Advanced Threat Protection Part 5: Microsoft Defender ATP | Course Video | Online Training (2023)


Welcome submarines to the industry. 65 Security Administration Course


I'm your Strugar. Jim Daniels.


We're on module three m s, 3 65. Threat protection.


We're going to be wrapping up lesson to advanced threat protection with Microsoft Defender 80 p


This lesson we're going to earn


how Windows 10 incorporates security features into the of S


and expands with those features with defender A teepee.


We're also going to look at some specific application control methods within Windows Town.


So to this point, we've really focused on the


non of s security side where this is the lesson we're actually going to get in with Windows 10.


Here's some of security innovations with Windows 10


pre breach threat protection, identity protection, information protection, post breach security management


Some of these innovations you may or may not implement.


However, as a security professional, it is your duty to at least know


what each one is.


And the scenario which is recommended


Microsoft Defender 80 p is a platform designed to help enterprise networks prevent, detect, investigate and respond to the advanced threats.


It does that by offering threatened vulnerability management


reduction of your tax office


next generation protection


endpoint detection and response


Advance Honey,


Automated Investigation, remediation


and for a utilizes the threat experts


within Defender A TV. You can actually set up email alerts. You send notifications for specific recipients based on new alerts.


Well, our severity levels could be configured to trigger those notifications.


Some of the required permissions to configure defender 80 p email notifications.


You could be sent to manage security settings, which is a role based within defender a teepee where you can be a global or security administrator.


A tip.


It's always a good idea to configure e a p in office. 3 65 80 p settings


for Defender 80 p a large emails so they don't go into junk reform, saying

(Video) Endpoint Protection Part 5 - Defender Advanced Threat Protection (ATP) Policies


If you have a major alert coming through about a security incident,


you don't want to go into quarantine or jump.


Here's an example of that, you know are


it's a new alarm detection,


and it's detected a malicious document


as a severity


as the source as well as time


and as a direct link so you can see more information about this sort


as our security center is a unified infrastructure security management system that provides advanced threat protection across your hybrid workloads in the cloud


as well as on premises.


Defender 80 p can be integrated with as our security center


to allow a Teepee Analytics


behavioral signal collection from servers. Intelligence for emerging threats in a single pane of glass view for server and endpoint. 80 p of ours.


So this is the dream scenario. If your organization still has a one premise server footprint


as well as a


server footprint in azar,


the security center


ties on prim and cloud together


and any grace and would defender a teepee for your in points so you can have a comprehensive view of your endpoints and servers


all at once.


Windows Defender, application guard,


Windows 10 and Microsoft edge


their next


administrators defying trusted websites. Cloud internal resource is


everything else is untrusted zero trust model, right?


When on trust this side is visited, edge opens up in an isolated hyper V container,


just container separate from the host of S,


which for Texas system. In the event that the site is malicious,


you're gonna solve this from power shoe

(Video) Microsoft Advanced Threat Protection (ATP) Explained


in the control panel or as a policy compliance within NDM such as intern,


it can be configured


within group policy


S E C M or into Indian endpoint management


application. Gored is fantastic.


Let's take a look.


You have your device hardware,


you have edge the new edge. Chromium browser is actually pretty good. Pretty good word. We're hoping that will be the hope to get rid of their next four once and for all.


So we're putting a lot of stock in as chromium. That's beside the point.


So we have our Windows Defender application guard.


It launches in edge,


use the platform services. A separate colonel from the S


suffer. So something bad happens in that untrusted site.


It doesn't mess up


your host of s.


This is very cool technology.


Let's look at some application control methods. In Windows 10


you have a couple of different methods. You have Windows Defender application control,


an Apple locker.


Somebody comparisons.


Defender Application control requires Windows 10 enterprise 17 of now,


plus or windows 10


1903 and above doesn't necessarily have to be enterprised. If it's 1919 03 or above


you control what drivers and acts are allowed.


When those defender application control policies applied to a computer and affect all device users.


It's a computer based policy,


and it supplied you configure with indium. Such a Simpson SC CME Group policy or power show


ad blocker,


was introduced on Windows seven.


(Video) Microsoft Defender ATP Threat and Vulnerability Management

Control is why ask? Users are allowed to run.


Policies can apply it to all users of a computer or individual users and groups.


And it's deployed through SEC and Group policy and Power Shell.


One of the key things


when his defender application control


allows control over drivers.


That's something that Apple worker does not.


When those defender application control


mitigate security threats by restricting the applications, user are allowed to run


and the code runs in the kernel system. Core.


W jak policies also block unsigned scripts and M s eyes.


And when the power shell runs in constrained language mode,


All right, let's see if you notice


Windows 10 Application guard


functions with I E. 10 plus and the latest versions of Edge, Firefox and Chrome. Is that true? Or is that false?


False? It only functions with i e. An edge.


You do not get the application Gore function


with Windows 10 F. Your users are using Firefox or crime


or any other third party browser, such as Offer


Bruce Schneier is a cryptography expert.


He's been involved in creation of many cryptographic algorithms.


Chances already already know who he is. If you don't


there, you know, now you know,


That shows how good we are at evaluating risk.


Can you take away from this?


What we may necessarily think is a risky use


isn't necessarily


the risk is gonna have the big people behind it.


That's where Defender Export Guard comes in. Utilizes the capabilities of the intelligence security graph


to identify active exploits and count on behaviors.


To start these types of attacks at various stages of the cure. Train

(Video) Microsoft Defender ATP | Step 5 of 9 | Maintaining Microsoft 365


defender exploit guard components, therefore main ones.


It reduces your attack surface.


The set of controls prevents malware from getting when the machine, by blocking office scripts and email based threats.


This far can help protect against zero day attacks.


Network protection.


It extends the malware and social engineering protection offer about Windows Defender Smart screen


in Microsoft Edge to cover network traffic in connective ity on your devices.


This requires Windows Defender, a V


controlled folder access.


This is what I like.


It protects sensitive data from ransomware about blocking on trusted processes from accessing your protective folders


so you can actually define certain protective folders within the device itself. Within the hard drive, you can say, OK,


all of these voters are access restricted, their sensitive


You get


take process that you don't know what they are. They're levelled his own. Trusted They're never gonna right


or edit into this voters.


Export protection


is a set of exploit mitigation


replaces E met in the past. Enhanced mitigation experience took it


and could be easily configured to protect your system and applications. So it's additional tool kit that comes with defender Export Guard


To recap this lesson Microsoft Defender 80 p is a platform designed to help enterprise networks prevent,


detect, investigate


and respond to advanced threats.


Windows Defender 80 p can be integrated into as your security center


Windows application. Gord opens untrusted sites and isolated hyper V enable container


for sandbox type protection.


Thank you for joining me on this lesson.


Over. See you next time. Take care

Threat Management Plan Part 1: Security Dashboard 3m
Threat Management Plan Part 2: Threat Investigation and Response 8m
Threat Management Plan Part 3: Advanced Threat Analytics 6m
Mobility Part 2: Implementing Mobile Device Management 10m
View All


What is the difference between Windows Defender ATP and Microsoft Defender ATP? ›

Microsoft Defender — not to be confused with Microsoft Defender ATP — provides anti-malware and anti-virus capabilities for the Windows 10 OS, whilst the ATP product is a post-breach solution that complements Microsoft Defender AV.

Is Microsoft Defender the same as advanced threat protection? ›

Windows Defender Advanced Threat Protection (ATP) is a Microsoft security product that is designed to help enterprise-class organizations detect and respond to security threats. ATP is a preventative and post-detection, investigative response feature to Windows Defender.

What is Microsoft Defender advanced threat protection ATP? ›

Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing zero-day protection and safeguarding versus phishing and other unsafe links, in real time.

How do you get the defender ATP portal? ›

By default, MSSP customers access their Microsoft 365 Defender tenant through the following URL: . MSSPs however, will need to use a tenant-specific URL in the following format: to access the MSSP customer portal.

What replaced Microsoft ATP? ›

The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

Do I need antivirus if I have Microsoft Defender? ›

Windows Defender scans a user's email, internet browser, cloud, and apps for the above cyberthreats. However, Windows Defender lacks endpoint protection and response, as well as automated investigation and remediation, so more antivirus software is necessary.

Is there a better antivirus than Windows Defender? ›

Answer: AV- comparatives conducted tests and the results showed that while the detection rate for Windows Defender was 99.5%, Avast anti-virus led by detecting 100% of malware. Avast also has a lot of advanced features that are not available on Windows Defender.

What is Microsoft advanced threat protection called now? ›

Azure Advanced Threat Protection has changed its name to Microsoft Defender for Identity.

How much does Microsoft Defender advanced threat protection cost? ›

Microsoft Defender for Endpoint offers a free trial and several different pricing plans from $10 per user per month up to $57 per user per month. For more information, visit

What license is required for Microsoft Defender? ›

Licensing requirements

Any of these licenses gives you access to Microsoft 365 Defender features via the Microsoft 365 Defender portal without additional cost: Microsoft 365 E5 or A5. Microsoft 365 E3 with the Microsoft 365 E5 Security add-on. Microsoft 365 E3 with the Enterprise Mobility + Security E5 add-on.

Why is Microsoft Defender taking up so much CPU? ›

This issue with MsMpEng.exe taking 100% of the hard drive and CPU usually occurs when Windows Defender is scanning the computer for malware. The Windows Defender scan is getting stuck on a few files while checking malware. When that is happening, it should be restricted/disabled to bring it back to normal use.

How do I use ATP with Windows Defender? ›

Onboard the devices

In the Configuration Manager console, navigate to Assets and Compliance > Endpoint Protection > Microsoft Defender ATP Policies. Select Create Microsoft Defender ATP Policy to open the policy wizard. Type the Name and Description for the Microsoft Defender for Endpoint policy and select Onboarding.

Does Windows Defender have a firewall? ›

Because Windows Defender Firewall is a host-based firewall that is included with the operating system, there's no other hardware or software required. Windows Defender Firewall is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).

Is defender for Cloud free? ›

Microsoft Defender for Cloud is free for the first 30 days. Any usage beyond 30 days will be automatically charged as per the pricing scheme below. Microsoft Defender currently protects Azure Blobs, Azure Files and Azure Data Lake Storage Gen2 resources.

Is defender ATP included in E3? ›

The inclusions of the Microsoft Defender for Endpoint Plan 1 into the Microsoft 365 E3 license suite will add new levels of security to E3 licensed organisations at no additional cost.

Is Microsoft Defender for Office 365 the same as ATP? ›

Microsoft Defender for Office 365 (formerly ATP) is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time.

Does Office 365 include advanced threat protection? ›

Microsoft Office 365 Advanced Threat Protection pricing

Microsoft includes ATP with its top-tier Office 365 Enterprise E5 subscription, but organizations can add the service to other Exchange and Office 365 subscriptions for $2 per user, per month.

What is Azure security Center called now? ›

The Azure Defender service includes all of the previously-branded Azure Security Center threat protection technologies.

Can Windows Defender remove all viruses? ›

The Windows Defender Offline scan will automatically detect and remove or quarantine malware.

Can Microsoft Defender detect all viruses? ›

Microsoft Defender Antivirus detects and protects against the following kinds of threats: Viruses, malware, and web-based threats on devices. Phishing attempts.

Can Windows Defender scan all viruses? ›

Windows Security continually scans for malware (malicious software), viruses, and security threats.

Should I use Defender or McAfee? ›

Spoiler alert: McAfee is the best choice. Although it's not free like Microsoft Defender, McAfee ensures you get what you pay for, providing all-around protection from online threats to save you money in the longer term. Keep reading to find out how I tested both providers to select the ultimate antivirus solution.

Is Windows Defender enough in 2022? ›

Microsoft Defender antivirus is pretty safe. It has almost 100% real-time protection rates, according to independent tests. It also has additional features for device protection against malware, such as scanning, app and browser control, and account protection options.

What is difference between Azure defender and Microsoft Defender? ›

During Microsoft Ignite in November 2021, Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud. They've also renamed Azure Defender plans to Microsoft Defender plans. For example, Azure Defender for Servers is now Microsoft Defender for Servers.

How many types of Microsoft Defender are there? ›

Here's a list of the different Microsoft 365 Defender products and solutions: Microsoft Defender for Endpoint. Microsoft Defender for Office 365. Microsoft Defender for Identity.

How many versions of Microsoft Defender are there? ›

It comes in Plan 1 and Plan 2 variants, with Plan 2 even including end-user security education campaigns and training material.

Can Microsoft Defender be hacked? ›

According to the researchers, hackers can potentially exploit this vulnerability to learn the list of locations excluded from Microsoft Defender scanning and plant malware there.

How does Windows Defender compare to Norton? ›

Norton 360 takes the top spot as the better antivirus option against Microsoft Defender. While Microsoft Defender provides a great real-time malware detection rate, it doesn't match up to the Norton 360, which detected and blocked every threat thrown its way.

How much is Microsoft Defender license? ›

Microsoft Defender for Endpoint has 2 pricing edition(s), from $2.50 to $5.20. Look at different pricing editions below and read more information about the product here to see which one is right for you.

Is Microsoft Defender free with Windows 10? ›

Microsoft installs Microsoft Defender for free on Windows 11 and Windows 10 computers. It covers a single device, but any secondary Windows PCs will have the same app installed.

Is defender enough for Windows 11? ›

If you're comfortable with all this — and in our experience, Edge is lighter and faster than Chrome — then Microsoft Defender Antivirus and the related protections built into Windows 10 and 11 should absolutely be good enough to protect you from malware infection, and give you a few useful extra security features as ...

Is Windows Defender enough for average user? ›

Yes, Windows Defender is a good basic virus protection software. You may not find everything you want if you are extremely security focused. A third-party antivirus or anti-malware software will likely find threats that Windows Defender may miss.

Is Windows Defender 100% accurate? ›

Its AI accurately identifies legitimate attack patterns while allowing safe software to pass. In tests using over one million software samples, Microsoft Defender Antivirus correctly caught the malware with 100% accuracy.

Why Windows Defender is not good enough? ›

While Microsoft Defender has improved over the years, it's not enough to fully secure your Windows PC. It does have some good features, like parental controls, phishing protection, and hardware security, but these features aren't as comprehensive as those offered by a premium antivirus service.

Does Windows Defender use a lot of RAM? ›

Windows Defender is a useful inbuilt tool which helps computer users like you to prevent your system from attacking by malware or viruses. However, sometimes, it will eat up high memory, CPU and disk usage.

Can I use both Windows Defender and antivirus? ›

You can benefit from running Microsoft Defender Antivirus alongside another antivirus solution. For example, Endpoint detection and response (EDR) in block mode provides added protection from malicious artifacts even if Microsoft Defender Antivirus is not the primary antivirus product.

What's the difference between Azure ATP o365 ATP and defender ATP? ›

Office 365 ATP will monitor emails, along with everyday collaboration tools such as SharePoint, One Drive, and Teams. Windows Defender ATP will protect devices associated with endpoints and enable you to identify attacks that make it past the pre-breach defense.

What is the difference between defender and defender for Endpoint? ›

Windows Defender is built into Windows 10/11 and is primarily used as a firewall and anti-virus solution. Microsoft Defender for Endpoint is a cloud-based security platform that connects Windows Defender with Microsoft's advanced threat intelligence system to provide comprehensive security to all enterprise endpoints.

Does Windows Defender detect everything? ›

As part of the Windows Security suite, it will search for any files or programs on your computer that can cause harm to it. Defender looks for software threats like viruses and other malware across email, apps, the cloud, and the web.

What apps should be allowed through Windows Defender Firewall? ›

The apps you want are your browsers like Edge, Chrome, Firefox, Internet Explorer and ports 80 and 443 to be open. That's what you want to allow. As for private and public the way that works is based on your connection. When you are at home with your machine you want to be set to private network.

Does Windows Defender cover Google Chrome? ›

Microsoft Defender Application Guard Extension is a web browser add-on available for Chrome and Firefox. Microsoft Defender Application Guard provides Hyper-V isolation on Windows 10 and Windows 11, to protect users from potentially harmful content on the web.

Does Defender have VPN? ›

Microsoft Defender for Endpoint uses a virtual private network (VPN) to provide Web Protection capabilities that protect you against phishing or web-based attacks.

Is Malwarebytes better than Microsoft Defender? ›

Comparison Results: Microsoft Defender has an edge in this comparison. According to reviews, it is more lightweight than Malwarebytes. To learn more, read our detailed Malwarebytes vs. Microsoft Defender for Endpoint Report (Updated: November 2022).

Do I need Malwarebytes if I have Defender? ›

Malwarebytes Premium is better than Windows Defender (also known as Microsoft Defender). Along with Malwarebytes, Defender offers real-time protection and on-demand scans. However, Malwarebytes also offers behavioral detection to pick up on new malware. That said, Windows Defender is better than Malwarebytes Free.

How much does one drive on an E3 license hold? ›

Microsoft will provide initial 5 TB of OneDrive storage per user. Customers who want additional OneDrive storage can request it as needed by contacting Microsoft support. Subscriptions for fewer than five users receive 1 TB OneDrive storage per user.

Is ATP an antivirus? ›

Windows Defender Advanced Threat Protection (ATP) is a Microsoft security product that is designed to help enterprise-class organizations detect and respond to security threats. ATP is a preventative and post-detection, investigative response feature to Windows Defender.

What licenses include ATP? ›

Microsoft ATP can be bolted onto many different Microsoft 365 and Exchange subscriptions:
  • Exchange Online Plan 1.
  • Exchange Online Plan 2.
  • Exchange Online Kiosk.
  • Exchange Online Protection.
  • Microsoft 365 Business Basic.
  • Microsoft 365 Business Standard.
  • Office 365 Enterprise E1.
  • Office 365 Enterprise E3.
3 Sept 2020

Is ATP now called Defender? ›

So Azure ATP is now Microsoft Defender for Identity, which works with Active Directory to protect user identities and credentials.

Is Windows Defender an antivirus for ATP? ›

Microsoft Defender ATP is a unified platform for Windows protection that includes a broad range of capabilities, some of which include: Antivirus.

What license is needed for defender ATP? ›

Licensing requirements

Windows 10 Education A5. Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5.

What is azure ATP called now? ›

Azure Advanced Threat Protection has changed its name to Microsoft Defender for Identity.

How do I bypass Microsoft ATP? ›

To bypass ATP Attachment Processing, set up the following mail flow rule:
  1. Go to your MS Exchange/Office Admin Center and click "Mail Flow"
  2. Click the "+" and "Bypass spam filtering..."
  3. Give the rule a name, e.g. "Bypass ATP Attachment Processing"
  4. Hit "More Options"
25 Feb 2022

Is Microsoft Defender for Office 365 free? ›

Did you know you can try the features in Microsoft 365 Defender for Office 365 Plan 2 for free? Use the 90-day Defender for Office 365 trial at the Microsoft 365 Defender portal trials hub.

Does Office 365 have built in antivirus? ›

Microsoft Defender Antivirus is your next-generation protection. Office 365 includes antiphishing, antispam, and antimalware protection. With your Office 365 subscription, you get premium email and calendars, Office apps, 1 TB of cloud storage (via OneDrive), and advanced security across all your devices.

Does Microsoft 365 include ATP? ›

Microsoft Office 365 Advanced Threat Protection pricing

Microsoft includes ATP with its top-tier Office 365 Enterprise E5 subscription, but organizations can add the service to other Exchange and Office 365 subscriptions for $2 per user, per month.

What replaced Microsoft Defender? ›

Conversion to antivirus

Upon installation, Microsoft Security Essentials disabled and replaced Windows Defender. In Windows 8, Microsoft upgraded Windows Defender into an antivirus program very similar to Microsoft Security Essentials for Windows 7 and using the same virus definition updates.

What is the difference between Microsoft Defender and Windows Defender? ›

Formerly known as Windows Defender, Microsoft Defender is an antivirus protection program that's included with Windows 10. You can enable or disable Microsoft Defender at any time. There are third-party apps that are free or require a paid subscription that also offer antivirus services.


1. Microsoft Defender for Endpoint (MDATP) webinar: End-to-end security for your endpoints
(Microsoft Security Community)
2. Windows Defender ATP
3. Cyber Security With Windows Defender ATP
(G. Tech)
4. Microsoft Defender for Endpoint Overview
(Microsoft Security)
5. Microsoft Skills: Protecting Endpoints-Microsoft Defender Advanced Threat Protection Course Preview
6. Threat Analytics in Microsoft Defender Advanced Threat Protection (ATP)
(Matt Soseman)
Top Articles
Latest Posts
Article information

Author: Aracelis Kilback

Last Updated: 02/20/2023

Views: 5896

Rating: 4.3 / 5 (44 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Aracelis Kilback

Birthday: 1994-11-22

Address: Apt. 895 30151 Green Plain, Lake Mariela, RI 98141

Phone: +5992291857476

Job: Legal Officer

Hobby: LARPing, role-playing games, Slacklining, Reading, Inline skating, Brazilian jiu-jitsu, Dance

Introduction: My name is Aracelis Kilback, I am a nice, gentle, agreeable, joyous, attractive, combative, gifted person who loves writing and wants to share my knowledge and understanding with you.