Microsoft will backport Windows Defender Advanced Threat Protection (ATP) to meet the security needs of organizations that have not yet entirely switched to Windows 10.
Windows Defender ATP provides deep insights into Windows 7 events on a rich machine timeline
What is Windows Defender ATP?
Windows Defender ATP is a unified endpoint security platform that provides administrators a central view of threats on company endpoints.
For that to work, the OS must have the Windows Defender ATP Endpoint Detection & Response (EDR) functionality. Windows 10 already has it, as it’s built into the OS.
“For Windows 7 [service pack 1, i.e., SP1] and Windows 8.1, we are building a behavioral based EDR solution,” Rob Lefferts, program management director with with the Windows Enterprise and Security division, explained.
“All detections and events are surfaced in Windows Defender Security Center, the cloud-based console for Windows Defender ATP. Security teams benefit from correlated alerts for known and unknown adversaries, additional threat intelligence, and a detailed machine timeline for further investigations and manual response options.”
When will this down-level become available?
Both Windows 7 SP1 and Windows 8.1 have entered the extended support phase of their lifecycle, meaning that they receive security updates. But non-security updates are available only for desktop OS enterprise products and only if the company has purchased Extended Hotfix Support for the installations.
The two OS versions will reach the end of extended support in January 2020 and 2023, respectively.
“We hear from our customers security is one of the biggest motivators for their move to Windows 10. Meanwhile, we know that while in their transition, some may have a mix of Windows 10 and Windows 7 devices in their environments,” Lefferts noted.
“We want to help our customers achieve the best security possible on their way to Windows 10 ahead of the end of support for Windows 7 in January 2020.”
The EDR solution for Windows 7 SP1 and Windows 8.1 will be able to run side-by-side with third-party antivirus solutions. Still, Microsoft advises the use of Windows Defender Antivirus (also known as System Center Endpoint Protection on those platforms).
The solution is expected to become available to administrators this summer, but customers will get access to a public preview of this down-level EDR solution in spring.