WDATP September 2018 preview features are out!
Published Sep 05 2018 08:49 AM 13.5K Views


Listening to customer feedback and improving the day to day life of security operation teams are one of the core pillars of how we build the Windows Defender ATP service and how we operate across our engineering and research teams. With that in mind, we are excited to roll out today a new set of Windows Defender ATP features that enhance key aspects of the service, based heavily on what we heard from you.


The new features below are part of the Windows Defender ATP September 2018 preview program and are available for you to try today.  Here’s how to check and enable preview features on your Windows Defender ATP tenant. Not yet an Windows Defender ATP customer, but interested to try the new features? Sign up for a trial tenant here.


So, what's new?


Threat Analytics



Threat Analytics is a set of interactive reports on significant and emerging attack campaigns that fuses organizational risk analytics with threat intelligence.  This powerful tool equips security operations teams with real-time information that helps them understand the nature of the threat, assess impact on their environment and provides recommended actions to increase security resilience, like guidance on prevention, or containment of the threat. 


See the new Threat analytics dashboard in the portal or check out the documentation


Custom detection (a.k.a Scheduled queries for advanced hunting)



We heard your feedback. You liked our advanced hunting feature, but asked for the ability to generate custom alerts based on your own queries. You got it!

You can now schedule the execution of advanced hunting queries and generate custom alerts.


Try it out using our new ‘Advanced Hunting’ tutorial scenario or see instructions for creating custom detections here


MCAS integration



Microsoft Cloud App Security (MCAS) can now leverage Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all WDATP monitored machines.  


WDATP and MCAS signals are shared over the Microsoft Intelligent Security Graph.


Already an MCAS user? To try it out, go to your MCAS portal, click Discover > Cloud Discovery dashboard. Then, on the top right corner under Continuous Report, choose “Win 10 endpoint users” 


Not using MCAS yet? Learn more and register for a free trial  


WDATP for Windows Server 2019


We're upgrading our server protection stack by adding support for Windows Server 2019. The Windows Defender ATP sensor will be built into the server OS, complete with kernel and memory sensors previously available only to Windows 10 clients.


No agent and no installation required.


Read here more about Windows Server 2019 onboarding and here’s how to run a detection test on a server once it’s onboarded.


Auto-resolve remediated alerts


Alerts can now be automatically resolved when the automated investigation fully remediates the root cause for the alert.


This is especially useful to reduce active alert numbers in an environment where automatic investigation is turned on.


It also enhances our Conditional Access scenario as once automation remediates a machine and automatically resolves related alerts, machine risk levels will go down re-allowing the user to access corporate resources safeguarded by Conditional Access policies.


Follow up here to turn on automatic alert resolution.

Read more about Conditional access and WDATP here.  


We look forward to your feedback! Just click on the ‘send a smile/frown’ feature on the top right corner of the portal and tell us what you think.



The Windows Defender ATP team


Version history
Last update:
‎Sep 05 2018 09:11 AM
Updated by: