Now, let’s implement/trial Windows Defender Advanced Threat Protection Paul Kristensen Jake Mowrer
Windows Defender Advanced Threat Protection Windows Defender ATP helps our customers to detect, investigate and remediate data breaches on their networks. It provides detailed endpoint visibility and threat detection against ever increasingly sophisticated attacks. Built in to Windows 10, scale as you go. It’s easy to deploy and manage. Windows Defender ATP is built in to Windows 10, with very low performance impact on your users experience, network and memory. It’s powered by the cloud, which makes it easy to onboard your endpoints; it required no on-premises infrastructure, the service grows as your needs grow. Cut through the noise with correlated, precise alerts Based on behavior detections, Windows Defender ATP provides intelligent, actionable alerts for known and unknown adversaries, fueled by Microsoft security experts. Rich toolset for investigation and response Windows Defender ATP enables rapid host triage, by providing the required tools and a comprehensive timeline to easily understand the scope of breach. Windows Defender ATP enables focused response and enterprise threat containment. Single pain of glass The Windows Defender ATP portal gives you detailed endpoint visibility, by surfacing additional alerts and events from the Windows security stack and by integrating with other Microsoft Security solutions. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
HIGH LEVEL ARCHITECTURE 5/19/2018 HIGH LEVEL ARCHITECTURE Security analytics Behavioral IOAs Dictionary Files and URLs detonation Known adversaries unknown Threat Intelligence from partnerships Threat Intelligence by Microsoft hunters Always-on endpoint behavioral sensors Forensic collection Exploration Alerts SecOps console Response Customers' Windows Defender ATP tenant SIEM SIEM / central UX Windows APT Hunters, MCS Cyber © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Step 1 – Sign up for a tenant 5/19/2018 7:25 PM Step 1 – Sign up for a tenant © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Sign up for the trial @ https://aka.ms/wdatp 5/19/2018 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Step 2 – Provision your tenant 5/19/2018 7:25 PM Step 2 – Provision your tenant © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
PROVISIONING 5/19/2018 AAD Provisioning Asking for existing/new company AAD Get Started Sign-in to Windows Security Center © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
5/19/2018 PROVISIONING © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
Step 3 – Onboard endpoints 5/19/2018 7:25 PM Step 3 – Onboard endpoints © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Endpoint Requirements Windows 10 Anniversary Edition (1607) Can be Enterprise, Education, Pro, or Pro Education Internet connectivity from the endpoint (can proxy) Telemetry service must be started, but full telemetry not required
Onboarding Script System Center Config Mgr Intune GPO Local script
5/19/2018 ONBOARDING © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
Demo - Onboarding Microsoft Ignite 2016 5/19/2018 7:25 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Step 4 – Finishing touches 5/19/2018 7:25 PM Step 4 – Finishing touches © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Assigning Console Permissions 5/19/2018 Assigning Console Permissions © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
5/19/2018 Email Alerts © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
SIEM INTEGRATION REST APIs Alert display ArcSight and Splunk 5/19/2018 SIEM INTEGRATION REST APIs Alert display ArcSight and Splunk Email alert notifications Info on TechNet © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION
5/19/2018 7:25 PM FAQ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Is Windows Defender AV Required? No but it enhances the experience Integrated alerting Response: Block File We can run side by side with 3rd party AV
Do I have to crank up telemetry to full? No Don’t disable the service in services.msc
Will this work with Windows 10 build 1511? No, Anniversary (1607) is required.
Is my cloud tenant shared? No, it is your private tenant!
What makes you the best EDR? Well, since you asked: Built in, not bolted on Best TCO – No on-premises infrastructure, no agent deployment Rich Threat Intelligence (Microsoft + iSIGHT) Integration for the end to end story (Office ATP + ATA)
So what now? Sign up for a trial! 5/19/2018 7:25 PM So what now? Sign up for a trial! © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Sign up for the trial @ https://aka.ms/wdatp TechNet resources @ 5/19/2018 Sign up for the trial @ https://aka.ms/wdatp TechNet resources @ https://aka.ms/technet-wdatp Read MSFT Case Study @ https://t.co/paX7MQhezU © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Continue your Ignite learning path 5/19/2018 7:25 PM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings https://channel9.msdn.com/ Head to the TechNet Eval Centre to download trials of the latest Microsoft products http://Microsoft.com/en-us/evalcenter/ Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.com © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5/19/2018 7:25 PM Thank you Chat with me in the Speaker Lounge Find me on Twitter @JakeMowrerMSFT © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.