From 6a41fe3b042bac5efc91901878b5dec3b70ab248 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 27 Jan 2021 11:38:41 -0800 Subject: [PATCH 1/4] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 93e3809c2a..ce1ef6ec15 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 12/07/2020 +ms.date: 01/27/2021 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -31,7 +31,6 @@ ms.custom: AIR - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) - Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation (AIR) capabilities that can help your security operations team address threats more efficiently and effectively. Want to see how it works? Watch the following video: > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4bOeh] From fb91daf9390de59823ad953f76ba07205b825dcb Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Mon, 8 Feb 2021 23:24:43 +0200 Subject: [PATCH 2/4] Update gov.md Adding a licensing section. --- .../microsoft-defender-atp/gov.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index bf0e603e07..6184983828 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -29,6 +29,28 @@ This offering is available to GCC, GCC High, and DoD customers and is based on t > [!NOTE] > If you are a "GCC on Commercial" customer, please refer to the public documentation pages. +## Licensing requirements +Microsoft Defender for Endpoint for US Government customers requires one of the following Microsoft volume licensing offers: + +### Desktop licensing +GCC | GCC High | DoD +:---|:---|:--- +Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD +| | Microsoft 365 E5 for GCCHigh | +| | Microsoft 365 G5 Security for GCCHigh | +Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD + +### Server licensing +GCC | GCC High | DoD +:---|:---|:--- +Microsoft Defender for Endpoint Server GCC | Microsoft Defender for Endpoint Server for GCC High | Microsoft Defender for Endpoint Server for DOD +Azure Defender for Servers | Azure Defender for Servers | Azure Defender for Servers + +> [!NOTE] +> DoD licensing will only be available at GA. + +
+ ## Portal URLs The following are the Microsoft Defender for Endpoint portal URLs for US Government customers: From 3a59ad13026982d1bb3aa1452f8cff76db8b3118 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 8 Feb 2021 13:42:42 -0800 Subject: [PATCH 3/4] Update index.md --- windows/security/threat-protection/index.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index f0f08773af..cfcd3b4102 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -102,11 +102,14 @@ Endpoint detection and response capabilities are put in place to detect, investi **[Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)**
-In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. +In addition to quickly responding to advanced attacks, Microsoft Defender for Endpoint offers automated investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. -- [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) -- [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md) -- [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md) +- [Get an overview of automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) +- [Learn about automation levels](microsoft-defender-atp/automation-levels.md) +- [Configure automated investigation and remediation in Defender for Endpoint](microsoft-defender-atp/configure-automated-investigations-remediation.md) +- [Visit the Action center to see remediation actions](microsoft-defender-atp/auto-investigation-action-center.md) +- [Review remediation actions following an automated investigation](microsoft-defender-atp/manage-auto-investigation.md) +- [View the details and results of an automated investigation](microsoft-defender-atp/autoir-investigation-results.md) From da4cc126b81e300e5464e0cc66e1eb8f8e25e7d1 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Mon, 8 Feb 2021 23:51:31 +0200 Subject: [PATCH 4/4] Update gov.md --- .../threat-protection/microsoft-defender-atp/gov.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 6184983828..ef93116bee 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -27,7 +27,7 @@ Microsoft Defender for Endpoint for US Government customers, built in the US Azu This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering. > [!NOTE] -> If you are a "GCC on Commercial" customer, please refer to the public documentation pages. +> If you are a GCC customer using Defender for Endpoint in Commercial, please refer to the public documentation pages. ## Licensing requirements Microsoft Defender for Endpoint for US Government customers requires one of the following Microsoft volume licensing offers: @@ -36,18 +36,18 @@ Microsoft Defender for Endpoint for US Government customers requires one of the GCC | GCC High | DoD :---|:---|:--- Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD -| | Microsoft 365 E5 for GCCHigh | -| | Microsoft 365 G5 Security for GCCHigh | +| | Microsoft 365 E5 for GCC High | +| | Microsoft 365 G5 Security for GCC High | Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD ### Server licensing GCC | GCC High | DoD :---|:---|:--- Microsoft Defender for Endpoint Server GCC | Microsoft Defender for Endpoint Server for GCC High | Microsoft Defender for Endpoint Server for DOD -Azure Defender for Servers | Azure Defender for Servers | Azure Defender for Servers +Azure Defender for Servers | Azure Defender for Servers - Government | Azure Defender for Servers - Government > [!NOTE] -> DoD licensing will only be available at GA. +> DoD licensing will only be available at DoD general availability.