Raw data export: Announcing Microsoft Defender ATP Streaming API GA
Published Mar 18 2020 11:10 AM 6,485 Views

The Microsoft Defender ATP team is proud to announce the general availability of raw data export via the streaming API. In a just few clicks, customers, technology partners, and service providers can now export raw Microsoft Defender ATP cyber telemetry to a separate storage. Long-term telemetry retention and wide signal correlation scenarios are now simpler than ever.



Simple, reliable, real-time

The raw data export is designed to be simple, reliable, and efficient. In just a few steps, data will start flowing in near real-time to your storage. Just follow the instructions and build up to five different streams of raw data export. Reliability is achieved by leveraging a robust data exchange infrastructure. To experience a real-world use case, try the DIY scenario of streaming advanced hunting events to Azure storage described here.


Inter-tenant data export

A single simple data sharing procedure allows you to safely share the data with a service provider or a technology partner across the tenant’s boundaries. Integrating with managed security service provider (MSSP) or managed detection and response (MDR) services is simple: if your security operations are assisted by a service provider, this capability allows you to select the data tables that are required for further processing by them. Service providers will guide about deployment steps if needed.


Standard and robust schema

We envisioned a robust and stable data export platform. As a part of Microsoft Defender ATP’s interoperability approach, data export requires minimal future maintenance. The data export design was heavily influenced by customer feedback on the overall Microsoft Threat Protection strategy.


The data export schema now aligns with the advanced hunting platform. The latter was fine-tuned to meet the Microsoft Threat Protection roadmap. What you see in the advanced hunting tables is what you get in your own storage for custom use.


Our amazing design partner community contributed feedback and knowledge over several months of public preview, allowing us to achieve the high-quality capability that we are making widely available today.


We’d love to hear your feedback and thoughts.


Microsoft Defender ATP Team




1 Comment
Version history
Last update:
‎Apr 06 2020 09:50 AM
Updated by: