From ad385bcfd4fa4a9481026976ae0de72c4b12e17a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 13 Jul 2020 15:51:13 -0700 Subject: [PATCH 1/6] insider risk --- .../microsoft-defender-atp/advanced-features.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index fc9bf5c636..820db96ff5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -175,6 +175,22 @@ When you enable Intune integration, Intune will automatically create a classic C >[!NOTE] > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. + + +### Insider risk management integration + +Enabling Insider risk management integration gives you the ability to share Microsoft Defender ATP alerts and their triage status with insider risk management user alerts. This helps link Microsoft Defender ATP activities with other risky user activities identified by insider risk management security violation policies. + +### Enable the Microsoft Defender ATP integration for insider risk management from the Azure ATP portal + +1. Log in to the Azure portal with a Global Administrator or Security Administrator role. + +2. Click . + +3. Toggle the Integration setting to **On** and click **Save**. + +After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. + ## Preview features Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. From f1b1eae8e6555d18dd05b54c70aabafd80b5deeb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 13 Jul 2020 16:15:00 -0700 Subject: [PATCH 2/6] header --- .../microsoft-defender-atp/advanced-features.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 820db96ff5..7d241ed7e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -176,8 +176,7 @@ When you enable Intune integration, Intune will automatically create a classic C > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. - -### Insider risk management integration +## Insider risk management integration Enabling Insider risk management integration gives you the ability to share Microsoft Defender ATP alerts and their triage status with insider risk management user alerts. This helps link Microsoft Defender ATP activities with other risky user activities identified by insider risk management security violation policies. From 398bc635b3a1fee0ed6aa3ac8cea62ae0e058e51 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Jul 2020 14:35:19 -0700 Subject: [PATCH 3/6] update to insider risk toggle description --- .../microsoft-defender-atp/advanced-features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 7d241ed7e3..ac64db9e82 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -176,9 +176,9 @@ When you enable Intune integration, Intune will automatically create a classic C > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. -## Insider risk management integration +## Share endpoint alerts with Microsoft Compliance Center -Enabling Insider risk management integration gives you the ability to share Microsoft Defender ATP alerts and their triage status with insider risk management user alerts. This helps link Microsoft Defender ATP activities with other risky user activities identified by insider risk management security violation policies. +Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. ### Enable the Microsoft Defender ATP integration for insider risk management from the Azure ATP portal From cda1eabccfcf69f766ca326567ff4ec6a21dd37d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Jul 2020 15:13:18 -0700 Subject: [PATCH 4/6] typo --- .../microsoft-defender-atp/advanced-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index ac64db9e82..93bad18ef6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -184,7 +184,7 @@ Forwards endpoint security alerts and their triage status to Microsoft Complianc 1. Log in to the Azure portal with a Global Administrator or Security Administrator role. -2. Click . +2. Click . 3. Toggle the Integration setting to **On** and click **Save**. From c047bcb691a38b2164f211d468eb07ff6942b541 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 17 Jul 2020 10:13:05 -0700 Subject: [PATCH 5/6] remove --- .../microsoft-defender-atp/advanced-features.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 93bad18ef6..d3ada4e5ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -180,14 +180,6 @@ When you enable Intune integration, Intune will automatically create a classic C Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. -### Enable the Microsoft Defender ATP integration for insider risk management from the Azure ATP portal - -1. Log in to the Azure portal with a Global Administrator or Security Administrator role. - -2. Click . - -3. Toggle the Integration setting to **On** and click **Save**. - After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. ## Preview features From 0d733e441487824216d16d3030ec1cad0a4655cb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Jul 2020 19:18:22 -0700 Subject: [PATCH 6/6] update endpoint alerts section location --- .../microsoft-defender-atp/advanced-features.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index d3ada4e5ae..d5802d8faf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -176,18 +176,18 @@ When you enable Intune integration, Intune will automatically create a classic C > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. -## Share endpoint alerts with Microsoft Compliance Center - -Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. - -After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. - ## Preview features Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. You'll have access to upcoming features, which you can provide feedback on to help improve the overall experience before features are generally available. +## Share endpoint alerts with Microsoft Compliance Center + +Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. + +After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. + ## Enable advanced features 1. In the navigation pane, select **Preferences setup** > **Advanced features**.