Live response for MDATP is backported
When the feature appeared, you had to run the 1903 version of Windows 10.
Yesterday, Microsoft announced that live response for MDATP is now in public preview for earlier versions of Windows 10 including 1709, 1803, and 1809
What is Live Response ?
Live response is a capability that gives an instantaneous access to a device using a remote shell connection.
Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.
You will be able to :
- Run basic and advanced commands to do investigative work on a device
- Download files such as malware samples and outcomes of PowerShell scripts
- Download files in the background
- Upload a PowerShell script or executable to the library and run it on a device from a tenant level
- Take or undo remediation actions
Verify that you’re running a supported version of Windows 10
Devices must be running one of the following versions of Windows 10:
Make sure to install appropriate security updates