Windows Defender ATP Redux!
It’s been just over a year since Microsoft launched Windows Defender Advanced Threat Protection. When it first launched, the promise was there, but the execution was very raw.
Just recently introduced, though, was the ability to consume that same security telemetry for Windows Server 2012 R2 & 2016. It’s a huge improvement, and one that moves us a crucial step forward in dispelling the myth that protecting our clients is enough. Defense-in-depth solutions must be applied to our entire environments, not just those endpoints that spend time in the wilderness.But that’s not the only improvement. The Windows Security Center now also integrates with Office 365 logging, so we can now see the attack chain from when the malicious message was first delivered to when it began delivering payloads into Windows. We still have multiple dashboards, but now they’re sharing data and empowering us to better assess real-world threats and enable powerful metrics.And to that end, we also now have a new dashboard option. No longer must we view just security operations, but now we gain direct insights into our security configuration, with scoring built around client configurations across multiple security product landscapes. In simpler terms, you may think all of your Windows clients are running antivirus, but the analytics dashboard will confirm whether this is true or not. Perhaps more importantly, given the landscape of recent malware outbreaks, it shows at-a-glance reporting of OS security update and endpoint protection configurations.What I find most fascinating about this is that we’re seeing this kind of data now flowing to multiple services. Windows Defender ATP, Intune, and portions of Operations Management Suite are now all able to interact with the Windows client security stack to varying degrees. I can’t see the future, but I can’t help but think an integration is coming, and with Ignite going on this week in Orlando, I’m keeping my ear firmly planted to the ground.