mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-20 17:27:23 +00:00
Merge pull request #2316 from MicrosoftDocs/master
OOB Publish 3/18/2020 8:14 AM PST
This commit is contained in:
Thomas Raya
GitHub
commit
03f41b11c8
@ -33,7 +33,8 @@ HoloLens 2 prompts a user to calibrate the device under the following circumstan
|
||||
- The user previously opted out of the calibration process
|
||||
- The calibration process did not succeed the last time the user used the device
|
||||
- The user has deleted their calibration profiles
|
||||
- The visor is raised and the lowered and any of the above circumstances apply (this may be disabled in **Settings > System > Calibration**.)
|
||||
- The device is taken off and put back on and any of the above circumstances apply
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -89,7 +89,7 @@ For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 E
|
||||
|
||||
If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://blogs.windows.com/business/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/)
|
||||
|
||||
#### Muti-factor authentication
|
||||
#### Multi-factor authentication
|
||||
|
||||
An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
|
||||
### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
|
||||
### [Configuration score](microsoft-defender-atp/configuration-score.md)
|
||||
### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
|
||||
### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
|
||||
### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
|
||||
### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
|
||||
### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 51 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 64 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 25 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 68 KiB |
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Security recommendation
|
||||
description: The weaknesses identified in the environment are mapped to actionable security recommendations and prioritized by their impact on the organizational exposure score.
|
||||
title: Security recommendations
|
||||
description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value.
|
||||
keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
@ -8,17 +8,18 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: dolmont
|
||||
author: DulceMontemayor
|
||||
ms.author: ellevin
|
||||
author: levinec
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/11/2019
|
||||
---
|
||||
# Security recommendation
|
||||
# Security recommendations
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
> [!TIP]
|
||||
@ -26,80 +27,77 @@ ms.date: 04/11/2019
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
|
||||
The cyber security weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact on the security recommendation list. Prioritized recommendation helps shorten the mean time to mitigate or remediate vulnerabilities and drive compliance.
|
||||
Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendation helps shorten the time to mitigate or remediate vulnerabilities and drive compliance.
|
||||
|
||||
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
|
||||
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
|
||||
|
||||
## The basis of the security recommendation
|
||||
Each machine in the organization is scored based on three important factors: threat, likelihood to be breached, and value, to help customers to focus on the right things at the right time.
|
||||
## Criteria
|
||||
|
||||
- Threat - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
|
||||
Each machine in the organization is scored based on three important factors to help customers to focus on the right things at the right time.
|
||||
|
||||
- Breach likelihood - Your organization's security posture and resilience against threats
|
||||
- **Threat** - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
|
||||
|
||||
- Business value - Your organization's assets, critical processes, and intellectual properties
|
||||
- **Breach likelihood** - Your organization's security posture and resilience against threats
|
||||
|
||||
- **Business value** - Your organization's assets, critical processes, and intellectual properties
|
||||
|
||||
## Navigate through your security recommendations
|
||||
## Navigate to security recommendations
|
||||
|
||||
You can access the security recommendation from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page, to give you the context that you need, as you require it.
|
||||
You can access security recommendations from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page.
|
||||
|
||||
*Security recommendations option from the left navigation menu*
|
||||
### Top security recommendations in the Threat & Vulnerability Management dashboard
|
||||
|
||||
1. Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open up the list of security recommendations for the threats and vulnerabilities found in your organization. It gives you an overview of the security recommendation context: weaknesses found, related components, the application and operating system where the threat or vulnerabilities were found, network, accounts, and security controls, associated breach, threats, and recommendation insights, exposed machine trends, status, remediation type and activities.
|
||||
|
||||
In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
|
||||
|
||||
>[!NOTE]
|
||||
> The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the amount of exposed machines, the color of the graph will change into green. This happens when the numbers on the right hand side is greater than what’s on the left, which means an increase or decrease at the end of even a single machine will change the graph's color.
|
||||
|
||||
|
||||
You can filter your view based on related components, status, and remediation type. If you want to see the remediation activities of software and software versions which have reached their end-of-life, select **Active**, then select **Software update** from the **Remediation Type** filter, and click **Apply**.
|
||||
<br></br>
|
||||
The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
|
||||
|
||||
2. Select the security recommendation that you need to investigate or process.
|
||||
<br></br>
|
||||
### Navigation menu
|
||||
|
||||
Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization.
|
||||
|
||||
*Top security recommendations from the dashboard*
|
||||
## Security recommendations overview
|
||||
|
||||
In a given day as a Security Administrator, you can take a look at the dashboard to see your exposure score side-by-side with your configuration score. The goal is to lower down your organization's exposure from vulnerabilities, and increase your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
|
||||
You will be able to view the recommendation, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
|
||||
|
||||
The top security recommendations lists down the improvement opportunities prioritized based on the three important factors mentioned in the previous section - threat, likelihood to be breached, and value.
|
||||
The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the amount of exposed machines, the color of the graph will change into green. This happens when the numbers on the right hand side is greater than what's on the left, which means an increase or decrease at the end of even a single machine will change the graph's color.
|
||||
|
||||
You can click on each one of them and see the details, the description, the potential risk if you don't act on or remediate it, insights, vulnerabilities, other threats found, how many exposed devices are associated with the security recommendation, and business impact of each security recommendation on the organizational exposure and configuration score.
|
||||
|
||||
|
||||
From that page, you can do any of the following depending on what you need to do:
|
||||
Select the security recommendation that you want to investigate or process.
|
||||
|
||||
- Open software page - Drill down and open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-life, and charts so you can see the exposure trend over time.
|
||||
|
||||
|
||||
- Choose from remediation options - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
|
||||
From the flyout, you can do any of the following:
|
||||
|
||||
- Choose from exception options - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet due to specific business reasons, compensation controls, or if it is a false positive.
|
||||
- **Open software page** - Drill down and open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-life, and charts so you can see the exposure trend over time.
|
||||
|
||||
- **Remediation options** - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
|
||||
|
||||
- **Exception options** - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet due to specific business reasons, compensation controls, or if it is a false positive.
|
||||
|
||||
>[!NOTE]
|
||||
>When a change is made on a machine, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center.
|
||||
|
||||
## Report inaccuracy
|
||||
|
||||
You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information in the machine page.
|
||||
You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information.
|
||||
|
||||
1. Select the **Security recommendation** tab.
|
||||
1. Open the Security recommendation.
|
||||
|
||||
2. Click **:** beside the security recommendation that you want to report about, then select **Report inaccuracy**.
|
||||
|
||||
<br>A flyout pane opens.</br>
|
||||
|
||||
2. Select the three dots beside the security recommendation that you want to report, then select **Report inaccuracy**.
|
||||
|
||||
3. From the flyout pane, select the inaccuracy category from the drop-down menu.
|
||||
<br></br>
|
||||
|
||||
|
||||
4. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported.
|
||||
3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
|
||||
|
||||
5. Include your machine name for investigation context.
|
||||
|
||||
>[!TIP]
|
||||
> You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context.
|
||||
|
||||
6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
|
||||
|
||||
|
||||
4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
||||
@ -109,9 +107,9 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
- [Weaknesses](tvm-weaknesses.md)
|
||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
||||
- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine)
|
||||
- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
|
||||
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
|
||||
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
||||
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
- [Recommendation APIs](vulnerability.md)
|
||||
- [Machine APIs](machine.md)
|
||||
- [Score APIs](score.md)
|
||||
- [Software APIs](software.md)
|
||||
- [Vulnerability APIs](vulnerability.md)
|
||||
|
||||
@ -8,16 +8,16 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: dolmont
|
||||
author: DulceMontemayor
|
||||
ms.author: ellevin
|
||||
author: levinec
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/11/2019
|
||||
---
|
||||
# Software inventory
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
@ -28,12 +28,16 @@ ms.date: 04/11/2019
|
||||
Microsoft Defender ATP Threat & Vulnerability management's discovery capability shows in the **Software inventory** page. The software inventory includes the name of the product or vendor, the latest version it is in, and the number of weaknesses and vulnerabilities detected with it.
|
||||
|
||||
## Navigate through your software inventory
|
||||
1. Select **Software inventory** from the Threat & Vulnerability management navigation menu. The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact, tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached their end-of-life.
|
||||
|
||||
1. Select **Software inventory** from the Threat & Vulnerability management navigation menu. The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support.
|
||||
|
||||
|
||||
2. In the **Software inventory** page, select the software that you want to investigate and a flyout panel opens up with the same details mentioned above but in a more compact view. You can either dive deeper into the investigation and select **Open software page** or flag any technical inconsistencies by selecting **Report inaccuracy**.
|
||||
3. Select **Open software page** to dive deeper into your software inventory to see how many weaknesses are discovered in the software, devices exposed, installed machines, version distribution, and the corresponding security recommendations for the weaknesses and vulnerabilities identified. From the **Version distribution** tab, you can also filter the view by **Version EOL** if you want to see the software versions that has reached their end-of-life which needs to be uninstalled, replaced, or updated.
|
||||
|
||||
3. Select **Open software page** to dive deeper into your software inventory to see how many weaknesses are discovered in the software, devices exposed, installed machines, version distribution, and the corresponding security recommendations for the weaknesses and vulnerabilities identified.
|
||||
|
||||
## How it works
|
||||
|
||||
In the field of discovery, we are leveraging the same set of signals in Microsoft Defender ATP's endpoint detection and response that's responsible for detection, for vulnerability assessment.
|
||||
|
||||
Since it is real-time, in a matter of minutes, you will see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll will see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available.
|
||||
@ -42,27 +46,20 @@ Since it is real-time, in a matter of minutes, you will see vulnerability inform
|
||||
|
||||
You can report a false positive when you see any vague, inaccurate version, incomplete, or already remediated software inventory information in the machine page.
|
||||
|
||||
1. Select the **Software inventory** tab.
|
||||
1. Select one of the software rows. A flyout will appear.
|
||||
|
||||
2. Click **:** beside the software that you want to report about, and then select **Report inaccuracy**.
|
||||
|
||||
<br>A flyout pane opens.</br>
|
||||
|
||||
2. Select "Report inaccuracy" in the flyout
|
||||
|
||||
3. From the flyout pane, select the inaccuracy category from the **Software inventory inaccuracy reason** drop-down menu.
|
||||
<br></br>
|
||||
|
||||
|
||||
4. Include your email address so Microsoft can send you feedback regarding the inaccuracy you reported.
|
||||
3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy.
|
||||
|
||||
5. Include your machine name for investigation context.
|
||||
|
||||
>[!NOTE]
|
||||
> You can also provide details regarding the inaccuracy you reported in the **Tell us more (optional)** field to give the threat and vulnerability management investigators context.
|
||||
|
||||
6. Click **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts with its context.
|
||||
|
||||
|
||||
4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
||||
@ -72,10 +69,9 @@ You can report a false positive when you see any vague, inaccurate version, inco
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Weaknesses](tvm-weaknesses.md)
|
||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
|
||||
- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine)
|
||||
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
||||
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
||||
- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
|
||||
|
||||
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
- [Recommendation APIs](vulnerability.md)
|
||||
- [Machine APIs](machine.md)
|
||||
- [Score APIs](score.md)
|
||||
- [Software APIs](software.md)
|
||||
- [Vulnerability APIs](vulnerability.md)
|
||||
|
||||
@ -24,10 +24,12 @@ ms.collection:
|
||||
|
||||
## What is shadow protection?
|
||||
|
||||
Shadow protection (currently in [limited private preview](#can-i-participate-in-the-private-preview-of-shadow-protection)) extends behavioral-based blocking and containment capabilities by blocking malicious artifacts or behaviors even if [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) is not your active antivirus protection. If your organization has decided to use an antivirus solution other than Windows Defender Antivirus, you are still protected through shadow protection.
|
||||
When enabled, shadow protection extends behavioral-based blocking and containment capabilities by blocking malicious artifacts or behaviors observed through post-breach protection. This is the case even if [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) is not your active antivirus protection. Shadow protection is useful if your organization has not fully transitioned to Windows Defender Antivirus and if you are presently using a third-party antivirus solution. Shadow protection works behind the scenes by remediating malicious entities identified in post-breach protection that the existing third-party antivirus solution missed.
|
||||
|
||||
> [!TIP]
|
||||
> To get the best protection, [deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline). And see [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus).
|
||||
> [!NOTE]
|
||||
> Shadow protection is currently in [limited private preview](#can-i-participate-in-the-private-preview-of-shadow-protection).
|
||||
|
||||
To get the best protection, [deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline). And see [Better together: Windows Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus).
|
||||
|
||||
## What happens when something is detected?
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user