Microsoft Defender Advanced Threat Protection (ATP) has a broad range of endpoint security capabilities to prevent, detect, investigate and respond to advanced threats targeting enterprise networks. These bad actors use increasingly creative and sophisticated attacks. The growing complexity of attacks and broadening digital estate render any attack surface nearly impossible to protect. The Microsoft Defender ATP endpoint security solution detects evasive attacks, proactively addresses security on a continuum, and delivers a big picture view of threat context.

The platform includes vulnerability and secure configuration assessments that continuously evaluate existing weakness in an integrated way so they prioritize risk according to impact and overall exposure. Various security controls create a foundation for applications which then anticipate the impact that new controls may have on business operations, should teams decide to implement them.

Microsoft Defender ATP has a simple enough management interface to navigate, especially for those already familiar with other Microsoft services, such as Azure and Office 365. Users may choose from multiple dashboards, ensuring that ATP displays information in a way that suits the needs of individual organizations and that maximizes their task and operational efficiency. The Security Operations Dashboard offers a unique aggregation of alerts and active threats within the network, highlighting the riskiest machines and users, while the Threat and Vulnerability Management Dashboard gives robust at-a-glance information.

The Exposure Score widget comes preconfigured out-of-the-box so that it can immediately paint an accurate picture of threat incidents. Existing exploits and breach insights help inform smart prioritization mechanisms about current system risks. These smart prioritization mechanisms can then draw parallels between all security alerts and their associated vulnerabilities. Advanced analytics connect the dots between and within attacks to show analysts the history of malicious behaviors that suspicious files have conducted on their environments.

The platform has automated investigation capabilities that go into motion as soon as the system crosses a predetermined alert threshold. Organizations looking for a more hands-on approach to response may adjust their threshold settings to include the human interaction option. The Alerts Queue streamlines manual investigations with several filters to surface alerts efficiently from several detection sources. ATP also gives helpful, plain English descriptions of threats and their root causes so that even non-security professionals may understand them.

Overall, security pros will find Microsoft Defender ATP a holistic, unified endpoint security solution that addresses the entire set of security capabilities necessary to protect against the modern threat landscape. This product is agent-free and operationally lightweight. Those who already enjoy other Microsoft products should give this endpoint solution additional consideration. Microsoft Defender ATP empowers security teams to scale to the ever-growing number of threats and defend their organizations effectively without likewise drowning them in alerts.

Pricing starts at $57 per user, per month and includes 24/7 phone, email, and website support. Additional support options are available for a fee. Organizations have access to a knowledgebase with blogs, videos and training programs. And because of the company’s expansive customer base and product lines, Microsoft has simplified its troubleshooting features so that users may have their questions answered quickly and easily. There’s no shortage of online troubleshooting material.   

Written by Katelyn Dunn

Tested by Tom Weil