From 84f185edd619282636ecaee93761d566c3629ac2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 4 Jan 2021 16:59:42 -0800 Subject: [PATCH 1/3] Added vertical space --- .../microsoft-defender-atp/basic-permissions.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index 9cddee17c5..1c8fc2eacd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -63,10 +63,13 @@ Assigning read-only access rights requires adding the users to the "Security Rea Use the following steps to assign security roles: - For **read and write** access, assign users to the security administrator role by using the following command: + ```PowerShell Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com" ``` + - For **read-only** access, assign users to the security reader role by using the following command: + ```PowerShell Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress "reader@Contoso.onmicrosoft.com" ``` From b5a5fb637f136d31a5276e2db48a68958a5b6d8a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 4 Jan 2021 17:00:10 -0800 Subject: [PATCH 2/3] Labeled code blocks with valid content types --- .../microsoft-defender-atp/get-ip-statistics.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index 8b78df80cd..c34fe0e526 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -51,7 +51,8 @@ Delegated (work or school account) | Ip.Read.All | 'Read IP address profiles' >- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) ## HTTP request -``` + +```http GET /api/ips/{ip}/stats ``` @@ -75,7 +76,7 @@ If successful and ip exists - 200 OK with statistical data in the body. IP do no Here is an example of the request. -``` +```http GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats ``` @@ -84,7 +85,7 @@ GET https://api.securitycenter.microsoft.com/api/ips/10.209.67.177/stats Here is an example of the response. -``` +```http HTTP/1.1 200 OK Content-type: application/json { From 695fb9a00ff804726b428b58a636280353a0e394 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 4 Jan 2021 17:06:33 -0800 Subject: [PATCH 3/3] Corrected code block labels and second-level list formatting Valid types for code blocks are listed here: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=master --- .../microsoft-defender-atp/respond-file-alerts.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index ef8a82a89f..05fd5e59e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -94,6 +94,7 @@ This action takes effect on devices with Windows 10, version 1703 or later, wher ![Image of stop and quarantine file modal window](images/atp-stop-quarantine.png) The Action center shows the submission information: + ![Image of stop and quarantine file action center](images/atp-stopnquarantine-file.png) - **Submission time** - Shows when the action was submitted. @@ -118,13 +119,13 @@ You can roll back and remove a file from quarantine if you’ve determined that 1. Open an elevated command–line prompt on the device: - a. Go to **Start** and type _cmd_. + 1. Go to **Start** and type _cmd_. - b. Right–click **Command prompt** and select **Run as administrator**. + 1. Right–click **Command prompt** and select **Run as administrator**. 2. Enter the following command, and press **Enter**: - ```Powershell + ```powershell “%ProgramFiles%\Windows Defender\MpCmdRun.exe” –Restore –Name EUS:Win32/CustomEnterpriseBlock –All ``` @@ -273,11 +274,14 @@ The details provided can help you investigate if there are indications of a pote If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps. 1. Ensure that the file in question is a PE file. PE files typically have _.exe_ or _.dll_ extensions (executable programs or applications). + 1. Ensure the service has access to the file, that it still exists, and has not been corrupted or modified. + 1. You can wait a short while and try to submit the file again, in case the queue is full or there was a temporary connection or communication error. + 1. If the sample collection policy is not configured, then the default behavior is to allow sample collection. If it is configured, then verify the policy setting allows sample collection before submitting the file again. When sample collection is configured, then check the following registry value: - ```Powershell + ```powershell Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection Name: AllowSampleCollection Type: DWORD @@ -287,6 +291,7 @@ If you encounter a problem when trying to submit a file, try each of the followi ``` 1. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp.md). + 1. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com). ## Related topics