{"id":86650,"date":"2018-11-15T09:23:57","date_gmt":"2018-11-15T17:23:57","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=86650"},"modified":"2023-05-26T14:41:18","modified_gmt":"2023-05-26T21:41:18","slug":"whats-new-in-windows-defender-atp","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/","title":{"rendered":"What\u2019s new in Windows Defender ATP"},"content":{"rendered":"<p>Across Windows Defender Advanced Threat Protection (<a href=\"https:\/\/www.microsoft.com\/en-us\/windowsforbusiness\/windows-atp?ocid=cx-blog-mmpc\">Windows Defender ATP<\/a>) engineering and research teams, innovation drives our mission to protect devices in the modern workplace. Our goal is to equip security teams with the tools and insights to protect, detect, investigate, and automatically respond to attacks. \u00a0We continue to be inspired by feedback from customers and partners, who share with us the day-to-day realities of security operations teams constantly keeping up with the onslaught of threats.<\/p>\n<p>Today I\u2019m excited to share with you some of the latest significant enhancements to Windows Defender ATP. We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Security-Privacy-and-Compliance\/Announcing-Microsoft-Threat-Protection\/ba-p\/262783\">Microsoft Threat Protection<\/a>, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.<\/p>\n<p>Let\u2019s look now at some of the new enhancements to Windows Defender ATP:<\/p>\n<h2><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-86653 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP.png\" alt=\"Windows Defender ATP.\" width=\"1886\" height=\"968\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP.png 1886w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-300x154.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-768x394.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-1024x526.png 1024w\" sizes=\"(max-width: 1886px) 100vw, 1886px\" \/>New attack surface reduction rules<\/h2>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/overview-attack-surface-reduction\">Attack surface reduction<\/a> forms the backbone of our answer to a host intrusion and prevention system (HIPS). Attack surface reduction protects devices directly, by controlling and limiting the ways in which threats can operate on a device. Today we are announcing two new rules:<\/p>\n<ul>\n<li>Block Office communication application from creating child processes<\/li>\n<li>Block Adobe Reader from creating child processes<\/li>\n<\/ul>\n<p>These new rules allow enterprises to prevent child processes from being created from Outlook and from Adobe Reader, right at the workstation level. These help eliminate many types of attacks, especially those using macro and vulnerability exploits. We have also added improved customization for exclusions and allow lists, which can work for folders and even individual files.<\/p>\n<h2>Emergency security intelligence updates<\/h2>\n<p>Emergency security intelligence updates are new, super-fast delivery method for protection knowledge. In the event of an outbreak, Windows Defender ATP research team can now issue an emergency request to all cloud-connected enterprise devices to immediately pull dedicated intelligence updates directly from the Windows Defender ATP cloud. This reduces the need for security admins to take action or wait for internal client update infrastructure to catch up, which often takes hours or even longer, depending on configuration. There\u2019s no special configuration for this other than ensuring <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-antivirus\/enable-cloud-protection-windows-defender-antivirus\">cloud-delivered protection is enabled<\/a> on devices.<\/p>\n<h2>Top scores in independent industry tests<\/h2>\n<p>Machine learning and artificial intelligence drive our Windows Defender ATP solution to block 5 billion threats every month and to consistently achieve <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/intelligence\/top-scoring-industry-antivirus-tests\">top scores in independent industry tests<\/a>: perfect scores in protection, usability, and performance test modules in the latest evaluation by AV-TEST; 99.8% protection rate in the latest real-world test by AV-Comparatives; and AAA accuracy rating in the latest SE Labs test.<\/p>\n<p>We have added dedicated detections for <a href=\"https:\/\/aka.ms\/disrupting-coinminers\">cryptocurrency mining malware<\/a> (coin miners) which have increasingly become a problem, even for enterprises. We have also increased our focus on detecting and disrupting <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/04\/20\/teaming-up-in-the-war-on-tech-support-scams\/\">tech support scams<\/a> while they are happening.<\/p>\n<h2>Protecting our security subsystems using sandboxing<\/h2>\n<p>We\u2019ve also continued to invest in hardening our platform to make it harder for malicious actors to exploit vulnerabilities and bypass the operating system\u2019s built-in security features. We\u2019ve done this by putting <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/10\/26\/windows-defender-antivirus-can-now-run-in-a-sandbox\/\">Windows Defender ATP\u2019s antivirus in a dedicated sandbox<\/a>. Sandboxing makes it significantly more difficult for an attacker to tamper with and exploit the antivirus solution as a means to compromise the device itself.<\/p>\n<h2>Evolving from individual alerts to Incidents<\/h2>\n<p>We are introducing <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/incidents-queue\">Incidents<\/a>, an aggregated view that helps security analysts to understand the bigger context of a complex security event. As attacks become more sophisticated, security analysts face the challenge of reconstructing the story of an attack. This includes identifying all related alerts and artifacts across all impacted machines and then correlating all of these across the entire timeline of an attack.<\/p>\n<p>With <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/incidents-queue\">Incidents<\/a>, related alerts are grouped together, along with machines involved and the corresponding automated investigations, presenting all collected evidences and showing the end-to-end breadth and scope of an attack. By transforming the queue from hundreds of individual alerts to a more manageable number of meaningful aggregations, <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/incidents-queue\">Incidents<\/a> eliminate the need to review alerts sequentially and to manually correlated malicious events across the organization, saving up to 80% of analyst time.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-86656 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/11\/fig2-Incident-graph-view.png\" alt=\"The Incident graph view shows you the relations between the entities, with additional details in the side pane when click on an item.\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig2-Incident-graph-view.png 1920w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig2-Incident-graph-view-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig2-Incident-graph-view-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig2-Incident-graph-view-1024x576.png 1024w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><em>The Incident graph view shows you the relations between the entities, with additional details in the side pane when click on an item.<\/em><\/p>\n<h2>Automating response for fileless attacks<\/h2>\n<p>We expanded automation in Windows Defender ATP to <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/What-s-New\/Automating-investigation-and-response-for-memory-based-attacks\/m-p\/276354#M146\">automatically investigate and remediate memory-based attacks<\/a>, also known as <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/09\/27\/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av\/\">fileless threats<\/a>. We see more and more of these memory-based threats, and while we\u2019ve had the optics to detect them, security analysts needed special investigation skills to solve them. Windows Defender ATP can now leverage automated memory forensics to incriminate memory regions and perform required in-memory remediation actions.<\/p>\n<p>With this new unique capability, we are shifting from simply alerting to a fully <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/automated-investigations-windows-defender-advanced-threat-protection\">automated investigation and resolution<\/a> flow for memory-based attacks. This increases the range of threats addressable by automation and further reduces the load on security teams.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-86659 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/11\/fig3-Automated-investigation-fileless.png\" alt=\"Process injection automatically investigated and remediated.\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig3-Automated-investigation-fileless.png 1920w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig3-Automated-investigation-fileless-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig3-Automated-investigation-fileless-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig3-Automated-investigation-fileless-1024x576.png 1024w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><em>Process injection automatically investigated and remediated<\/em><\/p>\n<h2>Threat analytics<\/h2>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/threat-analytics\">Threat analytics<\/a> is a set of interactive threat intelligence reports published by our research team as soon as emerging threats and outbreaks are identified. The Threat analytics \u00a0dashboard provides technical description and data about a threat, and answer the key question, \u201cDoes WDATP detect this threat?\u201d. It \u00a0also provides recommended actions to contain and prevent specific threats, as well as increase organizational resilience.<\/p>\n<p>But we don\u2019t stop there. We also provide an assessment of the impact of threats on your environment (\u201cAm I hit?\u201d), as well as show a view of how many machines were protected (\u201cWere you able to stop this?\u201d) and how may are exposed to the threat because they are not up-to-date or are misconfigured (\u201cAm I exposed?\u201d).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-86662 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/11\/fig4-Threat-analytics.png\" alt=\"Threat analytics dashboard.\" width=\"1183\" height=\"542\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig4-Threat-analytics.png 1183w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig4-Threat-analytics-300x137.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig4-Threat-analytics-768x352.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig4-Threat-analytics-1024x469.png 1024w\" sizes=\"(max-width: 1183px) 100vw, 1183px\" \/><em>Threat analytics dashboard<\/em><\/p>\n<h2>Custom detection rules<\/h2>\n<p>With Advanced hunting, security analysts love the power they now have to hunt for possible threats across their organization using flexible queries. A growing community of security researchers share their queries with others using the <a href=\"https:\/\/github.com\/Microsoft\/WindowsDefenderATP-Hunting-Queries\">GitHub community<\/a> repository. These queries can now also be used as <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-atp\/custom-detection-rules\">custom detection rules<\/a>, which means that these queries will automatically create and raise an alert when a scheduled query returns a result.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-86665 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/11\/fig5-custom-rules.png\" alt=\"Creating custom detection rules from advance hunting queries.\" width=\"1429\" height=\"804\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig5-custom-rules.png 1429w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig5-custom-rules-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig5-custom-rules-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig5-custom-rules-1024x576.png 1024w\" sizes=\"(max-width: 1429px) 100vw, 1429px\" \/><em>Creating custom detection rules from advance hunting queries<\/em><\/p>\n<h2>Integration with Microsoft Information Protection<\/h2>\n<p>Windows Defender ATP now provides built-in capabilities for discovery and protection of sensitive data on enterprise endpoints. We have integrated with Azure Information Protection (AIP) Data Discovery, providing visibility to labeled files stored on endpoints. AIP dashboard and log analytics will include files discovered on Windows devices alongside device risk info from Windows Defender ATP, allowing customers to discover sensitive data at risk on Windows endpoints.<\/p>\n<h2>Integration with Microsoft Cloud App Security<\/h2>\n<p>Windows Defender ATP uniquely <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Enterprise-Mobility-Security\/Microsoft-Cloud-App-Security-and-Windows-Defender-ATP-better\/ba-p\/263265\">integrates with Microsoft Cloud App Security<\/a> to enhance the discovery of shadow IT in an organization as seen from enterprise endpoints. Windows Defender ATP provides a simplified rollout of Cloud App Security discovery as it feeds Cloud App Security with endpoints signals, reducing the need for collecting signals via corporate proxies and allowing seamless collection of signals \u00a0even when endpoints are outside of the corporate network.<\/p>\n<p>Through this integration, Microsoft Cloud App Security leverages Windows Defender ATP to collect traffic information about client-based and browser-based cloud apps and services being accessed from IT-managed Windows 10 devices. This seamless integration does not require any additional deployment and gives admins a more complete view of the usage of cloud apps and services in their organization.<\/p>\n<h2>Innovations that work for you today and the future<\/h2>\n<p>These new features in Windows Defender Advanced Threat Protection unified security platform combine the world-class expertise inside Microsoft and the insightful feedback from you, our customers, who we built these solutions for. We ask that you continue to engage and partner with us as we continue to evolve Windows Defender ATP.<\/p>\n<p>You can test all new and existing features by signing up to a <a href=\"https:\/\/www.microsoft.com\/en-us\/windowsforbusiness\/windows-atp?ocid=cx-blog-mmpc\"><strong>free 60-day fully featured Windows Defender ATP trial<\/strong><\/a>. You can also test drive attack surface reduction and next-gen protection capabilities using the <a href=\"https:\/\/demo.wd.microsoft.com\/\">Windows Defender demo page<\/a> or run DIY simulations for features like Incidents, automated investigation and response, and others directly from the Windows Defender security center portal to see how these capabilities help your organization in real-world scenarios.<\/p>\n<p>In MITRE\u2019s evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring delivered comprehensive coverage of attacker techniques across the entire attack chain. Read the blog: <strong><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/12\/03\/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp\/\">Insights from the MITRE ATT&amp;CK-based evaluation of Windows Defender ATP<\/a><\/strong>.<\/p>\n<p>Meanwhile, the work to stay ahead of threats doesn\u2019t stop. You can count on the Windows Defender ATP team to continue innovating, learning from our own experiences, and partnering with you to empower you to confidently protect, detect, and respond to advanced attacks.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Moti Gindi<\/em><\/strong><br \/>\n<em>General Manager, Windows Cyber Defense<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/windowsforbusiness\/windows-atp?ocid=cx-blog-mmpc\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-83215\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/04\/windows-defender-atp-8.png\" alt=\"\" width=\"820\" height=\"150\" \/><\/a><\/p>\n<hr \/>\n<h4><strong>Talk to us<\/strong><\/h4>\n<p>Questions, concerns, or insights on this story? Join discussions at the <a href=\"https:\/\/answers.microsoft.com\/en-us\/protect\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft community<\/a> and <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Defender Security Intelligence<\/a>.<\/p>\n<p>Follow us on Twitter <a href=\"https:\/\/twitter.com\/WDSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@WDSecurity<\/a> and Facebook <a href=\"https:\/\/www.facebook.com\/MsftWDSI\/\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Defender Security Intelligence<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.<\/p>\n","protected":false},"author":61,"featured_media":86677,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3667,3670,3674],"products":[3690,3692,3694],"threat-intelligence":[],"tags":[3819],"coauthors":[3380],"class_list":["post-86650","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-cloud-security","topic-device-management","topic-incident-response","products-microsoft-defender","products-microsoft-defender-for-cloud-apps","products-microsoft-defender-for-endpoint","tag-windows"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What\u2019s new in Windows Defender ATP | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What\u2019s new in Windows Defender ATP | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-15T17:23:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-26T21:41:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1900\" \/>\n\t<meta property=\"og:image:height\" content=\"1400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Threat Intelligence\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Threat Intelligence\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-security-threat-intelligence\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Threat Intelligence\"}],\"headline\":\"What\u2019s new in Windows Defender ATP\",\"datePublished\":\"2018-11-15T17:23:57+00:00\",\"dateModified\":\"2023-05-26T21:41:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\"},\"wordCount\":1552,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png\",\"keywords\":[\"Windows\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\",\"name\":\"What\u2019s new in Windows Defender ATP | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png\",\"datePublished\":\"2018-11-15T17:23:57+00:00\",\"dateModified\":\"2023-05-26T21:41:18+00:00\",\"description\":\"We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png\",\"width\":1900,\"height\":1400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What\u2019s new in Windows Defender ATP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What\u2019s new in Windows Defender ATP | Microsoft Security Blog","description":"We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/","og_locale":"en_US","og_type":"article","og_title":"What\u2019s new in Windows Defender ATP | Microsoft Security Blog","og_description":"We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/","og_site_name":"Microsoft Security Blog","article_published_time":"2018-11-15T17:23:57+00:00","article_modified_time":"2023-05-26T21:41:18+00:00","og_image":[{"width":1900,"height":1400,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png","type":"image\/png"}],"author":"Microsoft Threat Intelligence","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Threat Intelligence","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-security-threat-intelligence\/","@type":"Person","@name":"Microsoft Threat Intelligence"}],"headline":"What\u2019s new in Windows Defender ATP","datePublished":"2018-11-15T17:23:57+00:00","dateModified":"2023-05-26T21:41:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/"},"wordCount":1552,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png","keywords":["Windows"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/","name":"What\u2019s new in Windows Defender ATP | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png","datePublished":"2018-11-15T17:23:57+00:00","dateModified":"2023-05-26T21:41:18+00:00","description":"We added new capabilities to each of the pillars of Windows Defender ATP\u2019s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/11\/fig1-Windows-Defender-ATP-thumb.png","width":1900,"height":1400},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/11\/15\/whats-new-in-windows-defender-atp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"What\u2019s new in Windows Defender ATP"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/86650"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=86650"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/86650\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/86677"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=86650"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=86650"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=86650"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=86650"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=86650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=86650"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=86650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}