Windows Defender Advanced Threat Protection (ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.

Windows Defender ATP uses the following combination of technology built in to Windows 10 and Microsoft's robust cloud service:

• Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system (for example, process, registry, file, and network communications) and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP.
• Cloud security analytics: Leveraging big data, machine learning, and unique Microsoft optics across the Windows ecosystem (such as the Microsoft Malicious Software Removal Tool), enterprise cloud products (such as Office 365), and online assets (such as Bing and SmartScreen URL reputation), behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
• Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected sensor data:

Machine investigation capabilities in this service let you drill down into security alerts and understand the scope and nature of a potential breach. You can submit files for deep analysis and receive the results without leaving the Windows Defender ATP portal. The automated investigation and remediation capability reduces the volume of alerts by leveraging various inspection algorithms to resolve breaches.

Windows Defender ATP works with existing Windows security technologies on machines, such as Windows Defender Antivirus, AppLocker, and Windows Defender Device Guard. It can also work side by side with third-party security solutions and antimalware products: