Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Windows Defender ATP: Where to start

  • May 5, 2020
  • 4 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.


Windows Defender ATP will help you to secure your servers and your workstations, and manage them directly from the Cloud.

To start, be sure to have the right licenses: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements

When you have the requirement, go to https://securitycenter.windows.com and create your Windows Defender ATP tenant:

Windows Defender ATP

You now have access to the portal:

Access to the portal

If you go in Settings > Onboarding, you will have information to deploy WDATP agent, depending of your operating system:

Deploy WDATP agent

Execute the procedure. After few minutes, you will be able to see your servers:

Machines list

On the detailed view of the server, you have some actions:

The detailed view of the server

To generate an alert, execute the following command:

An alert appears in the MDATP portal:

MDATP portal

You can launch some actions from the ATP portal, on a selected server:

Action center ATP portal

Automated investigation started manually

From some days now, WDATP for Linux is available in preview. You need to go in Settings > Advanced features and activate preview features:

WDATP for Linux

Logoff and log on again. If you go back to Onboarding, you have now Linux Server:

Logoff and log on again

The full documentation to install on a Linux is available here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually#prerequisites-and-system-requirements

After a few minutes, servers are in the console:

Servers are in the console

I used the following command, to create an alert on my ATP console:

After a few seconds, I had the alert in my console:

Machine name

Machines / fala-invoice

With the detail:

Microsoft Defender ATP

Microsoft Defender ATP detected

And on the Linux itself, the file has been moved to quarantine:

Status quarantined

On the alert, you have some options available:

Microsoft Defender Alerts

And the alert disappears:

Microsoft Defender / risk level

Windows Defender ATP is a very good product, to monitor/protect your servers, with a small effort. As you can see, it’s a quick overview of the product, but you can do a lot of things with it.

Found Florent’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!