Office of Information Security
Defender Advanced Threat Protection (ATP)
Microsoft Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprises prevent, detect, investigate, and respond to advanced threats. Defender ATP is available for any Penn State-owned machine running a recent version of Windows, macOS or specific flavors of Linux distributions.
Once a device is added to the ATP console, data that was only available locally on the device becomes available in a centralized console. This provides security analysts with a more holistic view of the current threat landscape within Penn State-owned endpoints.
INSTALLATION / CONFIGURATION INSTRUCTIONS
Defender ATP is typically installed by a units’ IT staff, rather than piecemeal by individuals.
In order to assist the Security Operations team, please ensure that all ATO and enclave machines have an “RHS” tag applied so they can be properly monitored. Failing to do so will also negatively impact your ATO checklist items and future risk assessments to maintain your ATO.
Tags can either be applied manually from the ATP console or to the registry via GPO. Device tagging is also available in JAMF for Mac devices. If you need help with device tagging, click HERE for Microsoft’s documentation.