2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected


This setting enables Windows Defender ATP (WDATP) integration with Security Center.


WDATP integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within security center. This integration helps to spot abnormalities, detect and respond to advanced attacks on Windows server endpoints monitored by Azure Security Center. Windows Defender ATP in Security Center supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription.

WDATP works only with Standard Tier subscriptions.


WDATP works with Standard pricing tier Subscription.Choosing the Standard pricing tier of Azure Security Center incurs an additional cost per resource.


From Azure Console

Go to Azure Security Center

Select Security policy blade

Click On Edit Settings to alter the the security policy for a subscription

Select the Threat Detection blade

Check/Enable option Allow Windows Defender ATP to access my data

Select Save

Using Azure Command Line Interface 2.0
Use the below command to enable Standard pricing tier for Storage Accounts

az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/settings/WDATP?api-version=2019-01-01 [email protected]'input.json''

Where input.json contains the Request body json data as mentioned below.

'id': '/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/settings/WDATP',
'kind': 'DataExportSetting',
'type': 'Microsoft.Security/settings',
'properties': {
'enabled': true

See Also


Item Details


References: 800-53|SI-3, CSCv7|8

Plugin: microsoft_azure

Control ID: 075afa04d5b09a11ad90d6e26adefef711fa27f220655ee0ae4470032fd7bce6