SOLVED

Product Comparison table? (ATA, Azure ATP, Defender ATP, Azure Security Center)

%3CLINGO-SUB%20id%3D%22lingo-sub-169182%22%20slang%3D%22en-US%22%3EProduct%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169182%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20page%20somewhere%20that%20describes%20the%20differences%20between%20ATA%2C%20Azure%20ATP%2C%20Windows%20Defender%20ATP%20and%20what%20you%20can%20get%20deploying%20Azure%20Security%20Center%20with%20on-prem%20agents.%20I'll%20admit%2C%20even%20as%20someone%20who%20works%20on%20security%20courses%20for%20MSFT%2C%20working%20out%20which%20product%20is%20appropriate%20for%20a%20given%20scenario%20tends%20to%20feel%20a%20little%20like%20deciphering%20a%20complicated%20puzzle.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-330699%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-330699%22%20slang%3D%22en-US%22%3ESo%20it%20seems%20windows%20defender%20advanced%20threat%20protection%20takes%20care%20of%20windows%20endpoint%20which%20azure%20advanced%20threat%20protection%20can%20does%20along%20with%20the%20azure%20part.do%20there%20is%20no%20need%20for%20both%20subscription%20or%20plans%20I%20believe%20in%20this%20case%20!!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-187280%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-187280%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Orin%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20had%20the%20same%20Question%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EApart%20from%20the%20list%20you%20had%20in%20the%20Subject%20line%20there's%20also%20Office%20ATP%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3CBR%20%2F%3EDave%20Caddick%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169283%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169283%22%20slang%3D%22en-US%22%3E%3CP%3EOkay%20thanks.%20We've%20got%20a%20module%20on%20ATA%2C%20ATP%20and%20Azure%20Security%20Center%20in%20the%2020744%20Microsoft%20Official%20Curriculum%20so%20it%20looks%20like%20I'll%20have%20to%20add%20a%20lesson%20on%20Azure%20ATP%20as%20well%20next%20time%20we%20revise%20it%20(I'm%20kicking%20myself%20that%20I%20hadn't%20noticed%20the%20product%20prior%20to%20today%20and%20I%20really%20should%20have%20seeing%20I%20follow%20Adam%20on%20twitter).%20Even%20for%20someone%20who%20keeps%20an%20eye%20on%20these%20things%2C%20it%20can%20be%20hard%20to%20keep%20track!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169273%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169273%22%20slang%3D%22en-US%22%3E%3CP%3EOrin%2C%3C%2FP%3E%0A%3CP%3ENot%20specifically.%3C%2FP%3E%0A%3CP%3EATA%20and%20Azure%20ATP%20are%20UEBA%20products%20focused%20on%20user%20behavior.%26nbsp%3B%20ATA%20is%20on-prem%20and%20Azure%20ATP%20is%20cloud%20based.%26nbsp%3B%20its%20a%20one%20or%20other%20choice.%3C%2FP%3E%0A%3CP%3EWD%20ATP%20is%20Endpoint%20Detection%20and%20Response.%26nbsp%3B%20It%20is%20cloud%20based%20as%20well.%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Security%20Center%20is%20a%20Cloud%20Workload%20Protection%20Product.%26nbsp%3B%20This%20is%20focused%20on%20protecting%20azure%20workloads%20but%20we%20extended%20to%20help%20with%20on-prem%20workloads.%26nbsp%3B%20it%20will%20have%20a%20WDATP%20integration%20for%20servers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20state%20more%20simply.%26nbsp%3B%20ATA%20and%20Azure%20ATP%20is%20an%20OR%20choice.%26nbsp%3B%20Likely%20you%20would%20want%20Azure%20ATP%20%2B%20WD%20ATP%20%2B%20Azure%20security%20center%20enabled%20for%20your%20environments%20as%20they%20continue%20to%20integrate%20more%20and%20more.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800249%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800249%22%20slang%3D%22en-US%22%3E%3CP%3E%40%20Nichola%20Dicola.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20taking%20out%20time%20to%20clarify%20on%20this.%20One%20more%20question%2C%20I%20understand%20azure%20security%20centre%20standard%20subscription%20contains%20Azure%20ATP%20features%20as%20well%2C%20does%20it%20make%20sense%20to%20rather%20subscribe%20for%20my%20WDATP%20%2B%20ASC%20to%20have%20my%20full%20end%20to%20end%20enterprise%20security%20solution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800576%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800576%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F155841%22%20target%3D%22_blank%22%3E%40Avishek%20Jana%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20is%20not%20correct.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMDATP%20is%20a%20endpoint%20EDR.%3C%2FP%3E%0A%3CP%3EAATP%20is%20UEBA%20and%20dectection%20for%20AD%20based%20identity%20attacks.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20need%20both.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800577%22%20slang%3D%22en-US%22%3ERe%3A%20Product%20Comparison%20table%3F%20(ATA%2C%20Azure%20ATP%2C%20Defender%20ATP%2C%20Azure%20Security%20Center)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800577%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F390972%22%20target%3D%22_blank%22%3E%40clsec%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%3C%2FP%3E%0A%3CP%3Ei%20think%20you%20mean%20aSC%20includes%20MDATP.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ewe%20recommend%20customers%20licenes%20client%20OS%20via%20M365.%26nbsp%3B%20For%20servers%2C%20you%20use%20ASC%20to%20get%20MDATP%20on%20servers.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Is there a page somewhere that describes the differences between ATA, Azure ATP, Windows Defender ATP and what you can get deploying Azure Security Center with on-prem agents. I'll admit, even as someone who works on security courses for MSFT, working out which product is appropriate for a given scenario tends to feel a little like deciphering a complicated puzzle.

7 Replies
Highlighted
Best Response confirmed by Orin Thomas (New Contributor)
Solution

Orin,

Not specifically.

ATA and Azure ATP are UEBA products focused on user behavior.  ATA is on-prem and Azure ATP is cloud based.  its a one or other choice.

WD ATP is Endpoint Detection and Response.  It is cloud based as well.  

Azure Security Center is a Cloud Workload Protection Product.  This is focused on protecting azure workloads but we extended to help with on-prem workloads.  it will have a WDATP integration for servers.

 

To state more simply.  ATA and Azure ATP is an OR choice.  Likely you would want Azure ATP + WD ATP + Azure security center enabled for your environments as they continue to integrate more and more.

Highlighted

Okay thanks. We've got a module on ATA, ATP and Azure Security Center in the 20744 Microsoft Official Curriculum so it looks like I'll have to add a lesson on Azure ATP as well next time we revise it (I'm kicking myself that I hadn't noticed the product prior to today and I really should have seeing I follow Adam on twitter). Even for someone who keeps an eye on these things, it can be hard to keep track!

Highlighted

Thanks Orin,

I had the same Question ;)

Apart from the list you had in the Subject line there's also Office ATP

 

Regards,
Dave Caddick

Highlighted
So it seems windows defender advanced threat protection takes care of windows endpoint which azure advanced threat protection can does along with the azure part.do there is no need for both subscription or plans I believe in this case !!
Highlighted

@ Nichola Dicola.

 

Thank you for taking out time to clarify on this. One more question, I understand azure security centre standard subscription contains Azure ATP features as well, does it make sense to rather subscribe for my WDATP + ASC to have my full end to end enterprise security solution?

Highlighted

@Avishek Jana 

This is not correct.  

MDATP is a endpoint EDR.

AATP is UEBA and dectection for AD based identity attacks.

 

You need both.

Highlighted

@clsec 

Hi

i think you mean aSC includes MDATP.  

we recommend customers licenes client OS via M365.  For servers, you use ASC to get MDATP on servers.