mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-25 19:57:22 +00:00
expand first mention of Windows Defender Advanced Threat Protection
This commit is contained in:
Joey Caparas
parent
e9612c333f
commit
03896ffad2
@ -17,7 +17,7 @@ author: mjcaparas
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in the respective queues according to their current status.
|
||||
As a security operations team member, you can manage Windows Defender Advanced Threat Protection alerts as part of your routine activities. Alerts will appear in the respective queues according to their current status.
|
||||
|
||||
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ The **Dashboard** displays a snapshot of:
|
||||
- The latest active alerts on your network
|
||||
- Machines reporting
|
||||
- Top machines with active alerts
|
||||
- The overall status of Windows Defender ATP for the past 30 days
|
||||
- The overall status of Windows Defender Advanced Threat Protection for the past 30 days
|
||||
- Machines with active malware detections
|
||||
|
||||
You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
|
||||
|
||||
@ -16,7 +16,7 @@ ms.sitesec: library
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
Alerts in Windows Defender ATP indicate possible security breaches on endpoints in your organization.
|
||||
Alerts in Windows Defender Advanced Threat Protection indicate possible security breaches on endpoints in your organization.
|
||||
|
||||
There are three alert severity levels, described in the following table.
|
||||
|
||||
|
||||
@ -58,7 +58,7 @@ Results of deep analysis are matched against threat intelligence and any matches
|
||||
|
||||
Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
|
||||
|
||||
In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
|
||||
In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender Advanced Threat Protection backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
|
||||
|
||||
> **Note** Only files from Windows 10 can be automatically collected.
|
||||
|
||||
|
||||
@ -88,7 +88,7 @@ When you investigate a specific machine, you'll see:
|
||||
- **Alerts related to this machine**
|
||||
- **Machine timeline**
|
||||
|
||||
The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender ATP service.
|
||||
The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender Advanced Threat Protection service.
|
||||
|
||||
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date that the alert was detected, a short description of the alert, the alert's severity, the alert's threat category, and the alert's status in the queue.
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@ ms.sitesec: library
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
Windows Defender ATP notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
|
||||
Windows Defender Advanced Threat Protection notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
|
||||
|
||||
See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts) topic for more details on how to investigate alerts.
|
||||
|
||||
@ -138,4 +138,3 @@ Changes are indicated by a clock icon (
|
||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ service onboarding to manage user-based access to the [Windows Defender ATP port
|
||||
or email [winatp@microsoft.com](mailto:winatp@microsoft.com).-->
|
||||
|
||||
When you run the onboarding wizard for the first time, you must choose
|
||||
where your Windows Defender ATP-related information is stored: in either
|
||||
where your Windows Defender Advanced Threat Protection-related information is stored: in either
|
||||
a European or United States datacenter.
|
||||
|
||||
> **Notes**
|
||||
@ -49,7 +49,7 @@ Server and mobile versions of Windows are not supported.
|
||||
|
||||
Internet connectivity on endpoints is also required. See
|
||||
[Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
additional proxy configuration settings.
|
||||
for additional proxy configuration settings.
|
||||
|
||||
Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10 TAP, but if it has been disabled you can turn it on by following the instructions in the
|
||||
[Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) section.
|
||||
|
||||
@ -17,7 +17,7 @@ author: mjcaparas
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
You can monitor the onboarding of the Windows Defender ATP service to ensure your endpoints are correctly configured and are sending telemetry reports.
|
||||
You can monitor the onboarding of the Windows Defender Advanced Threat Protection service to ensure your endpoints are correctly configured and are sending telemetry reports.
|
||||
|
||||
You might need to monitor the onboarding if the package did not configure the registry correctly, or the reporting client did not start or execute correctly.
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ author: iaanw
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
You need to onboard to Windows Defender ATP before you can use the service.
|
||||
You need to onboard to Windows Defender Advanced Threat Protection before you can use the service.
|
||||
|
||||
<!--There are two stages to onboarding:
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ author: DulceMV
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
|
||||
Enterprise security teams can use the portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
|
||||
Enterprise security teams can use the Windows Defender Advanced Threat Protection portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
|
||||
|
||||
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
|
||||
- View, sort, and triage alerts from your endpoints
|
||||
|
||||
@ -18,7 +18,7 @@ author: mjcaparas
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
You have to assign users to the Windows ATP Service application in Azure Active Directory (AAD) before they can access the portal.
|
||||
You have to assign users to the Windows Defender Advanced Threat Protection Service application in Azure Active Directory (AAD) before they can access the portal.
|
||||
|
||||
**Manage user access to the Windows Defender ATP portal**:
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ The aspect of time is important in the assessment and analysis of perceived and
|
||||
|
||||
Cyberforensic investigations often rely on time stamps to piece together the sequence of events. It’s important that your system reflects the correct time zone settings.
|
||||
|
||||
Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time.
|
||||
Windows Defender Advanced Threat Protection can display either Coordinated Universal Time (UTC) or local time.
|
||||
|
||||
Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Settings** menu .
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ author: mjcaparas
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
You might need to troubleshoot the onboarding process if you encounter issues.
|
||||
You might need to troubleshoot the Windows Defender Advanced Threat Protection boarding process if you encounter issues.
|
||||
This page provides detailed steps for troubleshooting endpoints that aren't reporting correctly, common error codes encountered during onboarding, and steps for resolving problems with Azure Active Directory (AAD).
|
||||
|
||||
## Endpoints are not reporting to the service correctly
|
||||
@ -33,7 +33,7 @@ Go through the following verification topics to address this issue:
|
||||
|
||||
|
||||
### Ensure that the endpoint is onboarded successfully
|
||||
If the endpoints aren't reporting correctly, you might need to check that the Windows Defender Advanced Threat Protection service was successfully onboarded on the endpoint.
|
||||
If the endpoints aren't reporting correctly, you might need to check that the Windows Defender ATP service was successfully onboarded on the endpoint.
|
||||
|
||||
**Check the onboarding state in Registry**:
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@ author: mjcaparas
|
||||
|
||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||
|
||||
This section addresses issues that might arise as you use the service.
|
||||
This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
|
||||
|
||||
###Server error - Access is denied due to invalid credentials
|
||||
If you encounter a server error when trying to access the service, you’ll need to change your browser cookie settings.
|
||||
|
||||
@ -26,7 +26,8 @@ A typical security breach investigation requires a member of a security operatio
|
||||
|
||||
|
||||
|
||||
Security operation teams can use Windows Defender ATP Portal to carry out this end-to-end process without having to leave the portal.
|
||||
Security operation teams can use Windows Defender Advanced Threat Protection portal to carry out this end-to-end process without having to leave the portal.
|
||||
|
||||
Teams can monitor the overall status of enterprise endpoints from the **Dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance.
|
||||
|
||||
### In this section
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user