deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 05:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updated text

Browse Source
This commit is contained in:
Beth Levin 2019-05-02 13:27:56 -07:00
parent 9751c86e85
commit 1d73fc4ce5
3 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/deployment/images/wada.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 223 KiB

40
windows/security/threat-protection/windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md
View File

@ -23,30 +23,11 @@ Add tags on machines to create a logical group affiliation. Machine tags support
You can add tags on machines using the following ways:
- Setting a registry key value
- Using the portal
- Setting a registry key value
To add machine tags using API, see [Add or remove machine tags API](add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md).
## Add machine tags by setting a registry key value
>[!NOTE]
> Applicable only on the following machines:
>- Windows 10, version 1709 or later
>- Windows Server, version 1803 or later
>- Windows Server 2016
>- Windows Server 2012 R2
Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
Use the following registry key entry to add a tag on a machine:
- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
- Registry key value (string): Group
>[!NOTE]
>The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report.
## Add and manage machine tags using the portal
1. Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
@ -71,3 +52,22 @@ Tags are added to the machine view and will also be reflected on the **Machines
You can also delete tags from this view.
![Image of adding tags on a machine](images/more-manage-tags.png)
## Add machine tags by setting a registry key value
>[!NOTE]
> Applicable only on the following machines:
>- Windows 10, version 1709 or later
>- Windows Server, version 1803 or later
>- Windows Server 2016
>- Windows Server 2012 R2
Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines.
Use the following registry key entry to add a tag on a machine:
- Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
- Registry key value (string): Group
>[!NOTE]
>The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report.

6
windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -45,18 +45,20 @@ Response actions run along the top of a specific machine page.
Add or manage tags to create a logical group affiliation. Machine tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident.
For more information on machine tagging, see [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection).
For more information on machine tagging, see [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md).
## Initiate Automated Investigation
You can start a new general purpose automated investigation on the machine if needed. While an investigation is running, any other alert generated from the machine will be added to an ongoing Automated investigation until that investigation is completed. In addition, if the same threat is seen on other machines, those machines are added to the investigation.
For more information on automated investigations, see [Overview of Automated investigations](automated-investigations-windows-defender-advanced-threat-protection).
For more information on automated investigations, see [Overview of Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
## Initiate Live Response Session
You can start a Live Response session on the machine if needed.
For more info, see [live response](live-response.md)
## Collect investigation package from machines
As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.