Translated by

Microsoft Defender ATP Advanced Threat Protection

The name of the base system (platform): Windows 10
Developers: Microsoft
Technology: SaaS - The software as service,  cybersecurity - Information management and events in a security system (SIEM)


Windows Defender Advanced Threat Protection is a cloud service for check of the facts of the attacks to corporate networks and protection recovery.


Microsoft released an antivirus for Linux

The Microsoft corporation released in June the public version of the solution in the field of security of Defender Advanced Threat Protection (ATP) for operating systems based on Linux kernel.

Defender ATP includes an antivirus, the mechanism of identification of network invasions, the system of protection against operation of vulnerabilities, means of expanded isolation, additional resources of management of applications and the system of identification of potentially harmful activity.

The solution can be used for identification of already perfect attacks to corporate networks and assistance to system administrators in acceptance of response measures. So it, including, helps to liquidate effects when all other levels of protection of network by hackers were overcome.

The first release for Linux supports the command line interface using which it is executed, in particular setup of the mechanism of management of threats and start of scanning of a system regarding the malware.

Defender ATP for Linux supports the following server Linux distribution kits: RHEL 7.2+, Ubuntu 16 LTS and newer, SLES 12+, Debian 9+ and also Oracle Linux 7.2.


Availability of Microsoft Threat Experts service

On November 1, 2019 Microsoft announced availability of Microsoft Threat Experts service to clients of the Microsoft Defender ATP platform. Now all subscribers of the platform will be able to get individual advice of experts of Microsoft on cyber security and access to analytical data on modern threats.

In cases when rapid response to a non-staff situation is required, users in one click will be able to activate service Incident Response (IR) for immediate prevention of the attacks.

Within Microsoft Threat Experts clients will be able to receive:

  • The additional comments explaining the prime cause of the arisen threat and a preliminary estimate of its scale;
  • The analysis of a status of the technical park and the recommendation about actions in case of collision with potential threat;
  • Determination of possible risks and necessary degree of protection against other types of the attacks;
  • Seamless transition to service of immediate response to threats (IR), when necessary.

The combination of individual consultations of experts and the system of notifications about threats do Microsoft Threat Experts by the complete solution for prevention of threats providing the additional level of protection of the organizations.

Microsoft will rename Windows Defender ATP into Microsoft Defender ATP

Representatives of Microsoft announced expansion of the platform for fight against cyberthreats of Windows Defender ATP for interaction with systems other than Windows. In conflict avoidance with other ecosystems the company decided to rename Windows Defender ATP into Microsoft Defender ATP. Though changes did not concern the platform for personal computers based on Windows 10, in the future the name Microsoft Defender ATP will be unified for all systems, Windows Latest writes in July, 2019.

Microsoft developers are in process of implementation of Microsoft Defender in updating of Windows 10 20H1 which release is planned for April, 2020. Process of replacement of the name Windows Defender ATP by Microsoft Defender ATP already began. In recently provided assembly of Windows 10 20H1 at number 18941 some Windows Defender components were changed. For example, Microsoft Defender Exploit Guard became Windows Defender Exploit Guard.

Despite rebranding, functionality of Windows Defender ATP remains invariable, however, it is possible that in the future the platform will have enhanced capabilities.

Submission of Microsoft Threat Experts

On March 1, 2019 Microsoft presented the solution for business information security support. The solution Microsoft Threat Experts will allow the companies to ask directly specialists of Microsoft for the help and examination in this area.

Microsoft Threat Experts

Using Microsoft Threat Experts which appeared in Windows Defender Advanced Threat Protection (ATP), the companies will be able anonymously to send the data to specialists of Microsoft for detection of cyberthreats, including advanced threats, for example, cyber espionage. In case of detection of problems experts send the warning which is individually configured for each company. At emergence of difficulties the staff of the organizations will be able to address directly experts of Microsoft using the Ask a Question to the Expert button. They will also be able to help business to estimate a risk degree and to pick up necessary instruments of protection against malefactors, the last methods of the attacks and harmful campaigns.

According to a recent research, by 2021 the staff deficit in the field of cybersecurity will be 3.5 million people. At the same time cybercriminals do not stay idle, their methods become more and more sophisticated. We understand that to the organizations extremely difficult constantly to resist to modern cyberthreats. For this reason we create solutions based on cloud computing and AI to expand possibilities of specialists of information security and to help the companies to increase cybersecurity level.

2016: Announcement of Windows Defender Advanced Threat Protection service

On March 1, 2016 Microsoft provided a cloud service of Windows Defender Advanced Threat Protection which, according to the company, can become an incentive for transition of commercial clients to Windows 10. Service works [1] only to Windows 10 Microsoft].

Screenshot of an application window (2016)

The product Windows Defender Advanced Threat Protection ("protection against difficult security risks") is intended for identification of already perfect attacks to corporate networks and assistance to system administrators in acceptance of response measures: it helps to liquidate effects of invasions when all types of protection of network could not hold hackers.


Windows Defender ATP it is capable to detect traces of invasions and to remember them within six last months. He reports:

  • using what the attack is made
  • on what devices,
  • why means of protecting did not work.

As a result the service recommends the actions necessary for recovery of protection and mitigation of consequences.

Anonymous information comes to a cloud of Windows Defender ATP from sources:

  • more than 1 billion Windows devices,
  • 2.5 trillion web pages
  • 600 million nodes of check of reputation.

Daily the service receives analysis results more than 1 million suspicious files.

The service uses machine learning and as the technology does not provide to 100% accuracy, the instructions Windows Defender ATP have advisory nature. Administrators are free to make independently the decision on taking measures, having estimated information available to them.
Terry Myerson, executive vice president of Microsoft Windows and Devices Group

According to the statement of Microsoft for media, for March 1, 2016 service works in a status of the closed testing for 500 thousand devices running Windows 10. During 2016 the company is going to give an opportunity of participation in testing to the bigger number of the organizations. When in Microsoft did not specify. Date of full-scale start of service is unknown.


  1. [ provided a cloud service for protection against the hacker attacks