Windows Defender Advanced Threat Protection (ATP)

Windows Defender Advanced Threat Protection (ATP) is a Microsoft security product that is designed to help enterprise-class organizations detect and respond to security threats. ATP is a preventative and post-detection, investigative response feature to Windows Defender. ATP’s features are standard in many high-end anti-malware packages.

Features and Capabilities

Windows Defender Advanced Threat Protection offers nine primary security features and capabilities. These include:

  • Threat and Vulnerability Management – A software inventory is performed on endpoints in real time. This information is used to detect, prioritize, and mitigate security vulnerabilities related to installed applications and missing patches.
  • Attack Surface Reduction – The overall attack surface of a system is reduced through hardware isolation and application control. Applications are no longer considered trustworthy by default, and only trusted applications are allowed to run.
  • Next Generation Protection – ATP performs continuous scanning to detect and block threats. Machine learning and Security Graph are used to spot new and emerging threats.
  • Endpoint Detection and Response – ATP groups related attacks into incidents. This type of aggregation makes it easier for security professionals to prioritize, investigate, and respond to threats.
  • Automated Investigation and Remediation – If left unchecked, network endpoints can generate an overwhelming number of security alerts. Windows Defender ATP uses an Automated Investigations feature to examine the alerts, and eliminate the “noise” alerts. This allows security professionals to focus on more pertinent alerts.
  • Secure Score – ATP uses a security score to rate the current security configuration. Prescriptive guidance is given to help security professionals to improve the security score.
  • Microsoft Threat Experts – Microsoft Threat Experts is a managed hunting service that uses artificial intelligence to detect and prioritize attacks.
  • Management and APIs – A collection of APIs allow Windows Defender ATP to be integrated into an organization’s workflow.
  • Microsoft Threat Protection – ATP is designed to work with other components in Microsoft’s Threat Protection solution in an effort to achieve end to end security. Some of the other layers of protection include Azure Advanced Threat Protection, the Azure Security Center, Azure Informational Protection, Conditional Access, Microsoft Cloud App Security, and Office 365 Advanced Threat Protection.

Installation and System Requirements

Windows Defender Advanced Threat Protection is made up of a combination of Windows 10 features and services running within the Microsoft cloud. As such, there is nothing to install, and there are no hardware requirements beyond those of the Windows 10 operating system.


Windows Defender Advanced Threat Protection is included with the Microsoft 365 E5 plan (which is different from the Microsoft Office 365 E5 Plan). Microsoft does not publicly disclose the pricing for this plan.  

In addition, Windows Defender Advanced Threat Protection is available with Windows 10 Enterprise R2 and with Windows 10 Education E5. In either case, a volume license is required.

This was last updated in May 2019

Continue Reading About Windows Defender Advanced Threat Protection (ATP)

Dig Deeper on Application and platform security

Enterprise Desktop
Cloud Computing