Presentation is loading. Please wait.

Presentation is loading. Please wait.

Now, let’s implement/trial Windows Defender Advanced Threat Protection

Published byTamsyn Anne Cameron Modified over 6 years ago

Similar presentations

Presentation on theme: "Now, let’s implement/trial Windows Defender Advanced Threat Protection"— Presentation transcript:

1 Now, let’s implement/trial Windows Defender Advanced Threat Protection
Paul Kristensen Jake Mowrer

2 Windows Defender Advanced Threat Protection
Windows Defender ATP helps our customers to detect, investigate and remediate data breaches on their networks. It provides detailed endpoint visibility and threat detection against ever increasingly sophisticated attacks. Built in to Windows 10, scale as you go. It’s easy to deploy and manage. Windows Defender ATP is built in to Windows 10, with very low performance impact on your users experience, network and memory. It’s powered by the cloud, which makes it easy to onboard your endpoints; it required no on-premises infrastructure, the service grows as your needs grow. Cut through the noise with correlated, precise alerts Based on behavior detections, Windows Defender ATP provides intelligent, actionable alerts for known and unknown adversaries, fueled by Microsoft security experts. Rich toolset for investigation and response Windows Defender ATP enables rapid host triage, by providing the required tools and a comprehensive timeline to easily understand the scope of breach. Windows Defender ATP enables focused response and enterprise threat containment. Single pain of glass The Windows Defender ATP portal gives you detailed endpoint visibility, by surfacing additional alerts and events from the Windows security stack and by integrating with other Microsoft Security solutions. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

3 HIGH LEVEL ARCHITECTURE
5/19/2018 HIGH LEVEL ARCHITECTURE Security analytics Behavioral IOAs Dictionary Files and URLs detonation Known adversaries unknown Threat Intelligence from partnerships Threat Intelligence by Microsoft hunters Always-on endpoint behavioral sensors Forensic collection Exploration Alerts SecOps console Response Customers' Windows Defender ATP tenant SIEM SIEM / central UX Windows APT Hunters, MCS Cyber © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Step 1 – Sign up for a tenant
5/19/2018 7:25 PM Step 1 – Sign up for a tenant © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Sign up for the trial @ https://aka.ms/wdatp 5/19/2018
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Step 2 – Provision your tenant
5/19/2018 7:25 PM Step 2 – Provision your tenant © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 PROVISIONING 5/19/2018 AAD Provisioning
Asking for existing/new company AAD Get Started Sign-in to Windows Security Center © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

8 5/19/2018 PROVISIONING © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

9 Step 3 – Onboard endpoints
5/19/2018 7:25 PM Step 3 – Onboard endpoints © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Endpoint Requirements
Windows 10 Anniversary Edition (1607) Can be Enterprise, Education, Pro, or Pro Education Internet connectivity from the endpoint (can proxy) Telemetry service must be started, but full telemetry not required

11 Onboarding Script System Center Config Mgr Intune GPO Local script

12 5/19/2018 ONBOARDING © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

13 Demo - Onboarding Microsoft Ignite 2016 5/19/2018 7:25 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Step 4 – Finishing touches
5/19/2018 7:25 PM Step 4 – Finishing touches © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Assigning Console Permissions
5/19/2018 Assigning Console Permissions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

16 5/19/2018 Alerts © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

17 SIEM INTEGRATION REST APIs Alert display ArcSight and Splunk
5/19/2018 SIEM INTEGRATION REST APIs Alert display ArcSight and Splunk alert notifications Info on TechNet © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

18 5/19/2018 7:25 PM FAQ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Is Windows Defender AV Required?
No but it enhances the experience Integrated alerting Response: Block File We can run side by side with 3rd party AV

20 Do I have to crank up telemetry to full?
No Don’t disable the service in services.msc

21 Will this work with Windows 10 build 1511?
No, Anniversary (1607) is required.

22 Is my cloud tenant shared?
No, it is your private tenant!

23 What makes you the best EDR?
Well, since you asked: Built in, not bolted on Best TCO – No on-premises infrastructure, no agent deployment Rich Threat Intelligence (Microsoft + iSIGHT) Integration for the end to end story (Office ATP + ATA)

24 So what now? Sign up for a trial!
5/19/2018 7:25 PM So what now? Sign up for a trial! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Sign up for the trial @ https://aka.ms/wdatp TechNet resources @
5/19/2018 Sign up for the TechNet Read MSFT Case © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Continue your Ignite learning path
5/19/2018 7:25 PM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings Head to the TechNet Eval Centre to download trials of the latest Microsoft products Visit Microsoft Virtual Academy for free online training visit © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 5/19/2018 7:25 PM Thank you Chat with me in the Speaker Lounge Find me on © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Now, let’s implement/trial Windows Defender Advanced Threat Protection"

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Co- location Mass Market Managed Hosting ISV Hosting.

Co- location Mass Market Managed Hosting ISV Hosting.
www.sitemasher.com Multitenant Model Request/Response General Model.

Multitenant Model Request/Response General Model.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Connect with life www.connectwithlife.co.in. Connect with life www.connectwithlife.co.in.

Connect with life Connect with life
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Feature: Suggested Item Enhancements – Sales Script and Additional Information © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows.

Feature: Suggested Item Enhancements – Sales Script and Additional Information © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows.
Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Customer Combiner and Modifier © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
demo Instance AInstance B Read “7” Write “8”

demo Instance AInstance B Read “7” Write “8”

customer.

customer.
demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

demo © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
demo Demo.

demo Demo.
demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z01234567893.

demo QueryForeign KeyInstance /sm:body()/x:Order/x:Delivery/y:TrackingId1Z

Similar presentations

Ads by Google