Advanced hunting in Microsoft Defender ATP empowers your customers to query data utilzing a rich set of capabilities and features. Microsoft WDAC events can also be queried by utilizing an ActionType that starts with "AppControl" for your convenience. This kind of capability is actually supported beginning with Windows version 1607 and moving forward.

Session THR3056 encourages you to unleash the hunter in you: Advanced hunting in Microsoft Defender ATP. Featuring speaker Hadar Feldman of Microsoft, learn how Microsoft Defender Advanced Threat Protection gives incident responders insights into endpoint activity they've always wished they had when incidents occur. In this theater session, learn how to use advanced hunting to gain insights into endpoint data going far beyond just responding to alerts.

202 S.E. Church Street, Suite 203 Leesburg, VA 20175
202 Church Street S.E. , Suite 203 Leesburg, VA 20175
800-453-596 (Toll Free)