Microsoft

Effective June 1, 2020, Microsoft will automatically enable Microsoft Threat Protection features when eligible customers visit the Microsoft 365 security center (security.microsoft.com). Read below to learn more.

 

Who are eligible?

Customers with corresponding licenses for one of the following Microsoft 365 security products:

  • Microsoft Defender Advanced Threat Protection
  • Office 365 Advanced Threat Protection
  • Microsoft Cloud App Security
  • Azure Advanced Threat Protection

This also applies to customers with one of the following licenses by June 1, 2020:

  • Microsoft 365 E5
  • Microsoft 365 E5 Security
  • Windows 10 Enterprise E5
  • Enterprise Mobility + Security (EMS) E5
  • Office 365 E5
  • Microsoft Defender Advanced Threat Protection
  • Azure Advanced Threat Protection
  • Microsoft Cloud App Security
  • Office 365 Advanced Threat Protection (Plan 2)

 

What is changing?

Starting June 1, Microsoft will be enhancing the listed Microsoft 365 security products by turning on Microsoft Threat Protection features when an eligible customer visits the Microsoft 365 security center.

 

What is Microsoft Threat Protection?

Microsoft Threat Protection is a new solution from Microsoft that enables out-of-the-box, coordinated defenses across the Microsoft 365 security stack for email, endpoints, identities, and apps. It orchestrates cross-product defenses to detect, block, and prevent sophisticated attacks and automatically heal assets affected by these attacks.

 

mtp-side.png

Microsoft Threat Protection stitches together threat signals to help determine the full scope and impact of a threat: how it entered the environment, what it has affected, and how it's currently impacting the organization. It leverages the end-to-end view of the attack to orchestrate automatic response actions across products, stopping the attack and applying self-healing technologies to mailboxes, endpoints, and user identities.

 

To learn more about Microsoft Threat Protection:

Visit the product website | Explore the documentation | Read our blog | Watch the webcast

 

Microsoft Threat Protection is covered by the Online Services Terms  as updated for May 2020.

 

What features will be added to my offering?

The following features will light up:

  • Correlation of security data and alerts across all Microsoft 365 security products into cross-product incidents. Access this through Incidents on the Microsoft 365 security center nav, or go to security.microsoft.com/incidents.
  • Centralized incident response capabilities that self-heal assets affected by alerts or cross-product incidents across endpoints, Office 365, and identities. Access this through Action center on the on the Microsoft 365 security center nav, or go to security.microsoft.com/action-center.
  • Normalized data store that enables proactive threat hunting capabilities and behavior-based custom detection rules over email, endpoints and identity data.  Access this through Hunting on the Microsoft 365 security center nav, or go to security.microsoft.com/advanced-hunting.

 

Will this change apply to customers in all regions and government institutions?

This applies to all customers with Microsoft 365 security products, except for certain government institutions as well as customers in regions that currently don’t support integration between Office 365 ATP and Microsoft Threat Protection. 

 

Microsoft Threat Protection will not turn on automatically for customers in the following government institutions:

  • US Government Community Cloud (GCC)
  • US Government Community Cloud High (GCC High)
  • US Department of Defense
  • All US government institutions with commercial licenses

This exclusion also applies to customers in the following regions whose licenses are eligible for Office 365 ATP only (and not any of the other Microsoft 365 security products):

  • United Arab Emirates (ARE)
  • Switzerland (CHE)
  • Germany (DEU)
  • Singapore (SGP)
  • South Africa (ZAF)
  • Norway (NOR)

 

I’m interested. Can I enable Microsoft Threat Protection features now?

Yes, customers who are currently eligible can enable Microsoft Threat Protection before June 1, 2020. Go to Settings in Microsoft 365 security center (security.microsoft.com/settings) and, if needed, follow the steps outlined in this article.

 

How do I enable Microsoft Threat Protection after June 1st?

Microsoft automatically enables Microsoft Threat Protection features for all eligible tenants. Simply visit Microsoft 365 security center and start exploring it.

 

What if I already enabled Microsoft Threat Protection for my tenant?

No action is required, and the change will not affect you. You can continue to use Microsoft Threat Protection features as before.

 

I only have a subset of the listed Microsoft 365 security products. Will Microsoft Threat Protection still turn on?

Yes, customers with one or more eligible licenses for any of the listed products will get access to Microsoft Threat Protection, which consolidates data from the listed products to provide a unified security experience in Microsoft 365 security center. Data available to Microsoft Threat Protection will be scoped only to products that have already been deployed.

 

Will turning on Microsoft Threat Protection automatically deploy security products I currently don’t use?

No, none of the listed Microsoft 365 security products are automatically deployed. When turned on, Microsoft Threat Protection consolidates data from products that have already been deployed. Learn more about deploying the supported products

 

I have a mix of E3 and E5 licenses for the various products listed. How is my eligibility determined?

Access to Microsoft Threat Protection is governed at the tenant level in the same way access to the specific E5 product experiences is managed – a tenant needs to have valid E5 licenses attached to it to access Microsoft Threat Protection features in Microsoft 365 security center. Data sent to Microsoft Threat Protection is scoped only to products that have already been deployed and only to users and devices to which E5 licenses have been assigned per the license assignment definition of the individual products.

 

When is the change effective?

The changes above come into effect on June 1, 2020.

 

I have further questions. Where can I go?

Please read Microsoft Threat Protection documentation. You can also contact us via the customer feedback tool in Microsoft 365 security center, read the Microsoft Online Services Terms, or reach out to your Microsoft representative or partner to learn more.

 

Raviv Tamir

Group Program Manager

Microsoft Threat Protection

11 Comments
Trusted Contributor

Hello Louie, in our organization a couple of admins have the M365 E5 license. But most of us are using M365 E3. Am I getting this right that if an admin with E5 (for example) enters https://security.microsoft.com/ after June 1st the Microsoft Threat Protection check box is automatically enabled?

 

MTP.PNG

Microsoft

Hi Christian (bec064)! Thanks for the question--I wish I could have responded sooner. I've updated the post to address questions related to tenants with mixed licenses. In your case, Microsoft Threat Protection should automatically turn on because your tenant has an eligible E5 license. That checkbox will be selected and multiple features will light up in Microsoft 365 security center.

Trusted Contributor

Good to know! Thanks for the update Louie.

Senior Member

My users are licensed for "Office 365 Advanced Threat Protection (Plan 1)".  Most users are licensed with M365 E3 but I do have a few users like myself that are licensed and using O365 E5.  I think that makes me eligible but I am not sure due to the (Plan 1) distinction on the O365 ATP.  I realize that it does say June 1 things light up but it also says that you can get started early by going "to Settings in Microsoft 365 security center (security.microsoft.com/settings) and, if needed, follow the steps outlined in this article."  I am a global admin and security admin and when I go to that settings page it is blank.


Am I missing something or do the products I mentioned not make me eligible?  Thanks!

Microsoft

@Jim Lowthert, we've started to roll out the changes that will make your Office 365 E5 license eligible for Microsoft Threat Protection. Please check again on June 1st. Thanks!

New Contributor

The article here really isn't super clear for Government Community Cloud tenants. I am on a GCC E5 tenant - will Threat Protection be turned on in our tenant on June 1st? If so what exactly will happen on the back end of our services if we aren't using those security tools yet? What is the value add for our tenant and how will it impact our security admins using other, non-Microsoft platforms after June 1st? Also do we have an option NOT to have it turned on if it adversely affects our environment?

Microsoft

Hi @4BobRandall. Thanks for your question. We've updated this post to clarify further that Microsoft Threat Protection will not be turned on for certain government institutions, including those with US GCC tenants. Hope this addresses your concern.

Addendum: For those who are concerned about impact, turning on Microsoft Threat Protection will not deploy additional products to your environment. "None of the listed Microsoft 365 security products are automatically deployed. When turned on, Microsoft Threat Protection consolidates data from products that have already been deployed."

Occasional Contributor

Hi @Louie Mayor , 

Can you please advise where the MTP data will be located? Say for example, my Azure AD is in Europe, Azure ATP is also in Europe but Defender ATP is in the US.

 

Can the location be changed once the service has been enabled? For regulatory purposes that is and what would be the procedure?

 

Thanks

Razmi 

Microsoft

@Razmi Patel Apologies for the late reply. The provisioning process will automatically select the data center location for MTP, depending on your existing services. In your case, it can be EU or US. To select a location, you will need to contact support, who will help you reprovision the service if it is already in place.

 

Addendum: Razmi, please note that since you have Microsoft Defender ATP provisioned in the US, Microsoft Threat Protection will also be provisioned in data centers in the US. Apologies if I wasn't able to provide this information previously.

Occasional Visitor

Hi @Louie Mayor 

 

So this means I will get access to the feature MTP and not the products like WDATP on my EMS E5 license?

 

//T

Microsoft

@TonyW1975, yes, you'll be able to access MTP with your EMS E5 license. Microsoft Defender ATP will continue to require a separate license. Please note the MTP consolidates data and effectively provides holistic experiences and capabilities across various products, but it currently does not replace these products.