Security|Windows 10

Advanced Threat Protection Service for Businesses is Coming to Windows 10

Advanced Threat Protection Service for Businesses is Coming to Windows 10

Microsoft announced today that it is a developing a Windows Defender Advanced Threat Protection service that will be integrated into Windows 10. Aimed at businesses with IT staff, this new service will expand the existing security controls in Windows 10 to address more advanced electronic attacks.

“We want to provide customers with the best possible security defenses in Windows 10,” Microsoft corporate vice president Terry Myerson told me in an earlier briefing. “Today, it typically takes enterprises over 200 days to identify and react to electronic attacks. We’d like to make that as close as possible to immediate.”

To that end, Microsoft is building a new service called Windows Defender Advanced Threat Protection into Windows 10. Working alongside other security controls in Windows 10, like Credential Guard, Device Guard, Windows Hello, and Enterprise Data Protection, this new service will help overcome attacks that utilize social engineering techniques and zero-day vulnerabilities to gain entry to corporate networks.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

“Windows Defender Advanced Threat Protection will help enterprises detect, investigate, and respond to advanced attacks on their networks,” Myerson says, “providing a new post-breach layer of protection to the Windows 10 security stack.”

The way Myerson described the service to me, Windows Defender Advanced Threat Protection will utilize an “intelligent security graph” in the cloud that uses machine learning to analyze anonymous information collected from over one billion Windows devices, 2.5 trillion indexed URLs on the web, 600 million reputation look-ups online, and over one million suspicious files that are detonated by Windows Defender every day. This data is augmented by Microsoft’s threat intelligence services partnerships and security experts both in and outside of Microsoft.

“We’re not looking for malware,” Myerson explained. “This is behavioral. Network activity is compared to known attack behavior to speed response time.” That is, rather than force IT staff to examine logs, they can instead be proactively warned via dashboard called the Windows Security Center when something suspicious is happening.

The service also includes a feature called Time Travel that examines the state of PCs and their activities for up to six months in the past. This maximizes its historical investigation capabilities, Microsoft says, and can be used to provide a time line when an attack does occur.

Windows Defender Advanced Threat Protection is powered by a cloud back-end, Microsoft says, and requires no on-premise server infrastructure or ongoing maintenance. Because it will be part of Windows 10, it will be updated regularly so that it is always up-to-date. (It also complements complements other Microsoft protection services, including Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.)

Myerson told me that Windows Defender Advanced Threat Protection will ship in pre-release form to those on the Windows Insider program soon, and the service will be included in a future update to Windows 10 for all business customers. But it’s already protecting 500,000 devices across Microsoft and some select early adopter customers, and the success rate so far has been excellent.

“Some of the customers that deployed Windows Defender Advanced Threat Protection have already discovered compromised devices on their networks,” Myerson told me.

Microsoft isn’t talking pricing, but the insinuation is that it will simply be “free” in that it’s a part of Windows 10 and won’t come with any additional cost. Windows Defender Advanced Threat Protection will not be provided to consumers, however, because it relies on multi-PC data collection within a single network. “We already proactively work to protect consumers as much as possible,” Myerson explained. “This service is designed for organizations with IT staff.”

“Our business customers need this protection,” he concluded. “And we’re uniquely positioned to be able to provide it.”


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Office 365 Coexistence for Mergers & Acquisitions: Don’t Panic! Make it SimpleLive Webinar on Tuesday, November 16, 2021 @ 1 pm ET

In this session, Microsoft MVPs Steve Goodman and Mike Weaver, and tenant migration expert Rich Dean, will cover the four most common steps toward Office 365 coexistence and explain the simplest route to project success.

  • Directory Sync/GAL Sync – How to prepare for access and awareness
  • Calendar Sharing – How to retrieve a user’s shared calendar, or a room’s free time
  • Email Routing – How to guarantee email is routed to the active mailbox before and after migration
  • Domain Sharing – How to accommodate both original and new SMTP domains at every stage

Aimed at IT Admins, Infrastructure Engineers and Project Managers, this session outlines both technical and project management considerations – giving you a great head start when faced with a tenant migration.the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

Sponsored by: