Azure ATP vs Microsoft Defender ATP vs O365 ATP - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Monday, October 12, 2020

Azure ATP vs Microsoft Defender ATP vs O365 ATP

Those three ATP products provided by Microsoft are often confusing to people, what they are used for. ATP is the term Advanced Threat Protection's abbreviation. But why there are three different types ATPs from Microsoft and what the difference among them, which one I should pick for my business? 

Here are some summarized information I found from Internet.

Azure ATP
You will need to activate your ATP with a sensor installation to access your portal. 

Azure Advanced Threat Protection (Azure ATP) helps to detect and investigate advanced attacks and insider threats across on-premises, Cloud, and hybrid environments, stopping attackers from gaining access to your system. By taking information from multiple data sources, like the logs and events in your network, Azure ATP learns the behavior of your users and other entities within your organization and builds a behavioral profile about them. Then, when suspicious activity is detected, it alerts you via the Azure ATP workspace portal, so you can see those suspicious activities and confirm whether it is a potential attack or not.



Focusing on Identity Protection with following threats:

  1. Reconnaissance
  2. Lateral Movement
  3. Domain Dominance

Azure Advanced Threat Protection is available as part of the Enterprise Mobility + Security E5 bundle, the Microsoft 365 E5 bundle, or as a stand-alone SKU for $5.50 per user per month.

Windows Defender ATP

Windows Defender Advanced Threat Protection (Windows Defender ATP) integrates with Azure ATP to detect and protect against malicious activity, but its focus is on the end points – the actual devices being used. Working with existing Windows security technologies, like Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard, Windows Defender ATP detects sophisticated cyber-attacks by providing Cloud-powered, behaviour-based advanced attack detection.



Focusing on End Point Protection with following threats:

  1. Exploitation
  2. Installation
  3. Command and control channel
  4. Brute force an account

Windows Defender Advanced Threat Protection is sold as part of Windows 10 Enterprise E5 or as part of the Microsoft 365 E5 package.

O365 ATP

Office 365 Advanced Threat Protection is a cloud-based email filtering service that helps to protect your email, files, and Office 365 applications against potential attacks such as unsafe attachments and malicious links.
Traditional solutions like signature-based anti-virus might catch the known threats but cannot protect against unknown zero-day threats. This is where Advanced Threat Protection comes in to protect email.



Focusing on Email related protection with following threats:

  1. Emails Clicks
  2. Emails Attachment
  3. User Browses to a websiets
  4. User runs a program

Office 365 Advanced Threat Protection is sold a la carte, as part of the Office 365 E5 package, or as part of the Microsoft 365 E5 package. If you have a subscription to a qualifying Exchange or Office 365 plan, you can add Office 365 Advanced Threat Protection for $2 per user per month.

Difference between O365 Security & Compliance Center and O365 ATP

The Security & Compliance Center is designed to help you manage compliance features across Office 365 for your organization. In short, the Compliance Center is an admin tool to assist you in governing your services and data across the entirety of Office 365. On the other hand, ATP is a part of security and compliance center which helps you protect your company from online threats and unauthorized access, as well as protect and manage data on your phones, tablets, and computers by creating several threat protection policies. Help prevent online criminals from getting access to data, resources, and passwords with Office 365 Advanced Threat Protection, or ATP.

Security and compliance center can be accessed using this link and ATP portal can be accessed using this link or from the S&CC > Threat Management > Policy.


No comments:

Post a Comment