In June 2017, Microsoft announced a number of security features coming to Windows 10 Fall Creators Update. These include the improved Windows Defender Advanced Threat Protection (ATP), which will be integrated across the entire Windows security stack to protect against malicious software. It will be able to detect and analyze threats and allow administrators to take prompt action with centralized management. A public preview of the updated Windows Defender ATP service was released today.
The key features of the updated service are as follows:
- Admins can now receive security alerts from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard in one place.
- Microsoft is bringing a simplified management experience to System Center Configuration Manager and Microsoft Intune to manage the various Windows Security products.
- Detection capabilities of Windows Defender ATP are improved. Admins can now get more info on dynamic script-based attacks, network discovery, and keylogging alerts. Microsoft has also introduced automatic detection correlation and grouping of related alerts.
- The new Security Analytics dashboard helps admins know about possible issues and actionable recommendations for improvements.
- Enterprises can now quickly create a Power BI report of their security information which will allow them to interactively analyze machines, alerts and investigation status.
The Windows Defender ATP feature is limited to the following editions of Windows 10:
- Pro Education