Effective June 1, 2020, Microsoft will automatically enable Microsoft Threat Protection features when eligible customers visit the Microsoft 365 security center (security.microsoft.com). Read below to learn more.
Who are eligible?
Customers with corresponding licenses for one of the following Microsoft 365 security products:
- Microsoft Defender Advanced Threat Protection
- Office 365 Advanced Threat Protection
- Microsoft Cloud App Security
- Azure Advanced Threat Protection
This also applies to customers with one of the following licenses by June 1, 2020:
- Microsoft 365 E5
- Microsoft 365 E5 Security
- Windows 10 Enterprise E5
- Enterprise Mobility + Security (EMS) E5
- Office 365 E5
- Microsoft Defender Advanced Threat Protection
- Azure Advanced Threat Protection
- Microsoft Cloud App Security
- Office 365 Advanced Threat Protection (Plan 2)
What is changing?
Starting June 1, Microsoft will be enhancing the listed Microsoft 365 security products by turning on Microsoft Threat Protection features when an eligible customer visits the Microsoft 365 security center.
What is Microsoft Threat Protection?
Microsoft Threat Protection is a new solution from Microsoft that enables out-of-the-box, coordinated defenses across the Microsoft 365 security stack for email, endpoints, identities, and apps. It orchestrates cross-product defenses to detect, block, and prevent sophisticated attacks and automatically heal assets affected by these attacks.
Microsoft Threat Protection stitches together threat signals to help determine the full scope and impact of a threat: how it entered the environment, what it has affected, and how it's currently impacting the organization. It leverages the end-to-end view of the attack to orchestrate automatic response actions across products, stopping the attack and applying self-healing technologies to mailboxes, endpoints, and user identities.
To learn more about Microsoft Threat Protection:
Visit the product website | Explore the documentation | Read our blog | Watch the webcast
Microsoft Threat Protection is covered by the Online Services Terms as updated for May 2020.
What features will be added to my offering?
The following features will light up:
- Correlation of security data and alerts across all Microsoft 365 security products into cross-product incidents. Access this through Incidents on the Microsoft 365 security center nav, or go to security.microsoft.com/incidents.
- Centralized incident response capabilities that self-heal assets affected by alerts or cross-product incidents across endpoints, Office 365, and identities. Access this through Action center on the on the Microsoft 365 security center nav, or go to security.microsoft.com/action-center.
- Normalized data store that enables proactive threat hunting capabilities and behavior-based custom detection rules over email, endpoints and identity data. Access this through Hunting on the Microsoft 365 security center nav, or go to security.microsoft.com/advanced-hunting.
Will this change apply to customers in all regions and government institutions?
This applies to all customers with Microsoft 365 security products, except for certain government institutions as well as customers in regions that currently don’t support integration between Office 365 ATP and Microsoft Threat Protection.
Microsoft Threat Protection will not turn on automatically for customers in the following government institutions:
- US Government Community Cloud (GCC)
- US Government Community Cloud High (GCC High)
- US Department of Defense
- All US government institutions with commercial licenses
This exclusion also applies to customers in the following regions whose licenses are eligible for Office 365 ATP only (and not any of the other Microsoft 365 security products):
- United Arab Emirates (ARE)
- Switzerland (CHE)
- Germany (DEU)
- Singapore (SGP)
- South Africa (ZAF)
- Norway (NOR)
I’m interested. Can I enable Microsoft Threat Protection features now?
Yes, customers who are currently eligible can enable Microsoft Threat Protection before June 1, 2020. Go to Settings in Microsoft 365 security center (security.microsoft.com/settings) and, if needed, follow the steps outlined in this article.
How do I enable Microsoft Threat Protection after June 1st?
Microsoft automatically enables Microsoft Threat Protection features for all eligible tenants. Simply visit Microsoft 365 security center and start exploring it.
What if I already enabled Microsoft Threat Protection for my tenant?
No action is required, and the change will not affect you. You can continue to use Microsoft Threat Protection features as before.
I only have a subset of the listed Microsoft 365 security products. Will Microsoft Threat Protection still turn on?
Yes, customers with one or more eligible licenses for any of the listed products will get access to Microsoft Threat Protection, which consolidates data from the listed products to provide a unified security experience in Microsoft 365 security center. Data available to Microsoft Threat Protection will be scoped only to products that have already been deployed.
Will turning on Microsoft Threat Protection automatically deploy security products I currently don’t use?
No, none of the listed Microsoft 365 security products are automatically deployed. When turned on, Microsoft Threat Protection consolidates data from products that have already been deployed. Learn more about deploying the supported products
I have a mix of E3 and E5 licenses for the various products listed. How is my eligibility determined?
Access to Microsoft Threat Protection is governed at the tenant level in the same way access to the specific E5 product experiences is managed – a tenant needs to have valid E5 licenses attached to it to access Microsoft Threat Protection features in Microsoft 365 security center. Data sent to Microsoft Threat Protection is scoped only to products that have already been deployed and only to users and devices to which E5 licenses have been assigned per the license assignment definition of the individual products.
When is the change effective?
The changes above come into effect on June 1, 2020.
I have further questions. Where can I go?
Please read Microsoft Threat Protection documentation. You can also contact us via the customer feedback tool in Microsoft 365 security center, read the Microsoft Online Services Terms, or reach out to your Microsoft representative or partner to learn more.
Raviv Tamir
Group Program Manager
Microsoft Threat Protection