News

Microsoft Brings Windows 10's Breach-Detection Service to Older OSes

• By Kurt Mackie
• February 13, 2018

Originally introduced two years ago for Windows 10 clients, Microsoft's Windows Defender Advanced Threat Protection (ATP) service will soon be available to Windows 7 and Windows 8.1 machines, as well.

The service will be available as a public preview this spring, Microsoft indicated in an announcement this week. Broader availability is slated for sometime "this summer," which perhaps means it'll be available for production use then.

Windows Defender ATP is a post-breach detection service that uses machine learning and Microsoft's security expertise to detect threats in computing environments. Microsoft later indicated it was adding auto-remediation capabilities to this service through its integration of Hexadite technology, so the service is also designed to automatically fix security problems.

Late last year, Microsoft suggested that Windows Defender ATP could protect Windows Server 2012 R2 and Windows Server 2016 machines, too, and its security was also extended to Linux devices, including Android, iOS and macOS machines, via partnerships with software security providers Bitdefender, Lookout and Ziften.

Now, Microsoft is offering Windows Defender ATP support to older Windows clients, even though Windows 7 will fall out of "extended support" about two years from now on Jan. 14, 2020. The use of Windows Defender ATP requires having Microsoft 365 E5 licensing, according to this Microsoft 365 Enterprise document.

Microsoft's announcement described Windows Defender ATP as a "behavioral based EDR [Endpoint Detection and Response] solution," perhaps reflecting the integration of Hexadite's auto-remediation technologies. IT pros use the Windows Defender Security Center to view its detection information.

Organizations can use their own client security solutions with Windows Defender ATP, although Microsoft's announcement suggested that it works better when used with either Windows Defender Antivirus for Windows 10 or System Center Endpoint Protection for "down-level" Windows operating systems (namely, Windows 7 and Windows 8.1).

"With Windows Defender Antivirus, security teams can see all malware detections and trigger response actions to prevent the spread of malware, in the same console," Microsoft's announcement explained. Microsoft seems to be suggesting that there are console advantages to using Microsoft's anti-malware solutions with Windows Defender ATP, but it's not exactly clear why that would be the case.

Microsoft also announced on Monday that it added a new Windows Defender ATP partner, SentinelOne, adding its Endpoint Protection Platform solution.

The SentinelOne Endpoint Protection Platform provides "static and behavioral AI engines to provide multilayered prevention, detection, and response as well as encrypted traffic inspection using one autonomous agent," according to Microsoft's announcement. The machine learning-based SentinelOne service provides information from Linux and Mac devices into the Windows Defender ATP console, according to an announcement by SentinelOne, and it also has auto-remediation capabilities on top of its threat-detection abilities. The integrated SentinelOne solution is currently available at the "beta access" stage.