diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1594d486ad..958d86d6b1 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -351,6 +351,7 @@ #### [Devices list]() ##### [View and organize the Devices list](microsoft-defender-atp/machines-view-overview.md) +##### [Techniques in device timeline](microsoft-defender-atp/techniques-device-timeline.md) ##### [Device timeline event flags](microsoft-defender-atp/device-timeline-event-flag.md) ##### [Manage device group and tags](microsoft-defender-atp/machine-tags.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/device-timeline-filters.png b/windows/security/threat-protection/microsoft-defender-atp/images/device-timeline-filters.png new file mode 100644 index 0000000000..7bfc67772e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/device-timeline-filters.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/device-timeline-with-techniques.png b/windows/security/threat-protection/microsoft-defender-atp/images/device-timeline-with-techniques.png new file mode 100644 index 0000000000..bd0dbe0326 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/device-timeline-with-techniques.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/filter-customize-columns.png b/windows/security/threat-protection/microsoft-defender-atp/images/filter-customize-columns.png new file mode 100644 index 0000000000..bef972e51a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/filter-customize-columns.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/techniques-hunt-for-related-events.png b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-hunt-for-related-events.png new file mode 100644 index 0000000000..6614b91d32 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-hunt-for-related-events.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/techniques-side-pane-clickable.png b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-side-pane-clickable.png new file mode 100644 index 0000000000..1f7e5e4dd4 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-side-pane-clickable.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/techniques-side-pane-command.png b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-side-pane-command.png new file mode 100644 index 0000000000..557004bab5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/techniques-side-pane-command.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md new file mode 100644 index 0000000000..b4ba69661f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/techniques-device-timeline.md @@ -0,0 +1,98 @@ +--- +title: Techniques in the device timeline +description: Understanding the device timeline in Microsoft Defender for Endpoint +keywords: device timeline, endpoint, MITRE, MITRE ATT&CK, techniques, tactics +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: m365-security +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: maccruz +author: schmurky +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.technology: mde +--- + +# Techniques in the device timeline + + +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) + + +You can gain more insight in an investigation by analyzing the events that happened on a specific device. First, select the device of interest from the [Devices list](machines-view-overview.md). On the device page, you can select the **Timeline** tab to view all the events that occurred on the device. + +## Understand techniques in the timeline + +>[!IMPORTANT] +>Some information relates to a prereleased product feature in public preview which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + +In Microsoft Defender for Endpoint, **Techniques** are an additional data type in the event timeline. Techniques provide more insight on activities associated with [MITRE ATT&CK](https://attack.mitre.org/) techniques or sub-techniques. + +This feature simplifies the investigation experience by helping analysts understand the activities that were observed on a device. Analysts can then decide to investigate further. + +For public preview, Techniques are available by default and shown together with events when a device's timeline is viewed. + +![Techniques in device timeline screenshot](images/device-timeline-with-techniques.png) + +Techniques are highlighted in bold text and appear with a blue icon on the left. The corresponding MITRE ATT&CK ID and technique name also appear as tags under Additional information. + +Search and Export options are also available for Techniques. + +## Investigate using the side pane + +Select a Technique to open its corresponding side pane. Here you can see additional information and insights like related ATT&CK techniques, tactics, and descriptions. + +Select the specific *Attack technique* to open the related ATT&CK technique page where you can find more information about it. + +You can copy an entity's details when you see a blue icon on the right. For instance, to copy a related file's SHA1, select the blue page icon. + +![Copy entity details](images/techniques-side-pane-clickable.png) + +You can do the same for command lines. + +![Copy command line](images/techniques-side-pane-command.png) + + +## Investigate related events + +To use [advanced hunting](advanced-hunting-overview.md) to find events related to the selected Technique, select **Hunt for related events**. This leads to the advanced hunting page with a query to find events related to the Technique. + +![Hunt for related events](images/techniques-hunt-for-related-events.png) + +>[!NOTE] +>Querying using the **Hunt for related events** button from a Technique side pane displays all the events related to the identified technique but does not include the Technique itself in the query results. + + +## Customize your device timeline + +On the upper right-hand side of the device timeline, you can choose a date range to limit the number of events and techniques in the timeline. + +You can customize which columns to expose. You can also filter for flagged events by data type or by event group. + +### Choose columns to expose +You can choose which columns to expose in the timeline by selecting the **Choose columns** button. + +![Customize columns](images/filter-customize-columns.png) + +From there you can select which information set to include. + +### Filter to view techniques or events only + +To view only either events or techniques, select **Filters** from the device timeline and choose your preferred Data type to view. + +![Filters screenshot](images/device-timeline-filters.png) + + + +## See also +- [View and organize the Devices list](machines-view-overview.md) +- [Microsoft Defender for Endpoint device timeline event flags](device-timeline-event-flag.md) + + + diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index 92366dea5a..f152b702aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -28,6 +28,7 @@ ms.technology: mde - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md index 76ff78da24..4024923c26 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unisolate-machine.md @@ -21,8 +21,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md index 5888bfcce4..8c400b2ef4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md +++ b/windows/security/threat-protection/microsoft-defender-atp/unrestrict-code-execution.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index 53054f3d27..fc757c6f0c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/use.md b/windows/security/threat-protection/microsoft-defender-atp/use.md index f1bf9a9989..1211463ba1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/use.md +++ b/windows/security/threat-protection/microsoft-defender-atp/use.md @@ -24,8 +24,9 @@ ms.technology: mde **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-usewdatp-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index 2abf64fd71..5533555522 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -22,9 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-roles-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md index ad552678d8..d652b20f95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md index a73d5f2594..82af44a227 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue.md @@ -25,7 +25,9 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) The **Incidents queue** shows a collection of incidents that were flagged from devices in your network. It helps you sort through incidents to prioritize and create an informed cybersecurity response decision. diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index ad8f29558d..188fa50263 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -22,9 +22,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 5f5053a910..1f4b3d7e89 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -22,6 +22,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + > [!IMPORTANT] > **Web content filtering is currently in public preview**
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md index 835cbc6860..2f3b363f08 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-monitoring.md @@ -22,6 +22,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) Web protection lets you monitor your organization’s web browsing security through reports under **Reports > Web protection** in the Microsoft Defender Security Center. The report contains cards that provide web threat detection statistics. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md index 052d013832..98c2c0942f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md @@ -1,7 +1,7 @@ --- title: Web protection -description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization -keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, malicious websites +description: Learn about the web protection in Microsoft Defender ATP and how it can protect your organization +keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser, malicious websites search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security @@ -22,6 +22,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md index 3abe8edad9..ffe7d80226 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-response.md @@ -22,6 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md index 77a0809bf4..d8df81f307 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md @@ -1,7 +1,7 @@ --- title: Protect your organization against web threats -description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization -keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser +description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization. +keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security @@ -22,6 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index e8cb584b9d..a22485ff25 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -26,8 +26,10 @@ ms.technology: mde **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) The following features are generally available (GA) in the latest release of Microsoft Defender for Endpoint as well as security features in Windows 10 and Windows Server.