Mar 07 2018 09:04 PM - edited Mar 07 2018 09:28 PM
Is there a page somewhere that describes the differences between ATA, Azure ATP, Windows Defender ATP and what you can get deploying Azure Security Center with on-prem agents. I'll admit, even as someone who works on security courses for MSFT, working out which product is appropriate for a given scenario tends to feel a little like deciphering a complicated puzzle.
Mar 08 2018 03:30 AM
SolutionOrin,
Not specifically.
ATA and Azure ATP are UEBA products focused on user behavior. ATA is on-prem and Azure ATP is cloud based. its a one or other choice.
WD ATP is Endpoint Detection and Response. It is cloud based as well.
Azure Security Center is a Cloud Workload Protection Product. This is focused on protecting azure workloads but we extended to help with on-prem workloads. it will have a WDATP integration for servers.
To state more simply. ATA and Azure ATP is an OR choice. Likely you would want Azure ATP + WD ATP + Azure security center enabled for your environments as they continue to integrate more and more.
Mar 08 2018 03:39 AM
Okay thanks. We've got a module on ATA, ATP and Azure Security Center in the 20744 Microsoft Official Curriculum so it looks like I'll have to add a lesson on Azure ATP as well next time we revise it (I'm kicking myself that I hadn't noticed the product prior to today and I really should have seeing I follow Adam on twitter). Even for someone who keeps an eye on these things, it can be hard to keep track!
Apr 25 2018 11:11 PM
Thanks Orin,
I had the same Question ;)
Apart from the list you had in the Subject line there's also Office ATP
Regards,
Dave Caddick
Feb 05 2019 01:42 AM
Aug 12 2019 09:07 AM
@ Nichola Dicola.
Thank you for taking out time to clarify on this. One more question, I understand azure security centre standard subscription contains Azure ATP features as well, does it make sense to rather subscribe for my WDATP + ASC to have my full end to end enterprise security solution?
Aug 12 2019 11:16 AM
This is not correct.
MDATP is a endpoint EDR.
AATP is UEBA and dectection for AD based identity attacks.
You need both.
Aug 12 2019 11:17 AM
Hi
i think you mean aSC includes MDATP.
we recommend customers licenes client OS via M365. For servers, you use ASC to get MDATP on servers.