Microsoft adds support for Windows 7 to improve threat detection and response, but why?

Microsoft adds support for Windows 7 to improve threat detection and response, but why?

Windows Defender Advanced Threat Protection (WD-ATP) is part of the product suite Microsoft 365 E5. The license includes Office 365, Office 365 & EMS (E5 SKU). The question is why supports Microsoft none Windows 10 Operating Systems like Windows 7? A couple of months ago I was reading a new article about this. They described that WD-ATP is supporting Windows 7. My first thought was;

“why should Microsoft ever support down-level Operating Systems like Windows 7 instead of leaving it an exclusive feature for Windows 10?”

To answer this question you need to understand how the product is built. First of all, it is developed as an Endpoint Detection & Response (EDR) system. It uses the built-in security sensors of an operating system to collect possible threats and generates alerts for abnormal behavior. Any relevant data will be uploaded (partly anonymous) to the Microsoft Intelligent Cloud. The Cloud service analyzes the data rapidly. The system learns about normal and abnormal behavior because it analyzes data form milliards of sensors and devices.

The first releases of WD-ATP where only available for Windows 10 because of there where none sensors available for down-level operating systems. So basically, Microsoft built this feature on top of Windows 7 and Windows 8.1. This means that the feature is only available for down-level operating systems when you have an up-to-date system!

Windows 7 in the Cloud

A while ago Microsoft released a WD-ATP version for Windows 7. Fine, many people are expecting because they think having the same protection level as Windows 10. Unfortunately, this is not totally true. The difference is that Windows 7 of 8.(1) Operating Systems does not have all the sensors built-in in comparing to Windows 10. This means Windows 10 is still the best option for the organization if you want to increase your security maturity level or protect your organization’s digital intellectual property. See table below.

Continues to raise the security maturity level by any Windows 10 release

In any of the Windows 10 versions previously released, Microsoft adds more security features and sensors. These capabilities fit by the digital attacks of that moment. New releases are available every half year (March & September). Please note; In case you want to interact with the Microsoft product team you are more than welcome via the Microsoft roundtables or User Voice forms. I think it is very nice the way Microsoft wants to interact with your organization to improve the products.

What are the difference between Windows 7 & Windows 10 for the feature WD-ATP?

This is a very common question. During multiple implementations organizations are doubting if they really need to upgrade to Windows 10. Yes, they need to do it for the following reasons, if you think you can postpone a migration project because you can use the WD-ATP feature. Good to notice is that WD-ATP is a built-in feature of Windows 10. A very big advantage is that is has a lower impact on the overall performance at the Operating System. For lower operating systems you need to install additional software updates/patches and tooling. All this will result in a decreased performance experience.

The table below is an example of the differences between several operating systems.

Security capabilitiesWindows 7Windows 10 1703Windows 10 1709
Endpoint Detection & Response EDRVVV
Windows Defender System guardXVV
Windows Defender Application ControlXVV
Windows Defender AntivirusXVV
Windows Defender Application GuardXXV
Windows Defender Exploit GuardXXV

So, although the product was first exclusive available for Windows 10 is it now also available for Windows 7 and 8.(1) but with limited functionality. Be aware Windows 10 has still more security capabilities and can protect your workplaces better in comparing to Windows 7.

Scenario’s

The following two scenarios are describing the difference between Windows 10 and lower Operating System versions.

The user downloads a malicious file or installation;

·       User experience Windows 7; The WD-ATP system kick in as soon the malicious software starts the exploit (reports). This means that from the hackers perspective the attack is successfully launched and countermeasures need to be taken to prevent more infected computers. This will cause a high impact for the end users because a re-installation is possibly required.

·       User experience Windows 10; A couple of security measurements can kick in to prevent launching the exploit, for example, Windows Defender Smartscreen. Low impact for the end-user because the exploit cannot be launched.

My common practices

·        Migration to the latest Client Operating System is always a smart thing to do when you need to increase your security majority level.

·        Windows 10 is a very safe operating system but you still need to monitor the security alerts. Those security alerts don’t solve themselves.

·        You can try Microsoft 365 ‘for free’ (limited time) and WD-ATP to get insights about abnormal behavior and detect hackers faster and easier. 

 

Share This