Listening to customer feedback and improving the day to day life of security operation teams are one of the core pillars of how we build the Windows Defender ATP service and how we operate across our engineering and research teams. With that in mind, we are excited to roll out today a new set of Windows Defender ATP features that enhance key aspects of the service, based heavily on what we heard from you.
Threat Analytics is a set of interactive reports on significant and emerging attack campaigns that fuses organizational risk analytics with threat intelligence. This powerful tool equips security operations teams with real-time information that helps them understand the nature of the threat, assess impact on their environment and provides recommended actions to increase security resilience, like guidance on prevention, or containment of the threat.
Microsoft Cloud App Security (MCAS) can now leverage Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all WDATP monitored machines.
WDATP and MCAS signals are shared over the Microsoft Intelligent Security Graph.
Already an MCAS user? To try it out, go to your MCAS portal, click Discover > Cloud Discovery dashboard. Then, on the top right corner under Continuous Report, choose “Win 10 endpoint users”
We're upgrading our server protection stack by adding support for Windows Server 2019. The Windows Defender ATP sensor will be built into the server OS, complete with kernel and memory sensors previously available only to Windows 10 clients.
Alerts can now be automatically resolved when the automated investigation fully remediates the root cause for the alert.
This is especially useful to reduce active alert numbers in an environment where automatic investigation is turned on.
It also enhances our Conditional Access scenario as once automation remediates a machine and automatically resolves related alerts, machine risk levels will go down re-allowing the user to access corporate resources safeguarded by Conditional Access policies.