mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-20 12:53:38 +00:00
updated-45673810-batch15
rebranding
This commit is contained in:
Lovina Saldanha
@ -25,10 +25,10 @@ ms.topic: article
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
|
||||
|
||||
@ -24,12 +24,12 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Threat and vulnerability management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
|
||||
Threat and vulnerability management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including:
|
||||
|
||||
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
|
||||
- Invaluable device vulnerability context during incident investigations
|
||||
@ -51,7 +51,7 @@ Watch this video for a quick overview of what is in the threat and vulnerability
|
||||
|
||||
## Threat and vulnerability management dashboard
|
||||
|
||||
|
||||
|
||||
|
||||
Area | Description
|
||||
:---|:---
|
||||
@ -64,7 +64,7 @@ Area | Description
|
||||
**Top remediation activities** | Track the remediation activities generated from the security recommendations. You can select each item on the list to see the details in the **Remediation** page or select **Show more** to view the rest of the remediation activities, and active exceptions.
|
||||
**Top exposed devices** | View exposed device names and their exposure level. Select a device name from the list to go to the device page where you can view the alerts, risks, incidents, security recommendations, installed software, and discovered vulnerabilities associated with the exposed devices. Select **Show more** to see the rest of the exposed devices list. From the devices list, you can manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate device.
|
||||
|
||||
For more information on the icons used throughout the portal, see [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-icons).
|
||||
For more information on the icons used throughout the portal, see [Microsoft Defender for Endpoint icons](portal-overview.md#microsoft-defender-atp-icons).
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
@ -24,10 +24,10 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
End-of-support (EOS), otherwise known as end-of-life (EOL), for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions with ended support, you're exposing your organization to security vulnerabilities, legal, and financial risks.
|
||||
|
||||
|
||||
@ -24,10 +24,10 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Sometimes, you may not be able to take the remediation steps suggested by a security recommendation. If that is the case, threat and vulnerability management gives you an avenue to create an exception.
|
||||
|
||||
|
||||
@ -24,10 +24,10 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Your exposure score is visible in the [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. It reflects how vulnerable your organization is to cybersecurity threats. Low exposure score means your devices are less vulnerable from exploitation.
|
||||
|
||||
|
||||
@ -25,10 +25,10 @@ ms.topic: article
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
## Use advanced hunting to find devices with vulnerabilities
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>[!NOTE]
|
||||
@ -42,7 +42,7 @@ Select a category to go to the [**Security recommendations**](tvm-security-recom
|
||||
|
||||
## Turn on the Microsoft Secure Score connector
|
||||
|
||||
Forward Microsoft Defender ATP signals, giving Microsoft Secure Score visibility into the device security posture. Forwarded data is stored and processed in the same location as your Microsoft Secure Score data.
|
||||
Forward Microsoft Defender for Endpoint signals, giving Microsoft Secure Score visibility into the device security posture. Forwarded data is stored and processed in the same location as your Microsoft Secure Score data.
|
||||
|
||||
Changes might take up to a few hours to reflect in the dashboard.
|
||||
|
||||
|
||||
@ -23,14 +23,14 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Ensure that your devices:
|
||||
|
||||
- Are onboarded to Microsoft Defender Advanced Threat Protection
|
||||
- Are onboarded to Microsoft Defender for Endpoint
|
||||
- Run [supported operating systems and platforms](tvm-supported-os.md)
|
||||
- Have the following mandatory updates installed and deployed in your network to boost your vulnerability assessment detection rates:
|
||||
|
||||
|
||||
@ -23,20 +23,20 @@ ms.topic: conceptual
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
## Request remediation
|
||||
|
||||
The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
|
||||
The threat and vulnerability management capability in Microsoft Defender for Endpoint bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
|
||||
|
||||
### Enable Microsoft Intune connection
|
||||
|
||||
To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**.
|
||||
|
||||
See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||
See [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||
|
||||
### Remediation request steps
|
||||
|
||||
@ -50,7 +50,7 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT
|
||||
|
||||
5. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request.
|
||||
|
||||
If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||
If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender for Endpoint](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||
|
||||
>[!NOTE]
|
||||
>If your request involves remediating more than 10,000 devices, we can only send 10,000 devices for remediation to Intune.
|
||||
|
||||
@ -24,10 +24,10 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendations help shorten the time to mitigate or remediate vulnerabilities and drive compliance.
|
||||
|
||||
|
||||
@ -23,16 +23,16 @@ ms.topic: conceptual
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
The software inventory in threat and vulnerability management is a list of known software in your organization with official [Common Platform Enumerations (CPE)](https://nvd.nist.gov/products/cpe). Software products without an official CPE don’t have vulnerabilities published. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices.
|
||||
|
||||
## How it works
|
||||
|
||||
In the field of discovery, we're leveraging the same set of signals that is responsible for detection and vulnerability assessment in [Microsoft Defender ATP endpoint detection and response capabilities](overview-endpoint-detection-response.md).
|
||||
In the field of discovery, we're leveraging the same set of signals that is responsible for detection and vulnerability assessment in [Microsoft Defender for Endpoint detection and response capabilities](overview-endpoint-detection-response.md).
|
||||
|
||||
Since it's real time, in a matter of minutes, you'll see vulnerability information as they get discovered. The engine automatically grabs information from multiple security feeds. In fact, you'll see if a particular software is connected to a live threat campaign. It also provides a link to a Threat Analytics report soon as it's available.
|
||||
|
||||
@ -43,7 +43,7 @@ Access the Software inventory page by selecting **Software inventory** from the
|
||||
View software on specific devices in the individual devices pages from the [devices list](machines-view-overview.md).
|
||||
|
||||
>[!NOTE]
|
||||
>If you search for software using the Microsoft Defender ATP global search, make sure to put an underscore instead of a space. For example, for the best search results you'd write "windows_10" instead of "Windows 10".
|
||||
>If you search for software using the Microsoft Defender for Endpoint global search, make sure to put an underscore instead of a space. For example, for the best search results you'd write "windows_10" instead of "Windows 10".
|
||||
|
||||
## Software inventory overview
|
||||
|
||||
@ -115,4 +115,4 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform
|
||||
- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Event timeline](threat-and-vuln-mgt-event-timeline.md)
|
||||
- [View and organize the Microsoft Defender ATP Devices list](machines-view-overview.md)
|
||||
- [View and organize the Microsoft Defender for Endpoint Devices list](machines-view-overview.md)
|
||||
|
||||
@ -24,15 +24,15 @@ ms.topic: article
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Before you begin, ensure that you meet the following operating system or platform requisites for threat and vulnerability management so the activities in your devices are properly accounted for.
|
||||
|
||||
>[!NOTE]
|
||||
>The supported systems and platforms for threat and vulnerability management may be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list.
|
||||
>The supported systems and platforms for threat and vulnerability management may be different from the [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md) list.
|
||||
|
||||
Operating system | Security assessment support
|
||||
:---|:---
|
||||
|
||||
@ -26,14 +26,14 @@ ms.topic: article
|
||||
> [!IMPORTANT]
|
||||
> **Vulnerable devices report is currently in public preview**<br>
|
||||
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
|
||||
> For more information, see [Microsoft Defender ATP preview features](preview.md).
|
||||
> For more information, see [Microsoft Defender for Endpoint preview features](preview.md).
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
|
||||
|
||||
|
||||
@ -23,12 +23,12 @@ ms.topic: conceptual
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
Threat and vulnerability management uses the same signals in Microsoft Defender ATP's endpoint protection to scan and detect vulnerabilities.
|
||||
Threat and vulnerability management uses the same signals in Defender for Endpoint's endpoint protection to scan and detect vulnerabilities.
|
||||
|
||||
The **Weaknesses** page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more.
|
||||
|
||||
@ -152,4 +152,4 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
- [Dashboard insights](tvm-dashboard-insights.md)
|
||||
- [View and organize the Microsoft Defender ATP Devices list](machines-view-overview.md)
|
||||
- [View and organize the Microsoft Defender for Endpoint Devices list](machines-view-overview.md)
|
||||
|
||||
@ -25,10 +25,10 @@ ms.topic: article
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
|
||||
|
||||
A zero-day vulnerability is a publicly disclosed vulnerability for which no official patches or security updates have been released. Zero-day vulnerabilities often have high severity levels and are actively exploited.
|
||||
|
||||
|
||||
@ -22,9 +22,9 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
|
||||
## API description
|
||||
@ -38,7 +38,7 @@ Undo isolation of a device.
|
||||
[!include[Device actions note](../../includes/machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
|
||||
|
||||
Permission type | Permission | Permission display name
|
||||
:---|:---|:---
|
||||
|
||||
@ -21,9 +21,9 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
|
||||
## API description
|
||||
@ -37,7 +37,7 @@ Enable execution of any application on the device.
|
||||
[!include[Device actions note](../../includes/machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
|
||||
|
||||
Permission type | Permission | Permission display name
|
||||
:---|:---|:---
|
||||
|
||||
@ -21,9 +21,9 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
|
||||
## API description
|
||||
@ -38,7 +38,7 @@ Updates properties of existing [Alert](alerts.md).
|
||||
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
|
||||
|
||||
Permission type | Permission | Permission display name
|
||||
:---|:---|:---
|
||||
|
||||
@ -24,11 +24,11 @@ ms.topic: conceptual
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink)
|
||||
|
||||
Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection capabilities.
|
||||
Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint capabilities.
|
||||
|
||||
Use the **Security operations** dashboard to gain insight on the various alerts on devices and users in your network.
|
||||
|
||||
@ -41,6 +41,6 @@ Use the **Threat analytics** dashboard to continually assess and control risk ex
|
||||
Topic | Description
|
||||
:---|:---
|
||||
[Portal overview](portal-overview.md) | Understand the portal layout and area descriptions.
|
||||
[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the devices on your network, investigate devices, files, and URLs, and see snapshots of threats seen on devices.
|
||||
[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender for Endpoint **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the devices on your network, investigate devices, files, and URLs, and see snapshots of threats seen on devices.
|
||||
[View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) | The **Threat & Vulnerability Management dashboard** lets you view exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices.
|
||||
[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify devices for the presence or absence of mitigations.
|
||||
|
||||
@ -23,9 +23,9 @@ ms.topic: article
|
||||
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
|
||||
@ -68,7 +68,7 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
|
||||
- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups
|
||||
|
||||
> [!NOTE]
|
||||
> This setting is only available in the Microsoft Defender ATP administrator (default) role.
|
||||
> This setting is only available in the Microsoft Defender for Endpoint administrator (default) role.
|
||||
|
||||
- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab
|
||||
|
||||
|
||||
@ -21,9 +21,9 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
Method|Return Type |Description
|
||||
:---|:---|:---
|
||||
|
||||
@ -18,12 +18,12 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# View and organize the Microsoft Defender Advanced Threat Protection Incidents queue
|
||||
# View and organize the Microsoft Defender for Endpoint Incidents queue
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
|
||||
The **Incidents queue** shows a collection of incidents that were flagged from devices in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision.
|
||||
|
||||
@ -21,9 +21,9 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||
|
||||
|
||||
@ -24,11 +24,11 @@ ms.topic: article
|
||||
> [!IMPORTANT]
|
||||
> **Web content filtering is currently in public preview**<br>
|
||||
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
|
||||
> For more information, see [Microsoft Defender ATP preview features](preview.md).
|
||||
> For more information, see [Microsoft Defender for Endpoint preview features](preview.md).
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
|
||||
Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
|
||||
Web content filtering is part of [Web protection](web-protection-overview.md) capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
|
||||
|
||||
Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource.
|
||||
|
||||
@ -37,7 +37,7 @@ Web content filtering is available on the major web browsers, with blocks perfor
|
||||
Summarizing the benefits:
|
||||
|
||||
- Users are prevented from accessing websites in blocked categories, whether they're browsing on-premises or away
|
||||
- Conveniently deploy policies to groups of users using device groups defined in [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
|
||||
- Conveniently deploy policies to groups of users using device groups defined in [Microsoft Defender for Endpoint role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
|
||||
- Access web reports in the same central location, with visibility over actual blocks and web usage
|
||||
|
||||
## User experience
|
||||
@ -58,7 +58,7 @@ If Windows Defender SmartScreen isn't turned on, Network Protection will take ov
|
||||
|
||||
## Data handling
|
||||
|
||||
We will follow whichever region you have elected to use as part of your [Microsoft Defender ATP data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
|
||||
We will follow whichever region you have elected to use as part of your [Microsoft Defender for Endpoint data handling settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy). Your data will not leave the data center in that region. In addition, your data will not be shared with any third-parties, including our data providers. However, we may send them aggregate data (across users and organizations) to help them improve their feeds.
|
||||
|
||||
## Turn on web content filtering
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@ ms.topic: article
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
|
||||
Web protection lets you monitor your organization’s web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains cards that provide web threat detection statistics.
|
||||
|
||||
|
||||
@ -22,9 +22,9 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
|
||||
Web protection in Microsoft Defender ATP is a capability made up of [Web threat protection](web-threat-protection.md) and [Web content filtering](web-content-filtering.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft Defender Security Center by going to **Reports > Web protection**.
|
||||
Web protection in Microsoft Defender for Endpoint is a capability made up of [Web threat protection](web-threat-protection.md) and [Web content filtering](web-content-filtering.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft Defender Security Center by going to **Reports > Web protection**.
|
||||
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ The cards that comprise web content filtering are **Web activity by category**,
|
||||
|
||||
Web content filtering includes:
|
||||
- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away
|
||||
- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
|
||||
- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender for Endpoint role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac)
|
||||
- You can access web reports in the same central location, with visibility over actual blocks and web usage
|
||||
|
||||
## In this section
|
||||
|
||||
@ -22,12 +22,12 @@ ms.topic: article
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
|
||||
|
||||
Web protection in Microsoft Defender ATP lets you efficiently investigate and respond to alerts related to malicious websites and websites in your custom indicator list.
|
||||
Web protection in Microsoft Defender for Endpoint lets you efficiently investigate and respond to alerts related to malicious websites and websites in your custom indicator list.
|
||||
|
||||
## View web threat alerts
|
||||
Microsoft Defender ATP generates the following [alerts](manage-alerts.md) for malicious or suspicious web activity:
|
||||
Microsoft Defender for Endpoint generates the following [alerts](manage-alerts.md) for malicious or suspicious web activity:
|
||||
- **Suspicious connection blocked by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is *stopped* by network protection in *block* mode
|
||||
- **Suspicious connection detected by network protection** — this alert is generated when an attempt to access a malicious website or a website in your custom indicator list is detected by network protection in *audit only* mode
|
||||
|
||||
@ -40,7 +40,7 @@ Each alert provides the following information:
|
||||
|
||||
|
||||
>[!Note]
|
||||
>To reduce the volume of alerts, Microsoft Defender ATP consolidates web threat detections for the same domain on the same device each day to a single alert. Only one alert is generated and counted into the [web protection report](web-protection-monitoring.md).
|
||||
>To reduce the volume of alerts, Microsoft Defender for Endpoint consolidates web threat detections for the same domain on the same device each day to a single alert. Only one alert is generated and counted into the [web protection report](web-protection-monitoring.md).
|
||||
|
||||
## Inspect website details
|
||||
You can dive deeper by selecting the URL or domain of the website in the alert. This opens a page about that particular URL or domain with various information, including:
|
||||
@ -59,7 +59,7 @@ You can also check the device that attempted to access a blocked URL. Selecting
|
||||
|
||||
## Web browser and Windows notifications for end users
|
||||
|
||||
With web protection in Microsoft Defender ATP, your end users will be prevented from visiting malicious or unwanted websites using Microsoft Edge or other browsers. Because blocking is performed by [network protection](network-protection.md), they will see a generic error from the web browser. They will also see a notification from Windows.
|
||||
With web protection in Microsoft Defender for Endpoint, your end users will be prevented from visiting malicious or unwanted websites using Microsoft Edge or other browsers. Because blocking is performed by [network protection](network-protection.md), they will see a generic error from the web browser. They will also see a notification from Windows.
|
||||
|
||||
|
||||
*Web threat blocked on Microsoft Edge*
|
||||
|
||||
@ -19,16 +19,16 @@ ms.collection:
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# What's new in Microsoft Defender ATP
|
||||
# What's new in Microsoft Defender for Endpoint
|
||||
|
||||
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
|
||||
|
||||
The following features are generally available (GA) in the latest release of Microsoft Defender ATP as well as security features in Windows 10 and Windows Server.
|
||||
The following features are generally available (GA) in the latest release of Microsoft Defender for Endpoint as well as security features in Windows 10 and Windows Server.
|
||||
|
||||
For more information preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection).
|
||||
|
||||
@ -41,16 +41,16 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
> ```
|
||||
|
||||
## September 2020
|
||||
- [Microsoft Defender ATP for Android](microsoft-defender-atp-android.md) <br> Microsoft Defender ATP now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender ATP for Android.
|
||||
- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Android.
|
||||
- [Threat and vulnerability management macOS support](tvm-supported-os.md)<br> Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824).
|
||||
|
||||
## July 2020
|
||||
- [Create indicators for certificates](manage-indicators.md) <br> Create indicators to allow or block certificates.
|
||||
|
||||
## June 2020
|
||||
- [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md) <br> Microsoft Defender ATP now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender ATP for Linux.
|
||||
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) <br> Microsoft Defender for Endpoint now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Linux.
|
||||
|
||||
- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios) <br> Microsoft Defender ATP has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
|
||||
- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios) <br> Microsoft Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform right from the within the portal.
|
||||
|
||||
|
||||
## April 2020
|
||||
@ -59,7 +59,7 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
|
||||
## November-December 2019
|
||||
|
||||
- [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md) <BR> Microsoft Defender ATP for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](endpoint-detection-response-mac-preview.md).
|
||||
- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) <BR> Microsoft Defender for Endpoint for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](endpoint-detection-response-mac-preview.md).
|
||||
|
||||
- [Threat & Vulnerability Management application and application version end-of-life information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) <BR>Applications and application versions which have reached their end-of-life are tagged or labeled as such so you are aware that they will no longer be supported, and can take action to either uninstall or replace. Doing so will help lessen the risks related to various vulnerability exposures due to unpatched applications.
|
||||
|
||||
@ -74,9 +74,9 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
|
||||
- [Microsoft Threat Experts - Experts on Demand](microsoft-threat-experts.md) <BR> You now have the option to consult with Microsoft Threat Experts from several places in the portal to help you in the context of your investigation.
|
||||
|
||||
- [Connected Azure AD applications](connected-applications.md)<br> The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender ATP in your organization.
|
||||
- [Connected Azure AD applications](connected-applications.md)<br> The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender for Endpoint in your organization.
|
||||
|
||||
- [API Explorer](api-explorer.md)<br> The API explorer makes it easy to construct and perform API queries, test and send requests for any available Microsoft Defender ATP API endpoint.
|
||||
- [API Explorer](api-explorer.md)<br> The API explorer makes it easy to construct and perform API queries, test and send requests for any available Microsoft Defender for Endpoint API endpoint.
|
||||
|
||||
|
||||
## September 2019
|
||||
@ -85,7 +85,7 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
|
||||
- [Live response](live-response.md)<BR> Get instantaneous access to a device using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time.
|
||||
|
||||
- [Evaluation lab](evaluation-lab.md) <BR> The Microsoft Defender ATP evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can
|
||||
- [Evaluation lab](evaluation-lab.md) <BR> The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can
|
||||
focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
|
||||
|
||||
- [Windows Server 2008 R2 SP1](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-2008-r2-sp1--windows-server-2012-r2-and-windows-server-2016) <BR> You can now onboard Windows Server 2008 R2 SP1.
|
||||
@ -102,25 +102,25 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
- [Threat protection reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)<BR>The threat protection report provides high-level information about alerts generated in your organization.
|
||||
|
||||
|
||||
- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
|
||||
- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender for Endpoint that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
|
||||
|
||||
- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ti-indicator) <BR> APIs for indicators are now generally available.
|
||||
|
||||
|
||||
- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications) <BR> Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
|
||||
- [Interoperability](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/partner-applications) <BR> Microsoft Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
|
||||
|
||||
|
||||
## April 2019
|
||||
- [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts#targeted-attack-notification) <BR> Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
|
||||
|
||||
- [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro) <BR> Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities.
|
||||
- [Microsoft Defender for Endpoint API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro) <BR> Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender for Endpoint capabilities.
|
||||
|
||||
|
||||
|
||||
## February 2019
|
||||
- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Microsoft Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.
|
||||
- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Microsoft Defender for Endpoint that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.
|
||||
|
||||
- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows devices so that they can send sensor data to the Microsoft Defender ATP sensor.
|
||||
- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint sensor.
|
||||
|
||||
|
||||
## October 2018
|
||||
@ -130,16 +130,16 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
|
||||
- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)<BR>With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of advanced hunting through the creation of custom detection rules.
|
||||
|
||||
- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)<BR> Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
|
||||
- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)<BR> Microsoft Defender for Endpoint integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender for Endpoint to provide improved threat detection for Windows Servers.
|
||||
|
||||
- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)<BR> Microsoft Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Microsoft Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
|
||||
- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)<BR> Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Microsoft Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.
|
||||
|
||||
- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)<BR>Microsoft Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
|
||||
- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)<BR>Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.
|
||||
|
||||
- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)<BR> iOS and Android devices are now supported and can be onboarded to the service.
|
||||
|
||||
- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)<BR>
|
||||
Threat Analytics is a set of interactive reports published by the Microsoft Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
|
||||
Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
|
||||
|
||||
- New in Windows 10 version 1809, there are two new attack surface reduction rules:
|
||||
- Block Adobe Reader from creating child processes
|
||||
@ -154,7 +154,7 @@ Threat Analytics is a set of interactive reports published by the Microsoft Defe
|
||||
|
||||
## March 2018
|
||||
- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection) <BR>
|
||||
Query data using advanced hunting in Microsoft Defender ATP.
|
||||
Query data using advanced hunting in Microsoft Defender for Endpoint.
|
||||
|
||||
- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)<BR>
|
||||
New attack surface reduction rules:
|
||||
@ -171,21 +171,21 @@ Query data using advanced hunting in Microsoft Defender ATP.
|
||||
|
||||
- [Conditional Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection) <br> Enable conditional access to better protect users, devices, and data.
|
||||
|
||||
- [Microsoft Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)<BR>
|
||||
The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product.
|
||||
- [Microsoft Defender for Endpoint Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)<BR>
|
||||
The Microsoft Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product.
|
||||
|
||||
- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)<BR>
|
||||
You can now block untrusted processes from writing to disk sectors using Controlled Folder Access.
|
||||
|
||||
- [Onboard non-Windows devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection)<BR>
|
||||
Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
|
||||
Microsoft Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
|
||||
|
||||
- [Role-based access control (RBAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)<BR>
|
||||
Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal.
|
||||
|
||||
|
||||
- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)<BR>
|
||||
Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender ATP. For more information, see [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus).
|
||||
Microsoft Defender Antivirus now shares detection status between M365 services and interoperates with Microsoft Defender for Endpoint. For more information, see [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/utilize-microsoft-cloud-protection-microsoft-defender-antivirus).
|
||||
|
||||
Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user