Microsoft Bulks Up Defender ATP for Windows 10 Fall Creators Update

Windows Defender Advanced Threat Protection gains new features that help IT security teams prevent data breaches.

Windows Defender Advanced Threat Protection

Windows 10 Fall Creators Update will have more to offer than new mixed-reality experiences.

When the desktop operating system update arrives on Oct. 17, it will be able to tap into an upgraded version of Windows Defender Advanced Threat Protection (ATP) to help customers protect end-user systems and the data stored in them.

Windows Defender ATP is a cloud-based data suite of security services from Microsoft that combines machine learning, behavioral analytics and threat intelligence collected by a network of Windows devices and cloud services in the wild, along with other technologies, to detect breaches and zero-day attacks.

Industry-wide, the pressure is on to prevent data breaches. On Sept. 7, credit reporting and monitoring firm Equifax said it was the victim of a massive data breach that potentially affects 143 million consumers in the U.S. Attackers accessed a trove of sensitive personal identifiable information, including names, addresses, birth dates, driver's license numbers and social security numbers.

Helping customers avoid a similar fate, Microsoft is introducing new Windows Defender ATP features that will work in concert with Windows 10 Fall Creators Update to block attacks.

For the upcoming operating system update, Windows Defender ATP will offer several enhancements, including improved support for non-persistent virtual desktop infrastructure (VDI) systems and the ability for IT security personnel to remotely trigger a Windows Defender Antivirus scan on system to aid in their incident investigations and remediation processes. Endpoint support now includes Windows Server 2012 R2 and Windows Server 2016.

Administrators can use the new Restrict App Execution option to thwart attackers seeking to establishing a foothold on corporate networks using compromised PCs. The feature prevents files that haven't been signed by a Microsoft-issued certificate from running, effectively blocking potentially malicious programs that can spread to other PCs or grant control of an infected system to an attacker.

Even more features are on the way, according to Raviv Tamir, principal group program manager of Windows Defender ATP at Microsoft.

"We enhanced our alert capabilities, showing more data to help security teams better understand the story behind the alert, introducing automatic detection correlation and grouping of related alerts," wrote Tamir in a blog post. "In addition, we added the ability to manage high value assets by using tags and grouping capabilities."

Windows Defender ATP will also feature a security analytics dashboard view that allows administrators to compare their security posture to the recommended Windows baseline. The new experience displays possible issues along with recommendations on plugging potential security holes.

For more insights, users can quickly create reports and build custom dashboards based on Power BI, Microsoft cloud-based visual analytics and business intelligence service. These interactive reports enable users to explore security alerts and system status.

Administrators can evaluate the new features before Windows 10 Fall Creators Update arrives by switching on the Preview Experience option in the Windows Defender ATP's settings screen.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...