content for ip

2025-06-15 02:13:43 +00:00 · 2019-05-20 21:53:12 -07:00
parent f2e71a516f
commit 10a330b68e
4 changed files with 22 additions and 4 deletions
--- a/windows/security/threat-protection/microsoft-defender-atp/images/data-sensitivity-column.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/data-sensitivity-column.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/incident-page.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/incident-page.png
--- a/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png
--- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md
@ -22,14 +22,32 @@ ms.topic: article

 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

-A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be involved so that corporate data and information are protected.
+A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be jeopardy so that corporate data and information are protected.

-Microsoft Defender ATP helps to make the prioritization of security incidents where sensitive information are involved easier with the use of sensitivity labels.
+Microsoft Defender ATP helps to make the prioritization of security incidents much simplier with the use of sensitivity labels. Sensitivity labels quickly identify incidents that may involve machines with sensitive information such as confidential information. 
+
+## Investigate incidents that involve sensitive data
+Learn how to use data sensitivity labels to prioritize incident investigation.

 1. In Microsoft Defender Security Center, select **Incidents**. 

 2. Scroll to the right to see the **Data sensitivity** column. This column reflects sensitivity labels that have been observed on machines related to the incidents providing an indication of whether sensitive files may be impacted by the incident.

-3. Open the incident page to further investigate. 
+    ![Image of data sensitivity column](images/data-sensitivity-column.png)

-4. Select the **Machines** tab to identify machines storing files with sensitivity labels.
+3. Open the incident page to further investigate.
+
+    ![Image of incident page details](images/incident-page.png)
+
+4. Select the **Machines** tab to identify machines storing files with sensitivity labels.
+
+    ![Image of machine tab](images/investigate-machines-tab.png)
+
+5. Select the machines that store sensitive data and search through the timeline to identify which files may be impacted then take appropriate action to ensure that data is protected. 
+
+>[!NOTE] 
+> The event side pane now provides additional insight to the WIP and AIP protection status.  
+
+
+>[!TIP]
+>These data points are also exposed through the ‘FileCreationEvents’ in advanced hunting, allowing advanced queries and schedule detection to take into account sensitivity labels and file protection status.