Defender ATP provides “preventive protection, post-breach detection, and automated investigation and response” on the Windows and macOS platforms. However, it isn’t clear exactly how the app will work on the iOS platform’s “sandboxed” operating system. Similar apps for the iPhone and iPad usually only offer features such as identity theft, phishing protections, phone call blocking, and other allowed security features.
Microsoft says that with MTP, security teams can:
- Automatically block attacks and eliminate their persistence to keep them from starting again. MTP looks across domains to understand the entire chain of events, identify affected assets, and protect your most sensitive resources. When, for example, a compromised user or an at-risk device tries to access confidential information, MTP applies conditional access and blocks the attack, delivering on the Zero Trust model.
- Prioritize incidents for investigation and response. MTP lets you focus on what matters the most by correlating alerts and low-level signals into incidents to determine the full scope of the threat across Microsoft 365 services. Incidents provide a complete picture of the threat in real-time and in a single, cohesive console.
- Auto-heal assets. MTP identifies affected assets like users, endpoints, mailboxes, and applications, and returns them to a safe state. Automated healing includes actions like identifying and terminating malicious processes on endpoints and removing mail forwarding rules attackers put in place and marking users as compromised in the directory.
- Focus unique expertise on cross-domain hunting. MTP empowers the security team to be proactive, giving them back the time they need to learn from our insights, harden defenses, and keep out more threats. It also lets them use their unique organizational knowledge like proprietary indicators of compromise, org-specific behavioral patterns, and free-form research to actively hunt for threats across domains with custom queries over raw data.
Microsoft says it will share more details about Defender ATP for iOS and Android next week at the RSA Conference in San Francisco.