Defender definition updates

%3CLINGO-SUB%20id%3D%22lingo-sub-1364780%22%20slang%3D%22en-US%22%3EDefender%20definition%20updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1364780%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All.%20Been%20using%20Defender%20ATP%20for%20a%20few%20weeks%20now%2C%20I%20have%20two%20questions.%3CBR%20%2F%3E%3CBR%20%2F%3E1)%20Do%20definitions%20updates%20still%20need%20to%20be%20pushed%20to%20the%20PC's%20via%20my%20SCCM%20patching%20system%20or%20does%20ATP%20take%20care%20of%20those%20and%20distribute%20them%20to%20registered%20clients%3F%3CBR%20%2F%3E2)%20Are%20there%20any%20recommended%20books%2C%20courses%2C%20or%20resources%20available%20to%20learn%20more%20about%20ATP%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1378943%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20definition%20updates%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1378943%22%20slang%3D%22en-US%22%3ESCCM%20(SCEP)%20is%20only%20needed%20for%20%22down%20level%22%20operating%20systems%20such%20as%20Windows%20Server%202012%20R2%20and%20older%2C%20or%20Windows%207%20or%208.1.%3CBR%20%2F%3EBeginning%20in%20Windows%2010%20and%20Windows%20Server%202016%2C%20Microsoft%20Defender%20is%20natively%20built%20into%20the%20operating%20system%2C%20so%20there%20is%20no%20need%20to%20have%20a%20SCEP%20agent%20deployed%20to%20manage%20AV%20definitions.%3CBR%20%2F%3EBut%20yes%2C%20SCEP%20is%20required%20for%20older%20OS%2C%20and%20therefore%20you%20need%20SCCM%20to%20distribute%20definition%20updates%20to%20those%20operating%20systems.%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20learn%20more%20about%20MDATP%2C%20here%20are%20some%20of%20the%20available%20resources.%3CBR%20%2F%3E%3CBR%20%2F%3EMicrosoft%20Product%20Group%20Webinar%20on%20April%202nd%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FU7jWbXx_bmE%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fyoutu.be%2FU7jWbXx_bmE%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20were%2018%20MDATP%20Sessions%20at%20Ignite%20that%20you%20can%20watch%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmyignite.techcommunity.microsoft.com%2Fsessions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyignite.techcommunity.microsoft.com%2Fsessions%3C%2FA%3E%20(Search%20for%20Defender)%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20Resources%20on%20Github%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Falexverboon%2FMDATP%23microsoft-blog-posts-on-microsoft-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Falexverboon%2FMDATP%23microsoft-blog-posts-on-microsoft-advanced-threat-protection%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20Documentation%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20Best%20Practices%20(My%20article)%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.thecloudtechnologist.com%2Fmdatp-best-practices%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.thecloudtechnologist.com%2Fmdatp-best-practices%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20PowerShell%20Module%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Falexverboon%2FPSMDATP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Falexverboon%2FPSMDATP%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20Tutorials%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsecuritycenter.windows.com%2Ftutorials%2Fall%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecuritycenter.windows.com%2Ftutorials%2Fall%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20Training%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Flearn%2Fmodules%2Fm365-security-threat-protect%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Flearn%2Fmodules%2Fm365-security-threat-protect%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EMDATP%20Blog%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-atp%2Fbg-p%2FMicrosoftDefenderATPBlog%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-atp%2Fbg-p%2FMicrosoftDefenderATPBlog%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3ECertification%20Track%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fmicrosoft-365%2Fpartners%2Ftech-hub%2Fsecurity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fmicrosoft-365%2Fpartners%2Ftech-hub%2Fsecurity%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi All. Been using Defender ATP for a few weeks now, I have two questions.

1) Do definitions updates still need to be pushed to the PC's via my SCCM patching system or does ATP take care of those and distribute them to registered clients?
2) Are there any recommended books, courses, or resources available to learn more about ATP?

Thanks 

1 Reply
SCCM (SCEP) is only needed for "down level" operating systems such as Windows Server 2012 R2 and older, or Windows 7 or 8.1.
Beginning in Windows 10 and Windows Server 2016, Microsoft Defender is natively built into the operating system, so there is no need to have a SCEP agent deployed to manage AV definitions.
But yes, SCEP is required for older OS, and therefore you need SCCM to distribute definition updates to those operating systems.

To learn more about MDATP, here are some of the available resources.

Microsoft Product Group Webinar on April 2nd:
https://youtu.be/U7jWbXx_bmE

There were 18 MDATP Sessions at Ignite that you can watch:
https://myignite.techcommunity.microsoft.com/sessions (Search for Defender)

MDATP Resources on Github:
https://github.com/alexverboon/MDATP#microsoft-blog-posts-on-microsoft-advanced-threat-protection

MDATP Documentation:
https://docs.microsoft.com/en-us/windows/security/threat-protection/

MDATP Best Practices (My article)
https://www.thecloudtechnologist.com/mdatp-best-practices/

MDATP PowerShell Module
https://github.com/alexverboon/PSMDATP

MDATP Tutorials
https://securitycenter.windows.com/tutorials/all

MDATP Training
https://docs.microsoft.com/en-us/learn/modules/m365-security-threat-protect/

MDATP Blog
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog

Certification Track
https://www.microsoft.com/microsoft-365/partners/tech-hub/security