (EDR) sensors are integrated into Windows 10 for finer visibility into the kernel and memory, and the use of large credibility data for directories, IPs, URLs, etc. “Deployment” is as easy as it gets being integrated directly into the operating system. There is no delivery team, no glitches or reliability problems and no increased overhead cost or conflicts with other products.

Send updates via email, using tracking in terminal, and view files. These actions inform administrative users upon detection of malware on client computers. This significantly reduce the risks when identifying external attacks, improving the defenses. Microsoft Defender ATP will immediately extend Conditional access to prevent the endpoint from accessing business data until the threat has been remedied. From alerts in minutes to mitigation-at scale, Microsoft Defender ATP provides automated security and uses AI to investigate alerts automatically, determine if a threat is active, what course of action to take, and then remedy complex threats in minutes. You can also update client computers using Configuration Manager program updates to access the latest antimalware description files.

Cross platform Support:

Microsoft Defender ATP standalone is also available in the market.   After last year’s launch of Microsoft Defender Advanced Threat Protection for MacOS and Linux, Microsoft still required buyers to buy a Windows 10 E5 license if they wanted to use MD ATP. But that requirement has changed now, as a standalone MDATP SKU is available! You can go to a CSP or EA provider if you want to buy Microsoft Defender ATP, as they are not available on the retail portal.

System Requirements for Microsoft Defender ATP

Microsoft Defender ATP can be used on the following Windows platforms:

Client OS:

  • Windows 10, version 1607 or later
  • Windows 10 Enterprise
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows 7 SP1 Enterprise
  • Windows 7 SP1 Pro

Server OS:

  • Windows Server 2019
  • Windows Server 2016, version 1803
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2 SP1

However, it does not support machines running mobile versions of Windows. But those other operating systems are:

  • MacOS – The three most recent builds. Currently 10.13+ as of March 2020.
  • Linux
    • Red Hat Enterprise Linux (RHEL) 7+
    • CentOS Linux 7+
    • Ubuntu 16.04 LTS +
    • SUSE Linux Enterprise Server (SLES) 12+
    • Debian 9+
    • Oracle Enterprise Linux 7
  • Android

And since the Microsoft Defender ATP management portal is accessed through a browser, these are the supported browsers:

  • Microsoft Edge
  • Internet Explorer version 11
  • Google Chrome

For US Government Community Cloud High (GCC High) users, Microsoft Defender ATP is available as integrated into US Azure Government’s environment. But for US GCC High customers, some of its capabilities are more constrained than its commercial offering. The US GCC High currently does not have threat and vulnerability management, nor Microsoft Threat Experts. There is also a lack of additional modules and integrations with other Microsoft products.

Costing:

The latest standalone retail cost of Microsoft Defender ATP from CSP is $5.20 / month per user for up to 5 devices. A separate server SKU for MD ATP is also available which costs the same amount but is limited to a single server. The MDATP Server license is available only if you purchase a minimum of 50 seats for one of the following: Windows 10 E5 / Microsoft 365 E5 / Microsoft 365 E5 Security.

Currently, Microsoft Defender ATP has no nonprofit licensing. Yet Windows 10 E5 is just $3.30 / month for non-profits Organization’s users. This is still a lot, as it includes all the Virtualization-Based Protection which is only available in the Windows Enterprise edition. The academic price is $2.50 per user for MD ATP. Another big School Win! Currently, the MD ATP Server program is not available to EDU customers but will be ready before the new school year begins this fall.

Retail price is $11 per user per month for Windows 10 E5. As for servers, your only previous choice ” Azure Security Center license” was approximately $15 per server per month. The updated standalone pricing makes the product substantially more competitive with other on the market products for next-gen antivirus such as SentinelOne, CrowdStrike or Sohpos Intercept X.

References:

https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection

https://www.microsoft.com/security/blog/2018/11/15/whats-new-in-windows-defender-atp/