deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Updated EOD's two step proc

Browse Source
This commit is contained in:
Dulce Montemayor 2019-08-21 16:43:47 -07:00 committed by GitHub
parent 4677672500
commit 0f750505d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
View File

@ -68,39 +68,14 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
>[!NOTE]
>Alert inquiries related to your organization's customized threat intelligence data are currently not supported. Consult your security operations or incident response team for details.
1. Navigate to the portal page with the relevant information that you'd like to investigate, for example, the **Incident** page. Ensure that the page for the relevant alert or machine is in view before you send an inquiry.
1. Navigate to the portal page with the relevant information that you'd like to investigate, for example, the **Incident** page. Ensure that the page for the relevant alert or machine is in view before you send an investigation request.
2. From the upper right-hand menu, click **?**. Then, select **Consult a threat expert**.
3. Asking a threat expert is a two-step process: provide the necessary information and open a support ticket.
**Step 1: Provide information**
a. Provide enough information to give the Microsoft Threat Experts enough context to start the investigation. Select the inquiry category from the **Provide information > Inquiry** details drop-down menu. <br>
b. Enter the additional details to give the threat experts more context of what youd like to investigate. Click **Next**, and it takes you to the **Open support ticket** tab. <br>
c. Remember to use the ID number from the **Open a support ticket** tab page and include it to the details you will provide in the subsequent Customer Services and Support (CSS) pages. <br>
3. In the **Investigation topic** field, provide the link to the relevant page for your investigation request. For example, a link to the incident, alert, or machine details page that you would like to investigate.
4. In the next field, provide enough information to give the Microsoft Threat Experts enough context to start the investigation.
5. Enter the email address that you'd like to use to correspond with Microsoft Threat Experts.
**Step 2: Open a support ticket**
>[!NOTE]
>To experience the full Microsoft Threat Experts preview capability in Microsoft Defender ATP, you need a Premier customer service and support account. However, you will not be charged for the Experts-on-demand service during the preview.
a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**: <br>
**Select the product family**: **Security**<br>
**Select a product**: **Microsoft Threat Experts**<br>
**Select a category that best describes the issue**: **Microsoft Defender ATP**<br>
**Select a problem that best describes the issue**: Choose according to your inquiry category<br>
b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**. <br>
c. In the **Select a support plan** page, select **Professional No Charge**. <br>
d. The severity of your issue has been pre-selected by default, per the support plan, **Professional No Charge**, that you'll use for this public preview. Select the time zone by which you'd like to receive the correspondence. Then, click **Next**. <br>
e. Verify your contact details and add another if necessary. Then, click **Next**. <br>
f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. A confirmation page indicating the response time and your support request number shows. <br>
## Sample questions to ask Microsoft Threat Experts
## Sample investigation topics that you can consult with Microsoft Threat Experts
**Alert information**
- We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?