[German]It’s a big surprise for me: Microsoft has plans, to bring Windows Defender ATP support, which is currently only available in Windows 10, also to Windows 7 and Windows 8.1.
This announcement has been made a few hours ago within Windows blog, in the article Announcing: Windows Defender ATP support for Windows 7 and Windows 8.1. Windows Defender Advanced Threat Protection (ATP) is currently only available in Windows 10 as a unified endpoint security platform to defend malware and stop breaches.
In Windows 7 SP1 and Windows 8.1 users use Windows Defender, Microsoft Security Essentials, Microsoft Forefront Protection or any of the other third-party anti-virus solutions. There was no central Windows Defender ATP from Microsoft. Customers could only test a preview of ATP for other non-Windows operating systems via a few partners, as Mary Foley writes on ZDNet. Microsoft writes that the partners Bitdefender, Lookout and Ziften have been providing cross-platform support for MacOS, Linux, iOS and Android devices since November 2017.
Now a fourth cross-platform partner, SentinelOne is aboard. SentinelOne’s Endpoint Protection Platform is an integrated EPP+EDR solution that utilizes static and behavioral AI engines to provide multilayered prevention, detection, and response as well as encrypted traffic inspection using one autonomous agent.
Windows Defender ATP for Windows 7/8.1
But there is still a large customer base on Windows 7, which is still supported until Januar 2020. Therefore Microsoft offers customers moving to Windows 10 may also add, starting Summer 2018, Windows Defender ATP Endpoint Detection & Response (EDR) functionality to their Windows 7, and Windows 8.1 devices.
Monitoring on one platform
All detections and events are surfaced in Windows Defender Security Center, the cloud-based console for Windows Defender ATP. Microsoft says, although this solution can run side-by-side with third-party antivirus solutions, it is better together with Windows Defender Antivirus (also known as System Center Endpoint Protection (SCEP) for down-level).
With Windows Defender Antivirus, security teams can see all malware detections and trigger response actions to prevent the spread of malware, in the same console. Microsoft promises, that customers will get access to a public preview of the down-level EDR solution this spring, allowing security teams to also detect suspicious behavior on their Windows 7 and Windows 8.1 devices – using a single solution.
Still open questions
I have read the article Announcing: Windows Defender ATP support for Windows 7 and Windows 8.1 several times, but each time there were more open questions. My reading is, that Windows Defender ATP Endpoint Detection & Response (EDR) functionality is only provided to business customers on Windows 7 SP1 and Windows 8.1, for the time, they are migrating machines to Windows 10. Therefore, I suspect that Windows 7/8.1 home users are left out.
What I also misses in Microsoft’s announcement: What’s about Windows Server? Will Windows Server 2008 and Windows Server 2008 R2 also be supported by Windows Defender ATP Endpoint Detection & Response (EDR) functionality? Windows Defender ATP Endpoint Detection & Response (EDR) is currently available for Windows 10, Windows Server 2012R2 and 2016. We will have to wait and see what this announcement can do at the end of the day.