New security features in the Windows 10 Creators Update. The Windows Security Center link to Office 365 Advanced Threat Protection, via the Microsoft Intelligent Security Graph, to allow IT admins to easily follow an attack across endpoints and email in an integrated way. Microsoft is also adding new actions and insights in Windows Defender Advanced Threat Protection (ATP) which will IT admins to investigate and respond to network attacks, including sensors in memory, enriched intelligence and new remediation actions.
Expanding Windows Defender ATP sensors to detect threats that persist only in memory or kernel level exploits. This will enable IT admins to monitor loaded drivers and in-memory activities, and to detect various patterns of injection, reflective loading, and in-memory modifications indicating potential kernel exploits.
Enabling IT admins to feed their own intelligence into the Windows Security Center for alerts on activities based on their own indicators of compromise. Not only they improving the intelligence, they are also delivering new remediation actions in Windows Defender ATP that will give IT admins the tools to isolate machines, collect forensics, kill and clean running processes and quarantine or block files with a single click in the Windows Security Center and further reduce response time.