With every Windows update, we release new and innovative capabilities, and this is also true for Microsoft Defender ATP, which builds security deep into the platform as an integral part of Windows.
Many enterprise customers use the semi-annual channel to take Windows 10 updates regularly with great success. However, we’ve also heard feedback from some of you that you need more time and flexibility to plan, test, and deploy updates. We already made changes to the Windows servicing and support life cycle, but we also want to enable you to benefit from the latest Microsoft Defender ATP capabilities on the Windows 10 versions that you currently have deployed.
Today we are pleased to announce that we’ve backported key Microsoft Defender ATP capabilities to earlier versions of Windows 10 so you can have the time you need to stay secure while testing and implementing updates! Automated investigation & remediation and endpoint-based cloud app discovery (Microsoft Cloud App Security integration) are now available for customers running Windows 10 Fall Creators Update (version 1709) and later.
Let’s have a closer look at what that means:
One of the biggest requests was to enable automation on previous Windows 10 versions, helping security teams to automatically investigate and remediate threats on their network. Microsoft Defender ATP’s automation leverages state-of-the-art AI technology to resolve incidents by automatically investigating alerts, applying AI to determine whether a threat is real, and determining what action to take—going from alert to remediation in minutes at scale. Automation is now available with Windows 10, version 1709 and above. This service also includes the automated investigation and remediation of memory-based (fileless) attacks, which means the system can leverage automated memory forensics to incriminate malicious memory regions and perform required in-memory remediation actions.
With Microsoft Defender ATP’s unique integration with Microsoft Cloud App Security, we are enabling security teams to track cloud app usage beyond the corporate proxy. We announced the general availability of this integration earlier this year, delivering a native integration to discover the cloud apps used in your organization. This was the first step towards enabling a seamless, zero deployment, native cloud app security solution that works anytime, anywhere. While we continue to enhance this integration, you can now discover cloud app usage also from previous Windows 10 versions.
In order to benefit from these backported features, all you need to do is to install a Windows Update. For the Windows 10 Fall Creators Update (version 1709), you need to install KB4493441 or later, and for Windows 10 Spring 2018 Update (version 1803) it is KB4493464 or later. Once that’s done, you can benefit from these capabilities on those machines.
This isn’t a one-time thing. We continue to listen to your feedback and continue to make new capabilities available for earlier versions of Windows 10 for our customers to get the best security on the versions they have deployed.
Please keep sharing your feedback with us and stay tuned to learn about the next capabilities we are backporting!
