mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-17 15:57:23 +00:00
Merge branch 'master' into retirearticle
This commit is contained in:
Tina Burden
GitHub
commit
23bde3474b
@ -22,9 +22,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
|
||||
|
||||
|
||||
@ -22,7 +22,9 @@ ms.technology: mde
|
||||
# Take action on advanced hunting query results
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
|
||||
|
||||
|
||||
@ -25,8 +25,9 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink)
|
||||
|
||||
|
||||
@ -21,16 +21,18 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
|
||||
|
||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||
|
||||
|
||||
|
||||
## Methods
|
||||
|
||||
Method |Return Type |Description
|
||||
|
||||
@ -26,8 +26,8 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
## Conditional Access with Defender for Endpoint for Android
|
||||
Microsoft Defender for Endpoint for Android along with Microsoft Intune and Azure Active
|
||||
|
||||
@ -25,10 +25,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Defender for Endpoint](microsoft-defender-atp-android.md)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
Learn how to deploy Defender for Endpoint for Android on Intune
|
||||
Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your
|
||||
@ -53,7 +52,7 @@ Learn how to deploy Defender for Endpoint for Android on Intune Company Portal -
|
||||
center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
|
||||
**Android Apps** \> **Add \> Android store app** and choose **Select**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
2. On the **Add app** page and in the *App Information* section enter:
|
||||
@ -65,7 +64,7 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
|
||||
|
||||
Other fields are optional. Select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Choose **Select** and then **Next**.
|
||||
|
||||
@ -73,14 +72,14 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
|
||||
>The selected user group should consist of Intune enrolled users.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
|
||||
|
||||
In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5. In the app information page that is displayed, in the **Monitor** section,
|
||||
@ -88,7 +87,7 @@ select **Device install status** to verify that the device installation has
|
||||
completed successfully.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
### Complete onboarding and check status
|
||||
@ -125,14 +124,14 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
|
||||
**Android Apps** \> **Add** and select **Managed Google Play app**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
2. On your managed Google Play page that loads subsequently, go to the search
|
||||
box and lookup **Microsoft Defender.** Your search should display the Microsoft
|
||||
Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result.
|
||||
|
||||
|
||||
|
||||
|
||||
3. In the App description page that comes up next, you should be able to see app
|
||||
details on Defender for Endpoint. Review the information on the page and then
|
||||
@ -182,7 +181,7 @@ Defender ATP should be visible in the apps list.
|
||||
|
||||
1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
|
||||
|
||||
|
||||
|
||||
|
||||
1. In the **Create app configuration policy** page, enter the following details:
|
||||
|
||||
@ -202,19 +201,19 @@ Defender ATP should be visible in the apps list.
|
||||
Then select **OK**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
1. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
1. In the **Review + Create** page that comes up next, review all the information and then select **Create**. <br>
|
||||
@ -222,7 +221,7 @@ Defender ATP should be visible in the apps list.
|
||||
The app configuration policy for Defender for Endpoint autogranting the storage permission is now assigned to the selected user group.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
|
||||
10. Select **Microsoft Defender ATP** app in the list \> **Properties** \>
|
||||
|
||||
@ -21,8 +21,8 @@ ms.technology: mde
|
||||
# Microsoft Defender for Endpoint for Android - Privacy information
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
Defender for Endpoint for Android collects information from your configured
|
||||
|
||||
@ -27,12 +27,12 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Defender for Endpoint](microsoft-defender-atp-android.md)
|
||||
When onboarding a device, you might see sign in issues after the app is installed.
|
||||
|
||||
During onboarding, you might encounter sign in issues after the app is installed on your device.
|
||||
|
||||
This article provides solutions to address the sign on issues.
|
||||
This article provides solutions to help address sign in issues.
|
||||
|
||||
## Sign in failed - unexpected error
|
||||
**Sign in failed:** *Unexpected error, try later*
|
||||
@ -71,22 +71,22 @@ have a license for Microsoft 365 Enterprise subscription.
|
||||
|
||||
Contact your administrator for help.
|
||||
|
||||
## Phishing pages are not blocked on specific OEM devices
|
||||
## Phishing pages aren't blocked on some OEM devices
|
||||
|
||||
**Applies to:** Specific OEMs only
|
||||
|
||||
- **Xiaomi**
|
||||
|
||||
Phishing and harmful web connection threats detected by Defender for Endpoint
|
||||
for Android are not blocked on some Xiaomi devices. The following functionality does not work on these devices.
|
||||
Phishing and harmful web threats that are detected by Defender for Endpoint
|
||||
for Android are not blocked on some Xiaomi devices. The following functionality doesn't work on these devices.
|
||||
|
||||
|
||||
|
||||
|
||||
**Cause:**
|
||||
|
||||
Xiaomi devices introduced a new permission that prevents Defender for Endpoint
|
||||
for Android app from displaying pop-up windows while running in the background.
|
||||
Xiaomi devices include a new permission model. This prevents Defender for Endpoint
|
||||
for Android from displaying pop-up windows while it runs in the background.
|
||||
|
||||
Xiaomi devices permission: "Display pop-up windows while running in the
|
||||
background."
|
||||
|
||||
@ -25,8 +25,8 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender for Endpoint](microsoft-defender-atp-android.md)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT
|
||||
|
||||
|
||||
@ -23,10 +23,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
The Microsoft Defender for Endpoint API Explorer is a tool that helps you explore various Defender for Endpoint APIs interactively.
|
||||
|
||||
|
||||
@ -22,8 +22,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
@ -58,11 +60,11 @@ For the Application registration stage, you must have a **Global administrator**
|
||||
|
||||
- **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
|
||||
|
||||
|
||||
|
||||
|
||||
- Choose **Application permissions** > **Alert.Read.All** > Click on **Add permissions**
|
||||
|
||||
|
||||
|
||||
|
||||
**Important note**: You need to select the relevant permissions. 'Read All Alerts' is only an example!
|
||||
|
||||
|
||||
@ -22,8 +22,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
@ -31,7 +33,7 @@ Automating security procedures is a standard requirement for every modern Securi
|
||||
|
||||
Microsoft Defender API has an official Flow Connector with many capabilities.
|
||||
|
||||
|
||||
|
||||
|
||||
## Usage example
|
||||
|
||||
@ -41,15 +43,15 @@ The following example demonstrates how to create a Flow that is triggered any ti
|
||||
|
||||
2. Go to **My flows** > **New** > **Automated-from blank**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Choose a name for your Flow, search for "Microsoft Defender ATP Triggers" as the trigger, and then select the new Alerts trigger.
|
||||
|
||||
|
||||
|
||||
|
||||
Now you have a Flow that is triggered every time a new Alert occurs.
|
||||
|
||||
|
||||
|
||||
|
||||
All you need to do now is choose your next steps.
|
||||
For example, you can isolate the device if the Severity of the Alert is High and send an email about it.
|
||||
@ -63,7 +65,7 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the
|
||||
|
||||
3. Set the **Alert ID** from the last step as **Input**.
|
||||
|
||||
|
||||
|
||||
|
||||
### Isolate the device if the Alert's severity is High
|
||||
|
||||
@ -73,7 +75,7 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the
|
||||
|
||||
If yes, add the **Microsoft Defender ATP - Isolate machine** action with the Machine ID and a comment.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Add a new step for emailing about the Alert and the Isolation. There are multiple email connectors that are very easy to use, such as Outlook or Gmail.
|
||||
|
||||
|
||||
@ -22,10 +22,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
|
||||
|
||||
@ -86,9 +85,9 @@ Field numbers match the numbers in the images below.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -22,8 +22,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
@ -92,17 +94,17 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a
|
||||
|
||||
- Click **Edit Credentials**
|
||||
|
||||
|
||||
|
||||
|
||||
- Select **Organizational account** > **Sign in**
|
||||
|
||||
|
||||
|
||||
|
||||
- Enter your credentials and wait to be signed in
|
||||
|
||||
- Click **Connect**
|
||||
|
||||
|
||||
|
||||
|
||||
- Now the results of your query will appear as table and you can start build visualizations on top of it!
|
||||
|
||||
|
||||
@ -21,6 +21,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
## APIs
|
||||
|
||||
|
||||
@ -22,10 +22,12 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
|
||||
|
||||
|
||||
@ -27,7 +27,9 @@ ms.technology: mde
|
||||
**Applies to:**
|
||||
- Azure Active Directory
|
||||
- Office 365
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
|
||||
@ -23,10 +23,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
|
||||
|
||||
|
||||
@ -21,10 +21,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
## Is attack surface reduction (ASR) part of Windows?
|
||||
|
||||
|
||||
@ -22,10 +22,10 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
## Why attack surface reduction rules are important
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Test how Microsoft Defender ATP features work in audit mode
|
||||
description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it was enabled.
|
||||
title: Test how Microsoft Defender for Endpoint features work in audit mode
|
||||
description: Audit mode helps you see how Microsoft Defender for Endpoint would protect your devices if it was enabled.
|
||||
keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
@ -20,14 +20,14 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature.
|
||||
|
||||
You may want to enable audit mode when testing how the features will work in your organization. Ensure it doesn't affect your line-of-business apps, and get an idea of how many suspicious file modification attempts generally occur over a certain period of time.
|
||||
You may want to enable audit mode when testing how the features will work in your organization. This will help make sure your line-of-business apps aren't affected. You can also get an idea of how many suspicious file modification attempts occur over a certain period of time.
|
||||
|
||||
The features won't block or prevent apps, scripts, or files from being modified. However, the Windows Event Log will record events as if the features were fully enabled. With audit mode, you can review the event log to see what impact the feature would have had if it was enabled.
|
||||
|
||||
@ -35,18 +35,16 @@ To find the audited entries, go to **Applications and Services** > **Microsoft**
|
||||
|
||||
You can use Defender for Endpoint to get greater details for each event, especially for investigating attack surface reduction rules. Using the Defender for Endpoint console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
|
||||
|
||||
This article provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
|
||||
|
||||
You can use Group Policy, PowerShell, and configuration service providers (CSPs) to enable audit mode.
|
||||
|
||||
>[!TIP]
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
|
||||
|
||||
Audit options | How to enable audit mode | How to view events
|
||||
-|-|-
|
||||
Audit applies to all events | [Enable controlled folder access](enable-controlled-folders.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer)
|
||||
Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](evaluate-attack-surface-reduction.md#review-attack-surface-reduction-events-in-windows-event-viewer)
|
||||
Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer)
|
||||
**Audit options** | **How to enable audit mode** | **How to view events**
|
||||
|---------|---------|---------|
|
||||
| Audit applies to all events | [Enable controlled folder access](enable-controlled-folders.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer)
|
||||
| Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](evaluate-attack-surface-reduction.md#review-attack-surface-reduction-events-in-windows-event-viewer)
|
||||
| Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer)
|
||||
| Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection.md#review-exploit-protection-events-in-windows-event-viewer)
|
||||
|
||||
## Related topics
|
||||
|
||||
@ -25,8 +25,14 @@ ms.technology: mde
|
||||
|
||||
During and after an automated investigation, remediation actions for threat detections are identified. Depending on the particular threat and how [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) is configured for your organization, some remediation actions are taken automatically, and others require approval. If you're part of your organization's security operations team, you can view pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) in the **Action center**.
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
## (NEW!) A unified Action center
|
||||
|
||||
|
||||
We are pleased to announce a new, unified Action center ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center))!
|
||||
|
||||
:::image type="content" source="images/mde-action-center-unified.png" alt-text="Action center in Microsoft 365 security center":::
|
||||
|
||||
@ -25,11 +25,12 @@ ms.custom: AIR
|
||||
|
||||
# Overview of automated investigations
|
||||
|
||||
**Applies to**
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806)
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
If your organization is using Microsoft Defender for Endpoint, your security operations team receives an alert whenever a malicious or suspicious artifact is detected. Given the seemingly never-ending flow of threats that come in, security teams often face challenges in addressing the high volume of alerts. Fortunately, Defender for Endpoint includes automated investigation and remediation (AIR) capabilities that can help your security operations team address threats more efficiently and effectively.
|
||||
|
||||
Want to see how it works? Watch the following video: <br/><br/>
|
||||
|
||||
|
||||
@ -25,6 +25,10 @@ ms.custom: AIR
|
||||
|
||||
# Automation levels in automated investigation and remediation capabilities
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
Automated investigation and remediation (AIR) capabilities in Microsoft Defender for Endpoint can be configured to one of several levels of automation. Your automation level affects whether remediation actions following AIR investigations are taken automatically or only upon approval.
|
||||
- *Full automation* (recommended) means remediation actions are taken automatically on artifacts determined to be malicious.
|
||||
- *Semi-automation* means some remediation actions are taken automatically, but other remediation actions await approval before being taken. (See the table in [Levels of automation](#levels-of-automation).)
|
||||
|
||||
@ -23,9 +23,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Azure Active Directory
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
|
||||
|
||||
@ -50,6 +51,7 @@ You can assign users with one of the following levels of permissions:
|
||||
> [!NOTE]
|
||||
> You need to run the PowerShell cmdlets in an elevated command-line.
|
||||
|
||||
|
||||
- Connect to your Azure Active Directory. For more information, see [Connect-MsolService](https://docs.microsoft.com/powershell/module/msonline/connect-msolservice?view=azureadps-1.0&preserve-view=true).
|
||||
|
||||
**Full access** <br>
|
||||
|
||||
@ -24,10 +24,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
|
||||
|
||||
|
||||
@ -31,7 +31,9 @@ ms.technology: mde
|
||||
- Windows Server (SAC) version 1803 and later
|
||||
- Windows Server 2019 and later
|
||||
- Windows Server 2019 core edition
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
|
||||
|
||||
@ -157,7 +159,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
|
||||
|
||||
> [!NOTE]
|
||||
> - The Onboarding package for Windows Server 2019 through Microsoft Endpoint Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs).
|
||||
> - A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune.
|
||||
> - A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, or Microsoft Endpoint Configuration Manager.
|
||||
|
||||
Support for Windows Server provides deeper insight into server activities, coverage for kernel and memory attack detection, and enables response actions.
|
||||
|
||||
|
||||
@ -22,10 +22,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
|
||||
|
||||
|
||||
@ -24,9 +24,12 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Connected applications integrates with the Defender for Endpoint platform using APIs.
|
||||
|
||||
Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender for Endpoint APIs. In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
|
||||
|
||||
@ -24,7 +24,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience.
|
||||
|
||||
@ -40,7 +43,7 @@ At a minimum, you must have a Service Support Administrator **OR** Helpdesk Admi
|
||||
|
||||
For more information on which roles have permission see, [Security Administrator permissions](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles#security-administrator-permissions). Roles that include the action `microsoft.office365.supportTickets/allEntities/allTasks` can submit a case.
|
||||
|
||||
For general information on admin roles, see [About admin roles](https://docs.microsoft.com/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide).
|
||||
For general information on admin roles, see [About admin roles](https://docs.microsoft.com/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide&preserve-view=true).
|
||||
|
||||
|
||||
## Access the widget
|
||||
|
||||
@ -23,8 +23,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
## What is controlled folder access?
|
||||
|
||||
|
||||
@ -21,8 +21,9 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
|
||||
@ -25,8 +25,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
|
||||
|
||||
|
||||
@ -25,7 +25,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.
|
||||
|
||||
|
||||
@ -21,8 +21,10 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
|
||||
|
||||
@ -22,8 +22,11 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
|
||||
|
||||
|
||||
@ -21,8 +21,11 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
|
||||
|
||||
|
||||
@ -23,9 +23,8 @@ ms.technology: mde
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
|
||||
|
||||
@ -22,11 +22,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
|
||||
> [!NOTE]
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender Antivirus compatibility with Microsoft Defender ATP
|
||||
description: Learn about how Windows Defender works with Microsoft Defender ATP and how it functions when a third-party antimalware client is used.
|
||||
keywords: windows defender compatibility, defender, microsoft defender atp
|
||||
title: Microsoft Defender Antivirus compatibility with Defender for Endpoint
|
||||
description: Learn about how Windows Defender works with Microsoft Defender for Endpoint and how it functions when a third-party antimalware client is used.
|
||||
keywords: windows defender compatibility, defender, microsoft defender atp, defender for endpoint, antivirus, mde
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
@ -19,17 +19,13 @@ ms.date: 04/24/2018
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Microsoft Defender Antivirus compatibility with Microsoft Defender ATP
|
||||
# Microsoft Defender Antivirus compatibility with Microsoft Defender for Endpoint
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- Windows Defender
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
|
||||
|
||||
@ -21,10 +21,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
|
||||
|
||||
@ -53,6 +54,8 @@ Application | Ti.ReadWrite.All | 'Read and write Indicators'
|
||||
Delete https://api.securitycenter.microsoft.com/api/indicators/{id}
|
||||
```
|
||||
|
||||
[!include[Improve request performance](../../includes/improve-request-performance.md)]
|
||||
|
||||
## Request headers
|
||||
|
||||
Name | Type | Description
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Deployment phases
|
||||
description: Learn how to deploy Microsoft Defender ATP by preparing, setting up, and onboarding endpoints to that service
|
||||
description: Learn how to deploy Microsoft Defender for Endpoint by preparing, setting up, and onboarding endpoints to that service
|
||||
keywords: deploy, prepare, setup, onboard, phase, deployment, deploying, adoption, configuring
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
@ -25,8 +25,10 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Learn how to deploy Microsoft Defender for Endpoint so that your enterprise can take advantage of preventative protection, post-breach detection, automated investigation, and response.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Deploy Microsoft Defender ATP in rings
|
||||
description: Learn how to deploy Microsoft Defender ATP in rings
|
||||
title: Deploy Microsoft Defender for Endpoint in rings
|
||||
description: Learn how to deploy Microsoft Defender for Endpoint in rings
|
||||
keywords: deploy, rings, evaluate, pilot, insider fast, insider slow, setup, onboard, phase, deployment, deploying, adoption, configuring
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
@ -20,15 +20,17 @@ ms.topic: article
|
||||
ms.technology: mde
|
||||
---
|
||||
|
||||
# Deploy Microsoft Defender ATP in rings
|
||||
# Deploy Microsoft Defender for Endpoint in rings
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Deploying Microsoft Defender ATP can be done using a ring-based deployment approach.
|
||||
Deploying Microsoft Defender for Endpoint can be done using a ring-based deployment approach.
|
||||
|
||||
The deployment rings can be applied in the following scenarios:
|
||||
- [New deployments](#new-deployments)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Plan your Microsoft Defender ATP deployment
|
||||
description: Select the best Microsoft Defender ATP deployment strategy for your environment
|
||||
title: Plan your Microsoft Defender for Endpoint deployment
|
||||
description: Select the best Microsoft Defender for Endpoint deployment strategy for your environment
|
||||
keywords: deploy, plan, deployment strategy, cloud native, management, on prem, evaluation, onboarding, local, group policy, gp, endpoint manager, mem
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
@ -22,7 +22,8 @@ ms.technology: mde
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender ATP device timeline event flags
|
||||
description: Use Microsoft Defender ATP device timeline event flags to
|
||||
keywords: Defender ATP device timeline, event flags
|
||||
title: Microsoft Defender for Endpoint device timeline event flags
|
||||
description: Use Microsoft Defender for Endpoint device timeline event flags to
|
||||
keywords: Defender for Endpoint device timeline, event flags
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: deploy
|
||||
@ -21,7 +21,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
Event flags in the Defender for Endpoint device timeline help you filter and organize specific events when you're investigate potential attacks.
|
||||
|
||||
|
||||
@ -26,10 +26,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
## What is EDR in block mode?
|
||||
|
||||
|
||||
@ -20,6 +20,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
[Attack surface reduction rules](attack-surface-reduction.md) (ASR rules) help prevent actions that malware often abuses to compromise devices and networks. You can set ASR rules for devices running any of the following editions and versions of Windows:
|
||||
- Windows 10 Pro, [version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later
|
||||
|
||||
@ -20,10 +20,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
[Controlled folder access](controlled-folders.md) helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is included with Windows 10 and Windows Server 2019.
|
||||
|
||||
|
||||
@ -19,10 +19,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
[Exploit protection](exploit-protection.md) helps protect against malware that uses exploits to infect devices and spread. Exploit protection consists of a number of mitigations that can be applied to either the operating system or individual apps.
|
||||
|
||||
|
||||
@ -19,10 +19,11 @@ ms.technology: mde
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
|
||||
|
||||
* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
|
||||
|
||||
[Network protection](network-protection.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the internet. You can [audit network protection](evaluate-network-protection.md) in a test environment to view which apps would be blocked before you enable it.
|
||||
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 2.8 KiB |
@ -27,6 +27,8 @@ ms.technology: mde
|
||||
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
|
||||
The following managed security service providers can be accessed through the portal.
|
||||
|
||||
Logo |Partner name | Description
|
||||
:---|:---|:---
|
||||
| [BDO Digital](https://go.microsoft.com/fwlink/?linkid=2090394) | BDO Digital's Managed Defense leverages best practice tools, AI, and in-house security experts for 24/7/365 identity protection
|
||||
@ -41,6 +43,7 @@ Logo |Partner name | Description
|
||||
| [SecureWorks Managed Detection and Response Powered by Red Cloak](https://go.microsoft.com/fwlink/?linkid=2133634) | Secureworks combines threat intelligence and 20+ years of experience into SaaS and managed security solutions
|
||||
| [sepagoSOC](https://go.microsoft.com/fwlink/?linkid=2090491) | Ensure holistic security through sophisticated automated workflows in your zero trust environment
|
||||
| [Trustwave Threat Detection & Response Services](https://go.microsoft.com/fwlink/?linkid=2127542) | Threat Detection and Response services for Azure leveraging integrations with Sentinel and Defender for Endpoint
|
||||
| [White Shark Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2154210) |True expert approach to cyber security with transparent pricing on every platform, mobile included.
|
||||
| [Wortell's cloud SOC](https://go.microsoft.com/fwlink/?linkid=2108415) | 24x7 managed Defender for Endpoint service for monitoring & response
|
||||
| [Zero Trust Analytics Platform (ZTAP)](https://go.microsoft.com/fwlink/?linkid=2090971) | Reduce your alerts by 99% and access a full range of security capabilities from mobile devices
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user