MalwareTips Bot

Robot
Verified
Content Creator
This focused security investment combines the best of Windows Defender ATP and the Windows security stack. We integrated Windows 10’s new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics.

So now, let’s see what we are lighting up in more detail:

  • Windows security features working in unison – Get visibility into security alerts coming from the combined stack of Endpoint Detection and Response (EDR), Windows Defender Antivirus (AV), Windows Defender Firewall, Windows Defender SmartScreen, Windows Defender Device Guard and Windows Defender Exploit Guard. See events reported across the stack in each machine’s timeline. Here are some of the new things Security Operations (SecOps) would be able to achieve:
    • See alerts and events from Windows Defender SmartScreen that show if an employee within the company clicked on a specific URL despite receiving warning message
    • See Windows Defender Device Guard events surfacing attempts to run unauthorized applications that have been restricted from running in the organization
    • See applications blocked or audited by the Windows Defender Exploit Guard protection rules
    • See Windows Defender Antivirus detections and Windows Defender Firewall blocks
    • View security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers (Figure 1)

In addition, we are providing a centralized and simplified management experience in System Center Configuration Manager (SCCM) starting with version 1710 and Microsoft Intune to manage the various Windows Security stack products.


Application Guard detection event

  • Better detections, enhanced alerts and more power to the SoC – we continue to evolve our detection capabilities to gain more visibility into dynamic script-based attacks, network explorations, and keylogging alerts. We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert (Figure 2), introducing automatic detection correlation and grouping of related alerts. In addition, we added the ability to manage high value assets by using tags and grouping capabilities. Based on customer feedback, we are also enhancing our response capabilities, adding more granular machine isolation, ability to restrict the machine to run only trusted binaries and initiating Windows Defender AV update and scan.

Enhanced Alert view

  • Security Analytics – a new dashboard view (Figure 3) designed to assess the organization’s security posture compared to the Windows recommended baseline and shows breakdown of possible issues and actionable recommendations for improvement. This dashboard sheds light on configuration issues and provide view to machines where security features are misconfigured or out of date. Security managers can now see their org’s security posture across a wide set of Windows security stack products, as applied in reality and reported by the endpoints. The dashboard also provides view into top non-compliant machines sorted by number of issues and provide recommendation on actions to take.

Security Analytics dashboard

  • Customized reporting – organizations can now quickly create a Power BI report (Figure 4) that allows them to interactively analyze machines, alerts and investigation status. This report provides view on alerts, for example: severity and time to resolve, and machines, for example: sensor health state and OS platform, domain.

PowerBI report

  • Access your data via APIs- Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
  • More Windows sockets – we are expanding our endpoint coverage and adding support for Windows Server 2012R2 and 2016 endpoints (Figure 5). In addition, we are adding enhanced VDI support for organizations wanting to secure their desktop virtualization environment.

Windows Server Machine view


We encourage you to experience all this new goodness first hand, by joining our 90-day free trial today.

Raviv Tamir, Principal Group Program Manager, Windows Defender ATP

Source
 
5

509322

As usual, Microsoft makes an announcement that does not include a lot of pertinent details that will result in mass confusion.

This is for Windows Enterprise and Education only; it will not be shipped with Windows Home and Pro versions.

In fact, Windows Defender ATP is not included with Enterprise and Education by default. ATP requires the purchase of a subscription.

Pay attention to Microsoft's caveat:

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

They list Windows Pro and Pro Education, but ATP cannot be purchased for Pro at the home-use level. It is for enterprises and other institutions that have opted to use Windows Pro at the volume level.
 
Last edited by a moderator:
As usual, Microsoft makes an announcement that does not include a lot of pertinent details that will result in mass confusion.

This is for Windows Enterprise and Education only; it will not be shipped with Windows Home and Pro versions.

In fact, Windows Defender ATP is not included with Enterprise and Education by default. ATP requires the purchase of a subscription.

Pay attention to Microsoft's caveat:

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

They list Windows Pro and Pro Education, but ATP cannot be purchased for Pro at the home-use level. It is for enterprises and other institutions that have opted to use Windows Pro at the volume level.
As always your input is required reading, @Lockdown :). Thanks so much for this comment.
 
5

509322

As always your input is required reading, @Lockdown :). Thanks so much for this comment.
Unless Microsoft explicitly states that something will be shipped with Windows Home and Windows Pro (for consumers) you can automatically assume it will not be shipped to consumers.

And it also doesn't matter that they include features in Insider Builds. What is included in Insider Builds does not automatically mean it will be shipped to consumers. Microsoft will make features available in Insider Builds that, when the final release is made, will be disabled\not available to consumers.

The way that Microsoft makes their announcements is very deliberately crafted. They are almost never explicit about what will be made available to consumers versus commercial.

Unless MS explicitly states "Windows Home" version, you can forget it.
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Unless Microsoft explicitly states that something will be shipped with Windows Home and Windows Pro (for consumers) you can automatically assume it will not be shipped to consumers.

And it also doesn't matter that they include features in Insider Builds. What is included in Insider Builds does not automatically mean it will be shipped to consumers. Microsoft will make features available in Insider Builds that, when the final release is made, will be disabled\not available to consumers.

The way that Microsoft makes their announcements is very deliberately crafted. They are almost never explicit about what will be made available to consumers versus commercial.

Unless MS explicitly states "Windows Home" version, you can forget it.
Also, I think because of marketing, they deliberately do not state in plain sight that only enterprise people can use the new features.

"Windows 10 Fall Creators Update"... :D
 
  • Like
Reactions: Parsh
5

509322

"Windows 10 Fall Creators Update"... :D
This is all that the average person who goes to a MS announcement page bothers to read. Without investigating any further, they automatically jump onto a security forum and start the nonsense "Windows Defender is becoming awesome," "Windows 10 is becoming a security vault," "Microsoft is protecting us, we are set" blah, blah, blah.
 
  • Like
Reactions: Parsh and XhenEd

XhenEd

Level 27
Verified
Trusted
Content Creator
This is all that the average person who goes to a MS announcement page bothers to read. Without investigating any further, they automatically jump onto a security forum and start the nonsense "Windows Defender is becoming awesome," "Windows 10 is becoming a security vault," "Microsoft is protecting us, we are set" blah, blah, blah.
And I think that's what MS wants, thus the non-specificity of the OS type. :D
 
  • Like
Reactions: Parsh
5

509322

And I think that's what MS wants, thus the non-specificity of the OS type. :D
Whatever the reasons, if an announcement does not explicitly state "Windows Home" then you can be more than reasonably confident that consumers will not get whatever has been announced.

If something is announced through the official MS blogs, TechNet, MSDN, etc - typically it applies to commercial Windows and not consumer.
 
  • Like
Reactions: XhenEd
5

509322

@XhenEd

Did you know that an Enterprise version of Windows first requires that you purchase a Pro version of Windows ?

Enterprise is not a distinct Windows license, it is an upgrade license to Windows Pro.

Then, there are a slew of add-on modules and subscription services for Enterprise\volume licenses that require their own separate purchase.

By the time it is all said and done, a single workstation can easily have $500+ in Windows licensing\subscription fees alone.
 
  • Like
Reactions: Parsh and XhenEd

XhenEd

Level 27
Verified
Trusted
Content Creator
@XhenEd

Did you know that an Enterprise version of Windows first requires that you purchase a Pro version of Windows ?

Enterprise is not a distinct Windows license, it is an upgrade license to Windows Pro.

Then, there are a slew of add-on modules and subscription services for Enterprise\volume licenses that require their own separate purchase.

By the time it is all said and done, a single workstation can easily have $500+ in Windows licensing\subscription fees alone.
Wow! Thanks for the info, @Lockdown! :)

No wonder MS is very wealthy. So much subscription...