diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md index 4e2100d5a6..abad7e5b8f 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md @@ -34,9 +34,9 @@ In Windows Defender ATP, you can create machine groups and use them to: As part of the process of creating a machine group, you'll: - Set the automated remediation level for that group. For more information on remediation levels, see [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md). -- Define a matching rule based on the machine name, domain, tags, and OS platform to determine which machines belong to the group. If a machine is also matched to other groups, it is added only to the highest ranked machine group. -- Determine access to machine group -- Rank the machine group relative to other groups after it is created +- Specify the matching rule that determines which machine group belongs to the group based on the machine name, domain, tags, and OS platform. If a machine is also matched to other groups, it is added only to the highest ranked machine group. +- Select the Azure AD user group that should have access to the machine group. +- Rank the machine group relative to other groups after it is created. >[!NOTE] >A machine group is accessible to all users if you don’t assign any Azure AD groups to it. @@ -48,12 +48,7 @@ As part of the process of creating a machine group, you'll: 2. Click **Add machine group**. -3. Set the machine group details, configure an association rule, preview the results, then assign the group to an Azure user group: - - - **Name** - - **Remediation level for automated investigations** - - **Description** - - **Matching rule** – you can apply the rule based on machine name, domain, tag, or OS version. +3. Enter machine group details, specify the matching rule, preview the results, then assign the group to an Azure AD user group. >[!TIP] >If you want to group machines by organizational unit, you can configure the registry key for the group affiliation. For more information on device tagging, see [Manage machine group and tags](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#manage-machine-group-and-tags). @@ -72,7 +67,7 @@ As part of the process of creating a machine group, you'll: You can promote or demote the rank of a machine group so that it is given higher or lower priority during matching. When a machine is matched to more than one group, it is added only to the highest ranked group. You can also edit and delete groups. >[!WARNING] ->Deleting a machine group may affect email notification rules. If a machine group is configured under an email notification rule it will be removed from that rule. If the machine group is the only group configured for an email notification, that email notification rule will be deleted along with the machine group. +>Deleting a machine group may affect email notification rules. If a machine group is configured under an email notification rule, it will be removed from that rule. If the machine group is the only group configured for an email notification, that email notification rule will be deleted along with the machine group. By default, machine groups are accessible to all users with portal access. You can change the default behavior by assigning Azure AD user groups to the machine group.