From 037f4ee4baac3590faedd3d4b4390d3d02667b9c Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Fri, 7 Jun 2019 15:16:36 -0700 Subject: [PATCH] fixing art links --- .../policy-configuration-service-provider.md | 6 +- .../configure-server-endpoints.md | 2 + .../event-error-codes.md | 6 +- .../manage-auto-investigation.md | 2 +- .../microsoft-defender-atp/portal-overview.md | 88 +++++++++---------- .../troubleshoot-onboarding-error-messages.md | 6 +- ...-information-when-the-session-is-locked.md | 2 +- ...plication-control-policies-using-intune.md | 4 +- ...tion-based-protection-of-code-integrity.md | 2 +- 9 files changed, 60 insertions(+), 58 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index e8baf340ee..2a1fa44832 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -738,7 +738,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- Cryptography/AllowFipsAlgorithmPolicy + Cryptography/AllowFipsAlgorithmPolicy
Cryptography/TLSCipherSuites @@ -4378,7 +4378,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials](./policy-csp-credentialsdelegation.md#credentialsdelegation-remotehostallowsdelegationofnonexportablecredentials) - [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal) - [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators) -- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#CryptographyAllowFipsAlgorithmPolicy) +- [Cryptography/AllowFipsAlgorithmPolicy](./policy-csp-cryptography.md#cryptographyallowfipsalgorithmpolicy) - [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g) - [Defender/AllowArchiveScanning](./policy-csp-defender.md#defender-allowarchivescanning) - [Defender/AllowBehaviorMonitoring](./policy-csp-defender.md#defender-allowbehaviormonitoring) @@ -5243,7 +5243,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Camera/AllowCamera](#camera-allowcamera) - [Cellular/ShowAppCellularAccessUI](#cellular-showappcellularaccessui) -- [Cryptography/AllowFipsAlgorithmPolicy](#CryptographyAllowFipsAlgorithmPolicy) +- [Cryptography/AllowFipsAlgorithmPolicy](#cryptographyallowfipsalgorithmpolicy) - [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites) - [Defender/AllowArchiveScanning](#defender-allowarchivescanning) - [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 4f8489c0d3..0f9793b0a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -93,6 +93,7 @@ The following steps are required to enable this integration: 3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. + ### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603). @@ -107,6 +108,7 @@ The following steps are required to enable this integration: Once completed, you should see onboarded servers in the portal within an hour. + ### Configure server proxy and Internet connectivity settings - Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the OMS Gateway. diff --git a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md index 3ffa588f98..4a19677915 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/event-error-codes.md @@ -157,7 +157,7 @@ The service could not contact the external processing servers at that URL. 17 Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable. An error occurred with the Windows telemetry service. -Ensure the diagnostic data service is enabled.
+Ensure the diagnostic data service is enabled.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See Onboard Windows 10 machines. @@ -208,7 +208,7 @@ Ensure real-time antimalware protection is running properly. 28 Microsoft Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: variable. An error occurred with the Windows telemetry service. -Ensure the diagnostic data service is enabled.
+Ensure the diagnostic data service is enabled.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See Onboard Windows 10 machines. @@ -249,7 +249,7 @@ If the identifier does not persist, the same machine might appear twice in the p 34 Microsoft Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: variable. An error occurred with the Windows telemetry service. -Ensure the diagnostic data service is enabled.
+Ensure the diagnostic data service is enabled.
Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See Onboard Windows 10 machines. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index a96e4fe4a4..4db5431253 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -160,7 +160,7 @@ This tab is only displayed when an investigation is complete and shows all pendi ## Pending actions If there are pending actions on an Automated investigation, you'll see a pop up similar to the following image. -![Image of pending actions](images\pending-actions.png) +![Image of pending actions](images/pending-actions.png) When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index a6fcc5d848..200d144ad9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -66,50 +66,50 @@ The following table provides information on the icons used all throughout the po Icon | Description :---|:--- -![ATP logo icon](images\atp-logo-icon.png)| Microsoft Defender ATP logo -![Alert icon](images\alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks. -![Detection icon](images\detection-icon.png)| Detection – Indication of a malware threat detection. -![Active threat icon](images\active-threat-icon.png)| Active threat – Threats actively executing at the time of detection. -![Remediated icon](images\remediated-icon.png)| Remediated – Threat removed from the machine. -![Not remediated icon](images\not-remediated-icon.png)| Not remediated – Threat not removed from the machine. -![Thunderbolt icon](images\atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. -![Machine icon](images\atp-machine-icon.png)| Machine icon -![Windows Defender AV events icon](images\atp-windows-defender-av-events-icon.png)| Windows Defender Antivirus events -![Application Guard events icon](images\atp-Application-Guard-events-icon.png)| Windows Defender Application Guard events -![Device Guard events icon](images\atp-Device-Guard-events-icon.png)| Windows Defender Device Guard events -![Exploit Guard events icon](images\atp-Exploit-Guard-events-icon.png)| Windows Defender Exploit Guard events -![SmartScreen events icon](images\atp-Smart-Screen-events-icon.png)| Windows Defender SmartScreen events -![Firewall events icon](images\atp-Firewall-events-icon.png)| Windows Firewall events -![Response action icon](images\atp-respond-action-icon.png)| Response action -![Process events icon](images\atp-process-event-icon.png)| Process events -![Network communication events icon](images\atp-network-communications-icon.png)| Network events -![File observed events icon](images\atp-file-observed-icon.png)| File events -![Registry events icon](images\atp-registry-event-icon.png)| Registry events -![Module load DLL events icon](images\atp-module-load-icon.png)| Load DLL events -![Other events icon](images\atp-Other-events-icon.png)| Other events -![Access token modification icon](images\atp-access-token-modification-icon.png)| Access token modification -![File creation icon](images\atp-file-creation-icon.png)| File creation -![Signer icon](images\atp-signer-icon.png)| Signer -![File path icon](images\atp-File-path-icon.png)| File path -![Command line icon](images\atp-command-line-icon.png)| Command line -![Unsigned file icon](images\atp-unsigned-file-icon.png)| Unsigned file -![Process tree icon](images\atp-process-tree.png)| Process tree -![Memory allocation icon](images\atp-memory-allocation-icon.png)| Memory allocation -![Process injection icon](images\atp-process-injection.png)| Process injection -![Powershell command run icon](images\atp-powershell-command-run-icon.png)| Powershell command run -![Community center icon](images\atp-community-center.png) | Community center -![Notifications icon](images\atp-notifications.png) | Notifications -![No threats found](images\no-threats-found.png) | Automated investigation - no threats found -![Failed icon](images\failed.png) | Automated investigation - failed -![Partially remediated icon](images\partially-investigated.png) | Automated investigation - partially investigated -![Termindated by system](images\terminated-by-system.png) | Automated investigation - terminated by system -![Pending icon](images\pending.png) | Automated investigation - pending -![Running icon](images\running.png) | Automated investigation - running -![Remediated icon](images\remediated.png) | Automated investigation - remediated -![Partially investigated icon](images\partially_remediated.png) | Automated investigation - partially remediated -![Threat insights icon](images\tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights -![Possible active alert icon](images\tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert -![Recommendation insights icon](images\tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights +![ATP logo icon](images/atp-logo-icon.png)| Microsoft Defender ATP logo +![Alert icon](images/alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks. +![Detection icon](images/detection-icon.png)| Detection – Indication of a malware threat detection. +![Active threat icon](images/active-threat-icon.png)| Active threat – Threats actively executing at the time of detection. +![Remediated icon](images/remediated-icon.png)| Remediated – Threat removed from the machine. +![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the machine. +![Thunderbolt icon](images/atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. +![Machine icon](images/atp-machine-icon.png)| Machine icon +![Windows Defender AV events icon](images/atp-windows-defender-av-events-icon.png)| Windows Defender Antivirus events +![Application Guard events icon](images/atp-Application-Guard-events-icon.png)| Windows Defender Application Guard events +![Device Guard events icon](images/atp-Device-Guard-events-icon.png)| Windows Defender Device Guard events +![Exploit Guard events icon](images/atp-Exploit-Guard-events-icon.png)| Windows Defender Exploit Guard events +![SmartScreen events icon](images/atp-Smart-Screen-events-icon.png)| Windows Defender SmartScreen events +![Firewall events icon](images/atp-Firewall-events-icon.png)| Windows Firewall events +![Response action icon](images/atp-respond-action-icon.png)| Response action +![Process events icon](images/atp-process-event-icon.png)| Process events +![Network communication events icon](images/atp-network-communications-icon.png)| Network events +![File observed events icon](images/atp-file-observed-icon.png)| File events +![Registry events icon](images/atp-registry-event-icon.png)| Registry events +![Module load DLL events icon](images/atp-module-load-icon.png)| Load DLL events +![Other events icon](images/atp-Other-events-icon.png)| Other events +![Access token modification icon](images/atp-access-token-modification-icon.png)| Access token modification +![File creation icon](images/atp-file-creation-icon.png)| File creation +![Signer icon](images/atp-signer-icon.png)| Signer +![File path icon](images/atp-File-path-icon.png)| File path +![Command line icon](images/atp-command-line-icon.png)| Command line +![Unsigned file icon](images/atp-unsigned-file-icon.png)| Unsigned file +![Process tree icon](images/atp-process-tree.png)| Process tree +![Memory allocation icon](images/atp-memory-allocation-icon.png)| Memory allocation +![Process injection icon](images/atp-process-injection.png)| Process injection +![Powershell command run icon](images/atp-powershell-command-run-icon.png)| Powershell command run +![Community center icon](images/atp-community-center.png) | Community center +![Notifications icon](images/atp-notifications.png) | Notifications +![No threats found](images/no-threats-found.png) | Automated investigation - no threats found +![Failed icon](images/failed.png) | Automated investigation - failed +![Partially remediated icon](images/partially-investigated.png) | Automated investigation - partially investigated +![Termindated by system](images/terminated-by-system.png) | Automated investigation - terminated by system +![Pending icon](images/pending.png) | Automated investigation - pending +![Running icon](images/running.png) | Automated investigation - running +![Remediated icon](images/remediated.png) | Automated investigation - remediated +![Partially investigated icon](images/partially_remediated.png) | Automated investigation - partially remediated +![Threat insights icon](images/tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights +![Possible active alert icon](images/tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert +![Recommendation insights icon](images/tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights ## Related topics - [Understand the Microsoft Defender Advanced Threat Protection portal](use.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md index 504b2e910d..078fc9543d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding-error-messages.md @@ -44,7 +44,7 @@ Potential reasons: For both cases you should contact Microsoft support at [General Microsoft Defender ATP Support](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636419533611396913) or [Volume license support](https://www.microsoft.com/licensing/servicecenter/Help/Contact.aspx). -![Image of no subscriptions found](images\atp-no-subscriptions-found.png) +![Image of no subscriptions found](images/atp-no-subscriptions-found.png) ## Your subscription has expired @@ -55,14 +55,14 @@ You can choose to renew or extend the license at any point in time. When accessi > [!NOTE] > For security reasons, the package used to Offboard machines will expire 30 days after the date it was downloaded. Expired offboarding packages sent to a machine will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name. -![Image of subscription expired](images\atp-subscription-expired.png) +![Image of subscription expired](images/atp-subscription-expired.png) ## You are not authorized to access the portal If you receive a **You are not authorized to access the portal**, be aware that Microsoft Defender ATP is a security monitoring, incident investigation and response product, and as such, access to it is restricted and controlled by the user. For more information see, [**Assign user access to the portal**](https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection). -![Image of not authorized to access portal](images\atp-not-authorized-to-access-portal.png) +![Image of not authorized to access portal](images/atp-not-authorized-to-access-portal.png) ## Data currently isn't available on some sections of the portal If the portal dashboard, and other sections show an error message such as "Data currently isn't available": diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md index d9e99a0ba8..dc5baed9b0 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md @@ -35,7 +35,7 @@ Beginning with Windows 10 version 1607, new functionality was added to Windows 1 This functionality is controlled by a new **Privacy** setting in **Settings** > **Accounts** > **Sign-in options**. The Privacy setting is off by default, which hides the details. -![Privacy setting](images\privacy-setting-in-sign-in-options.png) +![Privacy setting](images/privacy-setting-in-sign-in-options.png) The **Interactive logon: Display user information when the session is locked** Group Policy setting controls the same functionality. diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 0666cbac40..1f0c64f9c3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,11 +27,11 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( 3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. - ![Configure profile](images\wdac-intune-create-profile-name.png) + ![Configure profile](images/wdac-intune-create-profile-name.png) 4. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. - ![Configure WDAC](images\wdac-intune-wdac-settings.png) + ![Configure WDAC](images/wdac-intune-wdac-settings.png) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 5f87fa942d..3cd5fee197 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -61,7 +61,7 @@ Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP] 3. Double-click **Turn on Virtualization Based Security**. 4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be disabled remotely or select **Enabled without UEFI lock**. - ![Enable HVCI using Group Policy](images\enable-hvci-gp.png) + ![Enable HVCI using Group Policy](images/enable-hvci-gp.png) 5. Click **Ok** to close the editor.