diff --git a/windows/security/threat-protection/windows-defender-atp/edr-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/edr-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..4074f2854a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/edr-windows-defender-advanced-threat-protection.md @@ -0,0 +1,79 @@ +--- +title: Windows Defender Advanced Threat Protection endpoint detection and response capabilities +description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats. +keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 04/24/2018 +--- + +# Windows Defender Advanced Threat Protection endpoint detection and response capabilities + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink) +> +>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy). + +Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks. + +The endpoint detection and response (EDR) capabilities in Windows Defender ATP leverages Microsoft technology and expertise to +detect sophisticated cyber-attacks, providing: + +- Behavior-based, cloud-powered, advanced attack detection + + Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on machines. + +- Rich timeline for forensic investigation and mitigation + + Easily investigate the scope of breach or suspected behaviours on any machine through a rich machine timeline. File, URLs, and network connection inventory across the network. Gain additional insight using deep collection and analysis (“detonation”) for any file or URLs. + +- Built in unique threat intelligence knowledge base + + Unparalleled threat optics provides actor details and intent context for every threat intel-based detection – combining first and third-party intelligence sources. + +- Automated investigation and remediation + + Significantly reduces alert volume by leveraging inspection algorithms used by analysts to examine alerts and take remediation action. + +Machine investigation capabilities in this service let you drill down +into security alerts and understand the scope and nature of a potential +breach. You can submit files for deep analysis and receive the results +without leaving the [Windows Defender ATP portal](https://securitycenter.windows.com). The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches. You can also track and improve you organization's security posture. + + + + +## In this section + +Topic | Description +:---|:--- +Get started | Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal. +[Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about onboarding client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues. +[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations, Secure Score, and Threat analytics dashboards as well as how to navigate the portal. +Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats. +API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal. +Reporting | Create and build Power BI reports using Windows Defender ATP data. +Check service health and sensor state | Verify that the service is running and check the sensor state on machines. +[Configure Windows Defender settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure general settings, turn on the preview experience, notifications, and enable other features. +[Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) | Access the Windows Defender ATP Community Center to learn, collaborate, and share experiences about the product. +[Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) | This section addresses issues that might arise as you use the Windows Defender Advanced Threat service. +[Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) | Understand how Windows Defender Antivirus integrates with Windows Defender ATP. + + +## Related topic +[Windows Defender ATP helps detect sophisticated threats](https://www.microsoft.com/itshowcase/Article/Content/854/Windows-Defender-ATP-helps-detect-sophisticated-threats) diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 10373e6ddc..f47edb24e2 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -13,7 +13,7 @@ ms.localizationpriority: high ms.date: 04/24/2018 --- -# Windows Defender Advanced Threat Protection +# Windows Defender Advanced Threat Protection capabilities **Applies to:**