deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-26 07:43:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into FromPrivateRepo

Browse Source
This commit is contained in:
huaping yu
2019-07-11 15:40:51 -07:00
parent 50f7d394ed a11a0319dc
commit 1a5b838647
50 changed files with 479 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
View File

@ -138,12 +138,22 @@ Turning this setting on forwards signals to Azure Information Protection, giving
## Microsoft Intune connection
This feature is only available if you have an active Microsoft Intune (Intune) license.
Microsoft Defender ATP can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [enable this feature](configure-conditional-access.md), you'll be able to share Microsoft Defender ATP device information with Intune, enhancing policy enforcement.
When you enable this feature, you'll be able to share Microsoft Defender ATP device information to Intune and enhance policy enforcement.
>[!IMPORTANT]
>You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. For more information on specific steps, see [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md).
This feature is only available if you have the following:
- A licensed tenant for Enterprise Mobility + Security E3, and Windows E5 (or Microsoft 365 Enterprise E5)
- An active Microsoft Intune environment, with Intune-managed Windows 10 devices [Azure AD-joined](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join/).
### Conditional Access policy
When you enable Intune integration, Intune will automatically create a classic Conditional Access (CA) policy. This classic CA policy is a prerequisite for setting up status reports to Intune. It should not be deleted.
>[!NOTE]
>You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature.
> The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints.
## Preview features

16
windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
View File

@ -1,7 +1,7 @@
---
title: Configure Conditional Access in Microsoft Defender ATP
description:
keywords:
description: Learn about steps that you need to do in Intune, Microsoft Defender Security Center, and Azure to implement Conditional access
keywords: conditional access, conditional, access, device risk, risk level, integration, intune integration
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 09/03/2018
---
# Configure Conditional Access in Microsoft Defender ATP
@ -29,17 +28,24 @@ This section guides you through all the steps you need to take to properly imple
>It's important to note that Azure AD registered devices is not supported in this scenario.</br>
>Only Intune enrolled devices are supported.
You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune:
- IT Admin: For more information on how to enabling auto-enrollment, see [Windows Enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment)
- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune](https://docs.microsoft.com/intune-user-help/enroll-your-w10-device-access-work-or-school)
- End-user alternative: For more information on joining an Azure AD domain, see [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup).
- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune]https://docs.microsoft.com/intune/quickstart-enroll-windows-device)
- End-user alternative: For more information on joining an Azure AD domain, see [How to: Plan your Azure AD join implementation](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan).
There are steps you'll need to take in Microsoft Defender Security Center, the Intune portal, and Azure AD portal.
It's important to note the required roles to access these portals and implement Conditional access:
- **Microsoft Defender Security Center** - You'll need to sign into the portal with a global administrator role to turn on the integration.
- **Intune** - You'll need to sign in to the portal with security administrator rights with management permissions.
- **Azure AD portal** - You'll need to sign in as a global administrator, security administrator, or Conditional Access administrator.
> [!NOTE]
> You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.

13
windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md
View File

@ -95,6 +95,19 @@ getfile c:\Users\user\Desktop\work.txt
getfile c:\Users\user\Desktop\work.txt -auto
```
>[!NOTE]
>
> The following file types **cannot** be downloaded using this command from within Live Response:
>
> * [Reparse point files](/windows/desktop/fileio/reparse-points/)
> * [Sparse files](/windows/desktop/fileio/sparse-files/)
> * Empty files
> * Virtual files, or files that are not fully present locally
>
> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/).
>
> Use PowerShell as an alternative, if you have problems using this command from within Live Response.
## processes
```
# Show all processes

17
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -49,11 +49,20 @@ If you have any feedback that you would like to share, submit it by opening Micr
After you've enabled the service, you may need to configure your network or firewall to allow outbound connections between it and your endpoints.
The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them:
The following table lists the services and their associated URLs that your network must be able to connect to. You should ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an *allow* rule specifically for them.
| Service | Description | URL |
| -------------- | ------------------------------------ | -------------------------------------------------------------------- |
| ATP | Advanced threat protection service | [https://x.cp.wd.microsoft.com](https://x.cp.wd.microsoft.com), [https://cdn.x.cp.wd.microsoft.com](https://cdn.x.cp.wd.microsoft.com) |
| Service location | DNS record |
| ---------------------------------------- | ----------------------- |
| Common URLs for all locations | x.cp.wd.microsoft.com <br/> cdn.x.cp.wd.microsoft.com <br/> eu-cdn.x.cp.wd.microsoft.com <br/> wu-cdn.x.cp.wd.microsoft.com <br/> *.blob.core.windows.net <br/> officecdn-microsoft-com.akamaized.net |
| European Union | europe.x.cp.wd.microsoft.com |
| United Kingdon | unitedkingdom.x.cp.wd.microsoft.com |
| United States | unitedstates.x.cp.wd.microsoft.com |
Microsoft Defender ATP can discover a proxy server by using the following discovery methods:
- Web Proxy Auto-discovery Protocol (WPAD)
- Manual static proxy configuration
If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs.
To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.

2
windows/security/threat-protection/windows-security-configuration-framework/level-1-enterprise-basic-security.md
View File

@ -250,7 +250,7 @@ Microsoft recommends using [the rings methodology](https://docs.microsoft.com/wi
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Local Machine Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Java permissions | Disable Java | This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually. Disable Java to prevent any applets from running. |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled: Enable | Controls whether SmartScreen Filter scans pages in this zone for malicious content. |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Enable | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Locked-Down Trusted Sites Zone | Java permissions | Disable Java | Allows you to configure policy settings according to the default for the selected security level, such Low, Medium, or High. |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Access data sources across domains | Enabled: Disable | This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow active scripting | Disable | This policy setting allows you to manage whether script code on pages in the zone is run. |
| Windows Components / Internet Explorer / Internet Control Panel / Security Page / Restricted Sites Zone | Allow binary and script behaviors | Disable | This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. |