Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation

Microsoft Defender Advanced Threat Protection - Remediation and Exceptions

As recently as 3 years ago, Microsoft’s security options were helpful, but sometimes challenging for IT professionals to navigate. With licensing updates and some simplification, as well as marked improvements to capabilities, it’s definitely time to give the Microsoft security suite another look. Specifically, their latest iteration of Defender Endpoint and Security has undergone a major overhaul with its built-in, cloud powered Advanced Threat Protection. Especially in an age where where more teams work remotely than ever before, and attackers are constantly evolving their methodology, it’s essential to maximize security options at every layer. Sure, you will want to add on new technologies, but are you maximizing what you already have? One of the simplest ways to make the most out of your existing resources is to make sure that the productivity platform your whole organization is probably already using – Microsoft 365 (formerly O365) – makes use of all available security options. As Aaron Cable noted in his last blog, Why Adding Microsoft’s Advanced Thread Protection Makes Sense for Most of Us, you may be surprised at how effective this tool really is.

Full Suite of Security and Productivity Tools

Unlike the stand-alone end-point protection that we have seen released from Microsoft in the past, they now offer a full suite of security and productivity tools. For example, Microsoft Defender Advanced Threat Protection and Vulnerability Management better assist your Information Technology and Security Operations teams by providing actionable security snapshots and connected steps. Leveraging what will feel like an innovative, but familiar, platform for IT and Security administrators, you have access to real-time data and can achieve pinpoint remediation actions.

Data collected from ATP is stored and accessible through Microsoft Defender Security center in real-time. Allowing for continuous discovery, prioritization, and an automated or delegated response to application, system, and security updates, analytics, and vulnerabilities. With recent, highly publicized attacks that exploit existing vulnerabilities, it’s more important than ever to keep your Microsoft tools patched and up-to-date. In fact, their Vulnerability Management tool makes it so easy that there is really no excuse anymore for leaving these vulnerabilities unremediated. Microsoft knows how many people rely on their platforms, and they want to make security as simple as possible for that reason.

View and Create Remediation and Exceptions

Another fantastic feature of Advanced Threat Protection is the ability to view and create remediation and exception activities for security or application events triggered on your endpoints. These activities include a ticket generation for tracking within the Threat and Vulnerability Management page, as well as a remediation ticket created within Microsoft Intune, which will provide guidance based on a rich database. ATP can also distinguish an event against all other managed endpoints and include them within the activity for tracking. Then, you can create exceptions for any event to exclude certain recommendations from showing up in reports and affecting your configuration score. So, if you are getting frequent alerts that are flagging actions which are fully approved, but unrecognized as legit because they are unique to your environment, you can simply eliminate the noise. Any exception you create will show up in the Remediation page, in the Exceptions tab. You can also filter your view based on exception justification, type, and status.

Built-in, real-time, cloud-driven, and fully integrated with Microsoft’s Endpoint Security Stack, Microsoft Defender Advanced Threat Protection and Vulnerability Management helps IT professionals like us to discover critical endpoint vulnerabilities and misconfigurations. This reduces IT overhead, allowing improved prioritization and focus on the apparent – and not-so apparent – weaknesses that pose the most urgent and the highest risk to your organization.

TRUE engineers are here to help, request a consultation to speak with one of our experts.


Ask A Question