From 1e979d74f560ded86aa0bd011cb05a57aa632e7e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 11 Oct 2018 15:57:08 -0700 Subject: [PATCH] add topics in toc and config for ip content --- windows/security/threat-protection/TOC.md | 2 + .../windows-defender-atp/TOC.md | 2 + .../information-protection.md | 25 ------- ...microsoft-information-protection-config.md | 29 +++++++++ ...rmation-protection-integration-overview.md | 65 +++++++++++++++++++ 5 files changed, 98 insertions(+), 25 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-atp/information-protection.md create mode 100644 windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-config.md create mode 100644 windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-integration-overview.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 391cca39d8..cc7307c5de 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -153,6 +153,7 @@ #### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md) ##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md) ##### [Microsoft Cloud App Security integration overview](windows-defender-atp/microsoft-cloud-app-security-integration.md) +##### [Information protection integration overview](windows-defender-atp/microsoft-information-protection-integration-overview.md) @@ -323,6 +324,7 @@ #### Configure Microsoft threat protection integration ##### [Configure conditional access](windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md) ##### [Configure Microsoft Cloud App Security integration](windows-defender-atp/microsoft-cloud-app-security-config.md) +##### [Configure Microsoft information protection integration](windows-defender-atp/microsoft-cloud-app-security-config.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index ee621938a2..74a524cc2e 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -154,6 +154,7 @@ ### [Microsoft threat protection](threat-protection-integration.md) #### [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md) #### [Microsoft Cloud App Security integration overview](microsoft-cloud-app-security-integration.md) +#### [Information protection integration overview](microsoft-information-protection-integration-overview.md) ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) @@ -319,6 +320,7 @@ ### Configure Microsoft threat protection integration #### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md) #### [Configure Microsoft Cloud App Security integration](microsoft-cloud-app-security-config.md) +####[Configure Microsoft information protection integration](microsoft-cloud-app-security-config.md) ### [Configure Windows Security app settings](preferences-setup-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/information-protection.md b/windows/security/threat-protection/windows-defender-atp/information-protection.md deleted file mode 100644 index ff1a79e35a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/information-protection.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Micorosoft information protection integration with Windows Defender ATP -description: Windows Defender ATP integrates with Windows information protection to identify and protect sensitive information -keywords: information, protection, dlp, wip, data, loss, prevention, protect -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -ms.date: 10/11/2018 ---- - -# Microsoft information protection integration overview -**Applies to:** -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - -Windows Defender ATP seamlessly integrates with various Micorosoft information protection solutions too better protect data and prevent loss. - -Windows Defender ATP leverages data labels set in Office 365 Security and Compliance to discover and identify sentisive or confidnetial files and applies the corresponding Windows Information Protection to enforce endpoint protection. - -For more information, see [How Windows Information Protection protects files with a sensitivity label](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels). - diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-config.md new file mode 100644 index 0000000000..f7c5f5a6ce --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-config.md @@ -0,0 +1,29 @@ +--- +title: Microsoft information protection integration +description: Learn how to expand the coverage of WIP to protect files based on their label, regardless of their origin. +keywords: information, protection, data, loss, prevention, wip, policy, scc, compliance, labels, dlp +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 09/18/2018 +--- + +# Microsoft information protection integration +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +Learn how you can use Windows Defender ATP to expand the coverage of Windows information protection (WIP) to protect files based on their label, regardless of their origin. + +1. Define a WIP policy and assign it to the relevant devices. For more information, see [Protect your enterprise data using Windows Information Protection (WIP)](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). If WIP is already configured on the relevant devices, skip this step. +2. Define which labels need to get WIP protection in Office 365 Security and Compliance. + 1. Go to: **Classifications > Labels**. + 2. Create a new label or edit an existing one. + 3. In the configuration wizard, go to ‘Dlp’ tab and enable WIP. + 4. Repeat for every label that you want to get WIP applied to in Windows. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-integration-overview.md b/windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-integration-overview.md new file mode 100644 index 0000000000..c871673e80 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-information-protection-integration-overview.md @@ -0,0 +1,65 @@ +--- +title: Microsoft information protection integration with Windows Defender ATP +description: Windows Defender ATP integrates with Windows information protection to identify and protect sensitive information +keywords: information, protection, dlp, wip, data, loss, prevention, protect +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +ms.date: 10/11/2018 +--- + +# Microsoft information protection integration overview +**Applies to:** +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +Windows Defender ATP seamlessly integrates with Microsoft information protection solutions to better protect data and prevent loss. + +Windows Defender ATP leverages data labels set in Office 365 Security and Compliance to discover and identify sensitive or confidential files and applies the corresponding Windows Information Protection to enforce endpoint protection. + +For more information, see [How Windows Information Protection protects files with a sensitivity label](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels). + +## Data discovery +Windows Defender ATP automatically discovers files with Azure Information Protection (AIP) labels on Windows devices. + +When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically reports a signal to AIP where you can view: + +### Data Discovery dashboard +This dashboard presents a summarized discovery information of data discovered by both Windows Defender ATP and AIP scanner. Data from Windows Defender ATP is marked with Location Type – Endpoint. + +Notice the Device Risk column on the right, this device risk is derived directly from Windows Defender ATP, indicating the risk level of the security device where the file was discovered, based on the active security threats detected by Windows Defender ATP. + +Clicking the device risk level will redirect you to the device page in Windows Defender ATP, where you can get a comprehensive view of the device security status and its active alerts. + +### Log Analytics +Data Discovery based on Windows Defender ATP is also available in AIP Log Analytics, where you can perform complicated queries over the raw data. + +Open AIP Log Analytics in Azure Portal and open a query builder (standard or classic). + +To view Windows Defender ATP data, perform a query that contains: + + +``` +InformationProtectionLogs_CL +| where Workload_s == "Windows Defender" +``` + +**Prerequisites: ** +- Tenant is enrolled to AIP. +- Enable AIP integration in WDATP: +- To benefit from the above, you need to enable AIP integration in Windows Defender ATP: + - Go to Settings in Windows Defender ATP portal, click on Advanced Settings under General. + + +## Data protection +Windows Defender ATP automatically enables Windows Information Protection (WIP) for labeled files. When a labeled file is created or modified on a Windows device, Windows Defender ATP automatically detects it and enables WIP on that file if its label corresponds with Office Security and Compliance (SCC) policy. + +This functionality expands the coverage of WIP to protect files based on their label, regardless of their origin (which is how WIP decides which files need to be protected). + +For more information, see [Configure Microsoft information protection integration](microsoft-information-protection-config).