Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Windows Defender ATP: Where to start

  • May 5, 2020
  • 4 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.


Windows Defender ATP will help you to secure your servers and your workstations, and manage them directly from the Cloud.

To start, be sure to have the right licenses: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements

When you have the requirement, go to https://securitycenter.windows.com and create your Windows Defender ATP tenant:

Windows Defender ATP

You now have access to the portal:

Access to the portal

If you go in Settings > Onboarding, you will have information to deploy WDATP agent, depending of your operating system:

Deploy WDATP agent

Execute the procedure. After few minutes, you will be able to see your servers:

Machines list

On the detailed view of the server, you have some actions:

The detailed view of the server

To generate an alert, execute the following command:

An alert appears in the MDATP portal:

MDATP portal

You can launch some actions from the ATP portal, on a selected server:

Action center ATP portal

Automated investigation started manually

From some days now, WDATP for Linux is available in preview. You need to go in Settings > Advanced features and activate preview features:

WDATP for Linux

Logoff and log on again. If you go back to Onboarding, you have now Linux Server:

Logoff and log on again

The full documentation to install on a Linux is available here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually#prerequisites-and-system-requirements

After a few minutes, servers are in the console:

Servers are in the console

I used the following command, to create an alert on my ATP console:

After a few seconds, I had the alert in my console:

Machine name

Machines / fala-invoice

With the detail:

Microsoft Defender ATP

Microsoft Defender ATP detected

And on the Linux itself, the file has been moved to quarantine:

Status quarantined

On the alert, you have some options available:

Microsoft Defender Alerts

And the alert disappears:

Microsoft Defender / risk level

Windows Defender ATP is a very good product, to monitor/protect your servers, with a small effort. As you can see, it’s a quick overview of the product, but you can do a lot of things with it.

Hey! Found Florent’s insights useful? Looking for a cost-effective, high-performance, and easy-to-use hyperconverged platform?
Taras Shved
Taras Shved StarWind HCI Appliance Product Manager
Look no further! StarWind HCI Appliance (HCA) is a plug-and-play solution that combines compute, storage, networking, and virtualization software into a single easy-to-use hyperconverged platform. It's designed to significantly trim your IT costs and save valuable time. Interested in learning more? Book your StarWind HCA demo now to see it in action!