MS Defender ATP enhancements
Wish list for updates:
I have few wish list from Defender ATP:
1- Detect vulnerabilities with MS and third party software installed – (it only detects OS vulnerabilities). This would really help us to have a single view and reduce cost with third party vulnerability scanners.
2- Detect when accounts are added in the local administrators’ group.
3- Manage Windows end point firewall from Defender ATP.
4- Detect/block abnormal traffic behavior such as command and control.
5- Pull computer objects from AD and alert when Defender ATP is not installed.
One of wish list came true as Threat & Vulnerability Management dashboard (still to be determined if it is as good as other well known scanning platforms), which is great however I don't see it working for Windows 2012 R2 and Windows 2016 servers. It is a long way before we will go into Windows 2019 servers.
Hopefully Microsoft will also make it work with older platforms.