O365 ATP vs. Windows Defender ATP: What’s the Difference?

April 15, 2019   //   Security,

Microsoft’s security stack is constantly evolving to allow organizations to remain agile and competitive while keeping their data, tools, and resources accessible to employees. While these new tools are helping organizations regain control of their cyber defense in today’s ever-evolving threat landscape, the breadth of options coupled with the frequency in which new capabilities are introduced has made it difficult to know what tools to use and when to use them.

To complicate matters even more, there are currently multiple Microsoft products with “Advanced Threat Protection (ATP)” in their name. Two of these solutions are referred to as Office 365 ATP and Windows Defender ATP. In an effort to help clear up some of the confusion, let’s take a closer look at what these solutions have to offer and when to use them.

What Is Office 365 ATP?

Office 365 ATP protects organizations against threats posed by email messages, web addresses, and other collaboration tools. It checks to see if email attachments are malicious and will trigger various actions to protect the organization if needed. This level of protection can be extended to SharePoint, OneDrive, and Teams by detecting and blocking files identified as malicious in sites and document libraries. Office 365 ATP also provides time-of-click verification of web addresses in email messages and Office documents.

When to Use Office 365 ATP

If you’re already using Office 365 for email, SharePoint, OneDrive, etc., then we recommend using Office 365 ATP to protect against malicious attachments and URLs. Not only does it seamlessly integrate with other Office products that you use every day, but it’s already included in your Office 365 subscription. This means you can use Office 365 ATP to replace other redundant services, such as ProofPoint, Mimecast, and similar services for additional cost savings.

What Is Windows Defender ATP?

Windows Defender ATP is designed to protect clients and servers with a “next gen” antivirus platform – advanced threat detection and post-breach detection and response capabilities. The platform leverages mechanisms built into Windows 10 that collects data to help networks prevent, detect, investigate, and respond to threats. Once the data is collected, it is analyzed for threats within a private Windows Defender ATP instance in the Microsoft cloud using big data analytics, machine learning, and threat intelligence provided by advanced security teams.

Windows Defender ATP’s protection is based on the following principles:

  1. Reducing the attack surface by ensuring system configurations are properly set and exploit mitigation techniques are applied
  2. Next generation antivirus protection designed to catch emerging threats for desktops/laptops and servers
  3. Continuous monitoring for possible attacks against systems, networks, or users
  4. Automatic investigation and remediation capabilities to reduce the number of alerts
  5. Assessment of the organization’s security posture, including recommendations for improvement

When to Use Windows Defender ATP?

Windows Defender ATP can work on its own, but it’s most effective when combined with other features in the Windows 10 operating system. For instance, Windows Defender ATP can be used to update Windows Defender, which is already built into Windows 10. Thanks to Microsoft’s use of big data and machine learning, adding Windows Defender ATP to your cybersecurity defense enables you to identify attacks that make it past the pre-breach defense.

The Bottom Line

Despite the similar names, Office 365 ATP and Windows ATP offer distinct capabilities. We recommend using them together to help provide additional layers of protection. Office 365 ATP will monitor emails, along with everyday collaboration tools such as SharePoint, One Drive, and Teams. Windows Defender ATP will protect devices associated with endpoints and enable you to identify attacks that make it past the pre-breach defense.

Interested in learning more about how your security posture stacks up with today’s most advanced solutions? SWC can help you identify your strengths and uncover hidden security gaps, as well as provide you with the resources you need to plan the next steps. Contact us to learn more.