diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 515a585f55..e0584c241c 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -10,17 +10,12 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 07/01/2018 +ms.date: 07/12/2018 --- # Windows Defender Advanced Threat Protection **Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) @@ -35,52 +30,15 @@ To help you maximize the effectiveness of the security platform, you can configu The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network. +## In this section -Get a quick, but in-depth overview of Windows Defender ATP and the new capabilities in Windows 10, version 1703 see [Windows Defender ATP for Windows 10 Creators Update](https://technet.microsoft.com/en-au/windows/mt782787). - -Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: - -- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors - collect and process behavioral signals from the operating system - (for example, process, registry, file, and network communications) - and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP. - - -- **Cloud security analytics**: Leveraging big-data, machine-learning, and - unique Microsoft optics across the Windows ecosystem (such as the - [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx), - enterprise cloud products (such as Office 365), and online assets - (such as Bing and SmartScreen URL reputation), behavioral signals - are translated into insights, detections, and recommended responses - to advanced threats. - -- **Threat intelligence**: Generated by Microsoft hunters, security teams, - and augmented by threat intelligence provided by partners, threat - intelligence enables Windows Defender ATP to identify attacker - tools, techniques, and procedures, and generate alerts when these - are observed in collected sensor data. - - ![Windows Defender ATP service component](images/components.png) - - -Windows Defender ATP leverages Microsoft technology and expertise to -detect sophisticated cyber-attacks, providing: - -- Behavior-based, cloud-powered, advanced attack detection - - Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines. - -- Rich timeline for forensic investigation and mitigation - - Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs. - -- Built in unique threat intelligence knowledge base - - Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources. - -- Automated investigation and remediation - - Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action. +Topic | Description +:---|:--- +Windows Defender Security Center | Windows Defender Security Center is the portal where you can access Windows Defender Advanced Threat Protection capabilities. It gives enterprise security operations teams a single pane of glass experience to help secure networks. +Windows Defender Antivirus | Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. +Windows Defender Exploit Guard | Windows Defender Exploit Guard (Windows Defender EG) is a new set of host intrusion prevention capabilities for Windows 10, allowing you to manage and reduce the attack surface of apps used by your employees. +Windows Defender Application Control | Windows Defender Application Control (WDAC) can help mitigate security threats by restricting the applications that users are allowed to run and the code that runs in the System Core (kernel). +Windows Defender Application Guard | Windows Defender Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet.