Skip to main content
Advanced Threat Protection from Microsoft

Until April 2023, organisations providing NHS funded care are eligible for centrally funded Windows 10 desktop operating system licences, which include Microsoft Defender Advanced Threat Protection (MDATP). This allows organisations to save money, reduce potential vulnerabilities and increase cyber resilience. 

Advanced Threat Protection

Advanced Threat Protection (ATP) gives local organisations such as hospitals and GP surgeries better cyber security protection. It is also linked to the Data Security Centre (DSC), which improves cyber security protection for local health and care communities, and the NHS as a whole.

ATP monitors the Microsoft Windows operating system on a PC, laptop or server to identify any indicators of cyber security comprise or attack, it can then take immediate action to address the problem before it spreads.  It also alerts local system managers and the DSC. These alerts give an NHS wide view of system status, to device level, in real time. This allows the DSC to more quickly and effectively coordinate the overall NHS response to cyber threats as they happen. 

Local organisations continue to be responsible for managing their own devices and will lead on any intervention necessary. The DSC response to any threat identified in a local system will be managed collaboratively with the local organisation.

ATP is now deployed to 90% of the NHS Windows desktop estate, with more than 1.2 million devices protected. The ATP user group convenes on a monthly basis to share knowledge and insights between organisations. All the NHS support and learning material, such as webinar recordings, documents, guides etc, is hosted on the ATP user group collaboration site for organisations to access.


Data security and governance

The information generated by ATP is securely partitioned and is only available to the organisation that is responsible for the devices, and to the DSC.  ATP records machine level information, but does not access patient records or documents such as Word/Excel/emails, and does not record or share patient information.

Any organisation who joins the service must commit to migrating from their current Windows 7/8 estates to Windows 10. After 14 January 2020, devices running Windows 7 no longer receive Microsoft security updates unless you have purchased Extended Security Updates.


Joining the ATP service

Joining the ATP service is optional, however central funding for Windows 10 operating system licences is only available to your organisation if you join.  Any organisation joining the service must commit to migrating from their current Windows 7/8 estates to Windows 10 by no later than 14 January 2020. The Windows 7 operating system will be unsupported after that date.  

To sign up, a service agreement with our licensing partner Bytes Software Services needs to be completed and returned. You can contact Bytes via nhsea@bytes.co.uk or by calling 01372 418 763.


ATP user group workspace

The ATP user group workspace is for specialist owners, managers and technicians responsible for delivery of the ATP application in organisations across the NHS.

Members can access can access key resources from NHS Digital, share peer-to-peer expertise and experience as well as viewing the latest news and updates on the ATP service.

To join the ATP user group, please contact atpfeedback@nhs.net.


Contact us

For further advice, please contact the Data Security Centre by emailing cybersecurity@nhs.net.

Last edited: 7 July 2020 2:56 pm