At the Ignite event on November 12, 2019 Microsoft announced Microsoft Defender Advanced Threat Protection for Gnu / Linux.
What is Microsoft Defender ATP
The name brings us first to Windows Defender which is an Antivirus, then the best for companies launching Window Defender, ATP works on behavioral analysis. It collects usage data and stores it on the same system. As business systems there are also machines with Mac and Gnu / linux to cover them, change of name to Microsoft ATP shortly after I get a version for Mac finally arrived for Gnu / Linux on February 20, 2020.
Generally available Microsoft Threat Protection (MTP) provides the built-in intelligence, automation, and integration to coordinate protection, detection, response, and prevention by combining and orchestrating into a single solution the capabilities of Microsoft Defender Advanced Threat Protection (ATP) (endpoints), Office 365 ATP (email), Azure ATP (identity), and Microsoft Cloud App Security (apps).
With MTP, security teams can:
Automatically block attacks and eliminate their persistence to keep them from starting again. MTP looks across domains to understand the entire chain of events, identify affected assets, and protect your most sensitive resources. When, for example, a compromised user or an at-risk device tries to access confidential information, MTP applies conditional access and blocks the attack, delivering on the Zero Trust model. Prioritize incidents for investigation and response. MTP lets you focus on what matters the most by correlating alerts and low-level signals into incidents to determine the full scope of the threat across Microsoft 365 services. Incidents provide a complete picture of the threat in real time and in a single, cohesive console. Auto-heal assets. MTP identifies affected assets like users, endpoints, mailboxes, and applications, and returns them to a safe state. Automated healing includes actions like identifying and terminating malicious processes on endpoints and removing mail forwarding rules attackers put in place and marking users as compromised in the directory. Focus unique expertise on cross-domain hunting. MTP empowers the security team to be proactive, giving them back the time they need to learn from our insights, harden defenses, and keep out more threats. It also lets them use their unique organizational knowledge like proprietary indicators of compromise, org-specific behavioral patterns, and free-form research to actively hunt for threats across domains with custom queries over raw data.