Windows Defender ATP’s EDR capability for Windows 7 and Windows 8.1 now generally available

Published 02-22-2019 12:06 PM 22.8K Views
Microsoft

We’re announcing the general availability of Windows Defender ATP’s endpoint detection & response (EDR) capability for Windows 7 and Windows 8.1, helping customers achieve the best security possible while transitioning to Windows 10.

 

With Windows 10 we’ve built the most secure Windows ever, by hardening the platform itself and by developing Windows Defender ATP – a unified endpoint security platform for preventative protection, post-breach detection, and automated investigation & response.

To help customers stay secure while upgrading to Windows 10, we’ve built an EDR solution for Windows 7 and Windows 8.1 that is simple to deploy and seamless to end-users, providing behavioral based threat detection, investigation and response capabilities.

Windows Defender ATP for Windows 7, and Windows 8.1 provides deep visibility on activities that are happening on endpoints, including process, file, network, registry and memory activities, providing security teams with rich, correlated insights into activities and threats happening on older versions of Windows.

 

 

win7.png

Figure 1: Windows Defender ATP detects attack activity on Windows 7

 

Detections and events from Windows 7 and Windows 8.1 are surfaced in Windows Defender Security Center alongside data from other endpoints, providing a single pane of glass for security teams to investigate and respond to incidents across their environment.

We’ve previously made this solution available to customers through public preview, working closely with our customers to validate, finetune and refine the service. We're happy to announce that this functionality is now generally available, allowing customers to deploy at scale across their environment.

For more information on how you can onboard Windows 7 and Windows 8.1 machines, check out our documentation.

 

Thank you

The Windows Defender ATP team

8 Comments
Contributor

This post claims that automated investigation and response works on Windows 7 devices.   However, we get a notification in security center that the OS does not support investigation & remediation?  Is there a switch or options that needs to be activated? 

 

Thanks for the feedback!   Screenshot of the notification: 

 

 

example.jpg

 

Microsoft

Hi @David De Vos sorry for the misunderstanding, this article talks about EDR - not automation. 

Contributor

Hello @Heike Ritter 

 

I spoke to a few more people today.  Apparently it's actually ED and not EDR.   There is no response capability for Windows 7 at all ..  not automated or manual?   I thought so already, but I wanted to be sure.   Here's the options a Windows 7 device gets :

 

image.png

 

 
 

It's basically nothing ... not full scan trigger, no isolation, no investigation package, etc .. 

 

Don't get me wrong, because I'm a big fan of Defender ATP!   It seems the Windows 10 operating system really is the foundation for it's capabilities.   I had to get confirmation on that ...

 

Thanks!  

 

Microsoft

@David De Vos Yes, that is correct, providing customers visibility into threats happening on their Windows 7 devices was our main goal. I hope you can move those legacy devices to Win10 soon and benefit from its full capabilities :)  

Occasional Visitor

@Heike Ritter Is Defender ATP still supported on Windows 7 and if so, how long will it continue to be supported? Thank you.

Occasional Contributor

Just to clarify, does Defender ATP on Windows 8.1 support Automated response/remediation?


Microsoft

@Kevin Lovegrove no, you have manual response capabilities, but not automated. 

Microsoft

@akrause22  we following the official support cycle that comes with Windows 7. Some general info here

https://answers.microsoft.com/en-us/windows/forum/windows_7-update/how-do-i-purchase-extended-suppor...

%3CLINGO-SUB%20id%3D%22lingo-sub-1592500%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1592500%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20post%20claims%20that%20automated%20investigation%20and%20response%20works%20on%20Windows%207%20devices.%26nbsp%3B%26nbsp%3B%20However%2C%20we%20get%20a%20notification%20in%20security%20center%20that%20the%20OS%20does%20not%20support%20investigation%20%26amp%3B%20remediation%3F%26nbsp%3B%20Is%20there%20a%20switch%20or%20options%20that%20needs%20to%20be%20activated%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20feedback!%26nbsp%3B%26nbsp%3B%20Screenshot%20of%20the%20notification%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20image-alt%3D%22example.jpg%22%20style%3D%22width%3A%20607px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F212715i4B999B29F6B7767A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22example.jpg%22%20alt%3D%22example.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1593639%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1593639%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F11134%22%20target%3D%22_blank%22%3E%40David%20De%20Vos%3C%2FA%3E%26nbsp%3Bsorry%20for%20the%20misunderstanding%2C%20this%20article%20talks%20about%20EDR%20-%20not%20automation.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1594214%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1594214%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20spoke%20to%20a%20few%20more%20people%20today.%26nbsp%3B%20Apparently%20it's%20actually%20ED%20and%20not%20EDR.%20%26nbsp%3B%20There%20is%20no%20response%20capability%20for%20Windows%207%20at%20all%20..%26nbsp%3B%20not%20automated%20or%20manual%3F%26nbsp%3B%26nbsp%3B%20I%20thought%20so%20already%2C%20but%20I%20wanted%20to%20be%20sure.%26nbsp%3B%26nbsp%3B%20Here's%20the%20options%20a%20Windows%207%20device%20gets%20%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22image.png%22%20style%3D%22width%3A%20548px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F212847i82C016311748D01B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22image.png%22%20alt%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3EIt's%20basically%20nothing%20...%20not%20full%20scan%20trigger%2C%20no%20isolation%2C%20no%20investigation%20package%2C%20etc%20..%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDon't%20get%20me%20wrong%2C%20because%20I'm%20a%20big%20fan%20of%20Defender%20ATP!%26nbsp%3B%26nbsp%3B%20It%20seems%20the%20Windows%2010%20operating%20system%20really%20is%20the%20foundation%20for%20it's%20capabilities.%26nbsp%3B%26nbsp%3B%20I%20had%20to%20get%20confirmation%20on%20that%20...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1594235%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1594235%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F11134%22%20target%3D%22_blank%22%3E%40David%20De%20Vos%3C%2FA%3E%26nbsp%3BYes%2C%20that%20is%20correct%2C%20providing%20customers%20visibility%20into%20threats%20happening%20on%20their%20Windows%207%20devices%20was%20our%20main%20goal.%20I%20hope%20you%20can%20move%20those%20legacy%20devices%20to%20Win10%20soon%20and%20benefit%20from%20its%20full%20capabilities%20%3A)%3C%2Fimg%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1714579%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1714579%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3BIs%20Defender%20ATP%20still%20supported%20on%20Windows%207%20and%20if%20so%2C%20how%20long%20will%20it%20continue%20to%20be%20supported%3F%20Thank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-355535%22%20slang%3D%22en-US%22%3EWindows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-355535%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EWe%E2%80%99re%20announcing%20the%20general%20availability%20of%20Windows%20Defender%20ATP%E2%80%99s%20endpoint%20detection%20%26amp%3B%20response%20(EDR)%20capability%20for%20Windows%207%20and%20Windows%208.1%2C%20helping%20customers%20achieve%20the%20best%20security%20possible%20while%20transitioning%20to%20Windows%2010.%20%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20Windows%2010%20we%E2%80%99ve%20built%20the%20most%20secure%20Windows%20ever%2C%20by%20hardening%20the%20platform%20itself%20and%20by%20developing%20Windows%20Defender%20ATP%20%E2%80%93%26nbsp%3Ba%20unified%20endpoint%20security%20platform%20for%20preventative%20protection%2C%20post-breach%20detection%2C%20and%20automated%20investigation%20%26amp%3B%20response.%3C%2FP%3E%0A%3CP%3ETo%20help%20customers%20stay%20secure%20while%20upgrading%20to%20Windows%2010%2C%20we%E2%80%99ve%20built%20an%20EDR%20solution%20for%20Windows%207%20and%20Windows%208.1%20that%20is%20simple%20to%20deploy%20and%20seamless%20to%20end-users%2C%20providing%20behavioral%20based%20threat%20detection%2C%20investigation%20and%20response%20capabilities.%3C%2FP%3E%0A%3CP%3EWindows%20Defender%20ATP%20for%20Windows%207%2C%20and%20Windows%208.1%20provides%20deep%20visibility%20on%20activities%20that%20are%20happening%20on%20endpoints%2C%20including%20process%2C%20file%2C%20network%2C%20registry%20and%20memory%20activities%2C%20providing%20security%20teams%20with%20rich%2C%20correlated%20insights%20into%20activities%20and%20threats%20happening%20on%20older%20versions%20of%20Windows.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22win7.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F84109i118CB9B5693C5CED%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22win7.png%22%20alt%3D%22win7.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3EFigure%201%3A%20Windows%20Defender%20ATP%20detects%20attack%20activity%20on%20Windows%207%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDetections%20and%20events%20from%20Windows%207%20and%20Windows%208.1%20are%20surfaced%20in%20Windows%20Defender%20Security%20Center%20alongside%20data%20from%20other%20endpoints%2C%20providing%20a%20single%20pane%20of%20glass%20for%20security%20teams%20to%20investigate%20and%20respond%20to%20incidents%20across%20their%20environment.%20%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3EWe%E2%80%99ve%20previously%20made%20this%20solution%20available%20to%20customers%20through%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fblog%2F2018%2F02%2F12%2Fannouncing-windows-defender-atp-support-for-windows-7-and-windows-8-1%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Epublic%20preview%3C%2FA%3E%2C%20working%20closely%20with%20our%20customers%20to%20validate%2C%20finetune%20and%20refine%20the%20service.%20We're%20happy%20to%20announce%20that%20this%20functionality%20is%20now%20generally%20available%2C%20allowing%20customers%20to%20deploy%20at%20scale%20across%20their%20environment.%3C%2FP%3E%0A%3CP%3EFor%20more%20information%20on%20how%20you%20can%20onboard%20Windows%207%20and%20Windows%208.1%20machines%2C%20check%20out%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fwindows-defender-atp%2Fonboard-downlevel-windows-defender-advanced-threat-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%3C%2FP%3E%0A%3CP%3EThe%20Windows%20Defender%20ATP%20team%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-355535%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%20style%3D%22box-sizing%3A%20border-box%3B%20color%3A%20%23333333%3B%20font-family%3A%20%26amp%3Bquot%3B%20segoeui%26amp%3Bquot%3B%2C%26amp%3Bquot%3Blato%26amp%3Bquot%3B%2C%26amp%3Bquot%3Bhelvetica%20neue%26amp%3Bquot%3B%2Chelvetica%2Carial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20italic%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EWe%E2%80%99re%20announcing%20the%20general%20availability%20of%20Windows%20Defender%20ATP%E2%80%99s%20endpoint%20detection%20%26amp%3B%20response%20(EDR)%20capability%20for%20Windows%207%20and%20Windows%208.1%2C%20helping%20customers%20achieve%20the%20best%20security%20possible%20while%20transitioning%20to%20Windows%2010.%20%3C%2FEM%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-355535%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBackward%20support%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%207%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%208.1%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1748738%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1748738%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20clarify%2C%20does%20Defender%20ATP%20on%20Windows%208.1%20support%20Automated%20response%2Fremediation%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1750876%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1750876%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F161476%22%20target%3D%22_blank%22%3E%40Kevin%20Lovegrove%3C%2FA%3E%26nbsp%3Bno%2C%20you%20have%20manual%20response%20capabilities%2C%20but%20not%20automated.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1750881%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Defender%20ATP%E2%80%99s%20EDR%20capability%20for%20Windows%207%20and%20Windows%208.1%20now%20generally%20available%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1750881%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F809604%22%20target%3D%22_blank%22%3E%40akrause22%3C%2FA%3E%26nbsp%3B%20we%20following%20the%20official%20support%20cycle%20that%20comes%20with%20Windows%207.%20Some%20general%20info%20here%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fwindows_7-update%2Fhow-do-i-purchase-extended-support-for-windows-7%2F1aa61442-89db-479d-a030-4898a040c69f%23%3A~%3Atext%3DAs%2520previously%2520announced%252C%2520Windows%25207%2520extended%2520support%2520is%2Cat%2520a%2520different%2520point%2520in%2520the%2520upgrade%2520process.%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fwindows%2Fforum%2Fwindows_7-update%2Fhow-do-i-purchase-extended-support-for-windows-7%2F1aa61442-89db-479d-a030-4898a040c69f%23%3A~%3Atext%3DAs%2520previously%2520announced%252C%2520Windows%25207%2520extended%2520support%2520is%2Cat%2520a%2520different%2520point%2520in%2520the%2520upgrade%2520process.%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Sep 29 2020 07:10 AM
Updated by: