Microsoft Practice Director, Gerry Kerr, discusses the history of Microsoft Defender ATP and how it can be applied today to help benefit your business.
What is Microsoft Defender ATP?
Microsoft introduced Windows defender in 2006 as a free anti-virus tool for its Windows platform.
Since then however, it has been developed significantly and has become a credible alternative to other commercially available antivirus tools.
And the addition of Advanced Threat Protection tools (ATP) has allowed Defender to become a compelling offering for enterprise customers. So much so that Gartner now rate it as the leading end point protection platform on the market.
Originally the product was called Windows Defender ATP and was only available with a Windows 10 E5 licence.
Now called Microsoft Defender ATP, it provides an Endpoint Protection Platform for both client (Windows 7 or later and MacOS) and now for Microsoft’s Server Platform. Its reach even extends to selected Linux distros.
For anyone not familiar with the platform, Microsoft has published an excellent overview video:
It also forms part of the Microsoft Advanced Threat Protection family, known as the three ATPs:
- Microsoft Defender ATP
- Office 365 ATP
- Azure ATP
Providing an end to end advanced threat protection platform particularly for those customers committed to the Microsoft cloud platform.
What licensing is needed for Microsoft Defender ATP?
The product is available for licensing via either an enterprise agreement or via the more flexible CSP platform. It can be bought as:
- A standalone client subscription – Microsoft defender ATP. This is a per user per month subscription and is valid for up to 5 devices per user.
- A standalone server subscription – This is licensed per server OSE (Operating System Environment) per month. One quirky pre-condition of the server licence is that you must also purchase a minimum of 50 client licences (standalone client, bundled into one of the M365 E5 offerings or with Windows 10 E5)
- Included with a Windows 10 E5 user subscription (or Windows E3 plus E5 step up)
- Included with a Microsoft 365 E5 user subscription
- Included with the Microsoft 365 E5 security add on subscription.
Who is Microsoft Defender ATP suitable for?
Microsoft recommends Microsoft Defender ATP for Servers as a solution likely to appeal to customers with on-premises virtual machines and continues to recommend Azure Security Centre Standard as the preferred solution for VMs running in Azure.
A major selling point of Microsoft Defender ATP for customers who buy the Microsoft 365 E3 or E5 licences is its ability to:
- Natively understand Azure Information Protection (AIP) sensitivity labels
- To provide visibility into sensitive data on endpoints
- To protect sensitive data based on its content
- To detect and respond to post-breach malicious activity that involves or affects sensitive data
Is Microsoft Defender ATP any good?
Microsoft Defender ATP is built into the OS, removing the need for deployment and agent maintenance, ensuring that end-user experience is not impacted when performing legitimate business workflows. No on-premises infrastructure or endpoint agents are required.
The seamless integration with AIP reporting and management experience ensures that data administrators can continue to leverage their existing Azure Information Protection experience to manage these new capabilities.