New features in the suite offer a range of new security alerts to give admins better visibility of threats in a firm's IT estate.
Microsoft has attempted to bolster its claim that Windows 10 is the most secure version of Windows yet, by introducing a slew of new features to Windows Defender ATP.
The threat detection and protection suite is available to users of the Enterprise, Pro and Education editions of Windows 10, and bundles together a range of different security-oriented services, including Defender Application Guard (WDAG), Windows Defender Device Guard, and Windows Defender Antivirus.
Windows Defender Application Guard is designed to help protect firms against online threats by adding container-based isolation to Windows 10's Edge browser, allowing it to safely contain malware so it can't spread within a company's network. Windows Defender Exploit Guard will spot and neutralize potential threats and intrusions using intelligence from the Microsoft Intelligent Security Graph.
Describing the new features in Windows Defender ATP, Raviv Tamir, principal group program manager for Windows Defender ATP, wrote: "We integrated Windows 10's new prevention technologies, enhanced our built-in sensors to better detect script-based attacks, added new response capabilities and opened up powerful analytics."
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
Security Operations teams will be able to see alerts and events from Windows Defender SmartScreen that show whether employees click on URLs after receiving a warning message, see Windows Defender Device Guard events detailing attempts to run unauthorized applications, see applications blocked or audited by the Windows Defender Exploit Guard protection rules, and view security events and alerts information for sessions taking place within the Windows Defender Application Guard isolated containers.
Microsoft is also simplifying and centralizing how System Center Configuration Manager, starting with version 1710, and Microsoft Intune manage the various products in the Windows security stack.
The firm is promising better detection and alert capabilities, with more data available to help security teams to understand what triggered an alert, as well as automatic grouping of related alerts.
A new dashboard view, seen below, shows admins a breakdown of possible issues, including misconfigured machines, and recommended actions.
A new customized reporting option allows organizations to quickly create interactive Power BI reports to analyze machines, alerts and investigation status, while more data is being exposed via APIs, support for Windows Server 2012R2 and 2016 endpoints has been added, as has enhanced support for virtual desktops.
Microsoft has previously stated that Windows Defender ATP can help detect and stop the further spread of a ransomware, although its Windows 10 security claims have been challenged in the past, such as Windows 10S being immune to known ransomware.
Available next month following the Fall Creators Update, these new features in Windows Defender ATP can be trialled by going into navigation pane in Defender ATP and toggling on the Preview experience option under Preferences.
- Windows 10 does disable rival antivirus, admits Microsoft, but only temporarily (TechRepublic)
- Microsoft rolls out new test build of Windows 10 Fall Creators Update (ZDNet)
- Why patching Windows XP forever won't stop the next WannaCrypt (TechRepublic)
- More changes coming to Microsoft's Windows as a Service strategy (ZDNet)
- Windows 10 violates your privacy by default, here's how you can protect yourself (TechRepublic)