From 6d2d7df7cb17568ad6ad9f26ff78c73541c650ba Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 14:10:11 -0700 Subject: [PATCH 01/12] updates to toc --- windows/security/threat-protection/TOC.md | 21 +++++++------------ .../{oldTOC.md => oldTOC.txt} | 0 .../respond-file-alerts.md | 14 +++++++++++++ 3 files changed, 22 insertions(+), 13 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{oldTOC.md => oldTOC.txt} (100%) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index cf6a9871cb..229bf5ae54 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -17,6 +17,7 @@ ### [Attack surface reduction]() +#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) #### [Hardware-based isolation]() ##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md) @@ -58,37 +59,31 @@ #### [Machines list]() ##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) ##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) -##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) -##### [Machine timeline]() -###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline) -###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) -###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) -###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) -###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) #### [Take response actions]() ##### [Take response actions on a machine]() ###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md) +###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags) +###### [Initiate Automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation) +###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session) ###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) ###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) ###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) -###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) ###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) -###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center) ##### [Take response actions on a file]() ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) -###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) -###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) +###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine) +###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) +###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file) ###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) ###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) ###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) -####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) +###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) ##### [Investigate entities using Live response]() ###### [Investigate entities on machines](microsoft-defender-atp/live-response.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt similarity index 100% rename from windows/security/threat-protection/microsoft-defender-atp/oldTOC.md rename to windows/security/threat-protection/microsoft-defender-atp/oldTOC.txt diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 230e57d75e..ca1cfc7d53 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -157,6 +157,20 @@ When you select this action, a fly-out will appear. From the fly-out, you can re If a file is not already stored by Microsoft Defender ATP, you cannot download it. Instead, you will see a **Collect file** button in the same location. If a file has not been seen in the organization in the past 30 days, **Collect file** will be disabled. +## Check activity details in Action center + +The **Action center** provides information on actions that were taken on a machine or file. You’ll be able to view the following details: + +- Investigation package collection +- Antivirus scan +- App restriction +- Machine isolation + +All other related details are also shown, for example, submission date/time, submitting user, and if the action succeeded or failed. + +![Image of action center with information](images/action-center-details.png) + + ## Deep analysis Cyber security investigations are typically triggered by an alert. Alerts are related to one or more observed files that are often new or unknown. Clicking a file takes you to the file view where you can see the file's metadata. To enrich the data related to the file, you can submit the file for deep analysis. From a9593992b162e8e47a9f3f2a6f16170e8e872509 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 14:43:57 -0700 Subject: [PATCH 02/12] fix toc --- windows/security/threat-protection/TOC.md | 69 +++++++++++-------- .../threat-protection-integration.md | 2 +- 2 files changed, 40 insertions(+), 31 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 229bf5ae54..e5578da8ed 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -92,7 +92,7 @@ ### [Automated investigation and remediation]() #### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md) #### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) -#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) +#### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) ### [Secure score](microsoft-defender-atp/overview-secure-score.md) ### [Threat analytics](microsoft-defender-atp/threat-analytics.md) @@ -100,19 +100,18 @@ ### [Advanced hunting]() #### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) #### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) - -##### [Advanced hunting schema reference]() -###### [All tables in the Advanced hunting schema](microsoft-defender-atp/advanced-hunting-reference.md) -###### [AlertEvents table](microsoft-defender-atp/advanced-hunting-alertevents-table.md) -###### [FileCreationEvents table](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md) -###### [ImageLoadEvents table](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md) -###### [LogonEvents table](microsoft-defender-atp/advanced-hunting-logonevents-table.md) -###### [MachineInfo table](microsoft-defender-atp/advanced-hunting-machineinfo-table.md) -###### [MachineNetworkInfo table](microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md) -###### [MiscEvents table](microsoft-defender-atp/advanced-hunting-miscevents-table.md) -###### [NetworkCommunicationEvents table](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md) -###### [ProcessCreationEvents table](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md) -###### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md) +#### [Advanced hunting schema reference]() +##### [All tables in the Advanced hunting schema](microsoft-defender-atp/advanced-hunting-reference.md) +##### [AlertEvents table](microsoft-defender-atp/advanced-hunting-alertevents-table.md) +##### [FileCreationEvents table](microsoft-defender-atp/advanced-hunting-filecreationevents-table.md) +##### [ImageLoadEvents table](microsoft-defender-atp/advanced-hunting-imageloadevents-table.md) +##### [LogonEvents table](microsoft-defender-atp/advanced-hunting-logonevents-table.md) +##### [MachineInfo table](microsoft-defender-atp/advanced-hunting-machineinfo-table.md) +##### [MachineNetworkInfo table](microsoft-defender-atp/advanced-hunting-machinenetworkinfo-table.md) +##### [MiscEvents table](microsoft-defender-atp/advanced-hunting-miscevents-table.md) +##### [NetworkCommunicationEvents table](microsoft-defender-atp/advanced-hunting-networkcommunicationevents-table.md) +##### [ProcessCreationEvents table](microsoft-defender-atp/advanced-hunting-processcreationevents-table.md) +##### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md) ##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) @@ -167,27 +166,17 @@ ### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) ## [Configure and manage capabilities]() + ### [Configure attack surface reduction]() #### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md) -### [Configure and manage capabilities](microsoft-defender-atp/onboard.md) -#### [Microsoft Defender Advanced Threat Protection for Mac](windows-defender-antivirus/microsoft-defender-atp-mac.md) -##### [Deploy Microsoft Defender Advanced Threat Protection for Mac]() -###### [Microsoft Intune-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md) -###### [JAMF-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md) -###### [Deployment with a different Mobile Device Management (MDM) system](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md) -###### [Manual deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md) -##### [Update Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-updates.md) -##### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md) -##### [Privacy for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md) -##### [Resources for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-resources.md) -#### [Hardware-based isolation]() -##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) +### [Hardware-based isolation]() +#### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) -##### [Application isolation]() -###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) -###### [Application control](windows-defender-application-control/windows-defender-application-control.md) +#### [Application isolation]() +##### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) +##### [Application control](windows-defender-application-control/windows-defender-application-control.md) #### [Device control]() ##### [Control USB devices](device-control/control-usb-devices-using-intune.md) @@ -210,10 +199,15 @@ #### [Attack surface reduction controls]() ##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md) ##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md) + #### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) + + + ### [Configure next generation protection]() #### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) + #### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) ##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) ##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) @@ -304,6 +298,21 @@ ##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) + +### [Microsoft Defender Advanced Threat Protection for Mac](windows-defender-antivirus/microsoft-defender-atp-mac.md) +#### [Deploy Microsoft Defender Advanced Threat Protection for Mac]() +##### [Microsoft Intune-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md) +##### [JAMF-based deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md) +##### [Deployment with a different Mobile Device Management (MDM) system](windows-defender-antivirus/microsoft-defender-atp-mac-install-with-other-mdm.md) +##### [Manual deployment](windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md) +#### [Update Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-updates.md) +#### [Set preferences for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-preferences.md) +#### [Privacy for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-privacy.md) +#### [Resources for Microsoft Defender ATP for Mac](windows-defender-antivirus/microsoft-defender-atp-mac-resources.md) + + + + ### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index a830dad9fe..aa9c16d0e5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -18,7 +18,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Microsoft Threat Protection +# Microsoft Defender ATP in Microsoft Threat Protection **Applies to:** From 9feeacb39fe961e658de4dfb6ba9b096bfb4e3ad Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 15:12:27 -0700 Subject: [PATCH 03/12] redirects for removed overview topics --- .openpublishing.redirection.json | 46 +++++++++++++++++++++++ windows/security/threat-protection/TOC.md | 3 +- 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 89eeea7716..35a5977d3c 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15041,6 +15041,52 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/response-actions.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": true +}, + +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started.md", +"redirect_url": "/windows/security/threat-protection/", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user", "source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md", diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index e5578da8ed..0b5ee6d06d 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -485,6 +485,7 @@ #### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md) ### [Configure portal settings]() +#### [Set up preferences](microsoft-defender-atp/preferences-setup.md) #### [General]() ##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md) ##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md) @@ -514,7 +515,7 @@ ##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md) ##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md) -#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) +#### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) ## [Troubleshoot Microsoft Defender ATP]() From 49e9ad2e9b430776a86f1489d3701616da92bc3b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 15:27:52 -0700 Subject: [PATCH 04/12] fix json issues --- .openpublishing.redirection.json | 21 ++--- .../microsoft-defender-atp/get-started.md | 74 ---------------- .../microsoft-defender-atp/incidents-queue.md | 38 --------- .../manage-allowed-blocked-list.md | 84 ------------------- .../preferences-setup.md | 37 -------- .../response-actions.md | 39 --------- .../troubleshoot-overview.md | 31 ------- .../microsoft-defender-atp/use-apis.md | 32 ------- 8 files changed, 6 insertions(+), 350 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-started.md delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/response-actions.md delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/use-apis.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 35a5977d3c..f2ac2223ad 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1005,11 +1005,7 @@ "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction", "redirect_document_id": true }, -{ -"source_path": "windows/security/threat-protection/windows-defender-atp/view-incidents-queue.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue", -"redirect_document_id": true -}, + { "source_path": "windows/security/threat-protection/windows-defender-atp/configuration-score.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/configuration-score", @@ -14956,11 +14952,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/incidents-queue", -"redirect_document_id": true -}, -{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -15041,6 +15032,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/windows-defender-atp/incidents-queue.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/incidents-queue", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue", "redirect_document_id": true @@ -15067,11 +15063,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue", -"redirect_document_id": true -}, -{ "source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", "redirect_document_id": true diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-started.md b/windows/security/threat-protection/microsoft-defender-atp/get-started.md deleted file mode 100644 index e9af976de1..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/get-started.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Get started with Microsoft Defender Advanced Threat Protection -ms.reviewer: -description: Learn about the minimum requirements and initial steps you need to take to get started with Microsoft Defender ATP. -keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: mjcaparas -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 11/20/2018 ---- - -# Get started with Microsoft Defender Advanced Threat Protection -**Applies to:** - -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->[!TIP] ->- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/). ->- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). - -Learn about the minimum requirements and initial steps you need to take to get started with Microsoft Defender ATP. - -The following capabilities are available across multiple products that make up the Microsoft Defender ATP platform. - -**Threat & Vulnerability Management**
-Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. This infrastructure correlates endpoint detection and response (EDR) insights with endpoint vulnerabilities real-time, thus reducing organizational vulnerability exposure and increasing threat resilience. - -**Attack surface reduction**
-The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. - -**Next generation protection**
-To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats. - -**Endpoint detection and response**
-Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. - -**Auto investigation and remediation**
-In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. - -**Secure score**
-Microsoft Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network. - -**Microsoft Threat Experts**
-Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. - -**Advanced hunting**
-Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Microsoft Defender Security Center. - -**Management and APIs**
-Integrate Microsoft Defender Advanced Threat Protection into your existing workflows. - -**Microsoft threat protection**
-Bring the power of Microsoft Threat Protection to your organization. - -## In this section -Topic | Description -:---|:--- -[Minimum requirements](minimum-requirements.md) | Learn about the requirements for onboarding machines to the platform. -[Validate licensing and complete setup](licensing.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time. -[Preview features](preview.md) | Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. -[Data storage and privacy](data-storage-privacy.md) | Explains the data storage and privacy details related to Microsoft Defender ATP. -[Assign user access to the portal](assign-portal-access.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC). -[Evaluate Microsoft Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Microsoft Defender ATP and test features out. -[Access the Microsoft Defender Security Center Community Center](community.md) | The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. diff --git a/windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md b/windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md deleted file mode 100644 index 3defa8692a..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/incidents-queue.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Incidents queue in Microsoft Defender ATP -description: -keywords: incidents, aggregate, investigations, queue, ttp -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: dansimp -author: dansimp -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Incidents in Microsoft Defender ATP -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - -When a cybersecurity threat is emerging, or a potential attacker is deploying its tactics, techniques/tools, and procedures (TTPs) on the network, Microsoft Defender ATP will quickly trigger alerts and launch matching automatic investigations. - -Microsoft Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. - - -## In this section - -Topic | Description -:---|:--- -[View and organize the Incidents queue](view-incidents-queue.md)| See the list of incidents and learn how to apply filters to limit the list and get a more focused view. -[Manage incidents](manage-incidents.md) | Learn how to manage incidents by assigning it, updating its status, or setting its classification and other actions. -[Investigate incidents](investigate-incidents.md)| See associated alerts, manage the incident, see alert metadata, and visualizations to help you investigate an incident. - - diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md b/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md deleted file mode 100644 index c852df752c..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Manage allowed/blocked lists -description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities. -keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Manage allowed/blocked lists - -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -[!include[Prerelease information](prerelease.md)] - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) - - -Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to. - -On the top navigation you can: -- Import a list -- Add an indicator -- Customize columns to add or remove columns -- Export the entire list in CSV format -- Select the items to show per page -- Navigate between pages -- Apply filters - -## Create an indicator -1. In the navigation pane, select **Settings** > **Allowed/blocked list**. - -2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities: - - File hash - - IP address - - URLs/Domains - -3. Click **Add indicator**. - -4. For each attribute specify the following details: - - Indicator - Specify the entity details and define the expiration of the indicator. - - Action - Specify the action to be taken and provide a description. - - Scope - Define the scope of the machine group. - -5. Review the details in the Summary tab, then click **Save**. - - ->[!NOTE] ->Blocking IPs, domains, or URLs is currently available on limited preview only. ->This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforced which is an option that will be generally available soon. ->As it is not yet generally available, when Automated investigations finds this indicator during an investigation it will use the allowed/block list as the basis of its decision to automatically remediate (blocked list) or skip (allowed list) the entity. - - -## Manage indicators -1. In the navigation pane, select **Settings** > **Allowed/blocked list**. - -2. Select the tab of the entity type you'd like to manage. - -3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list. - -## Import a list -You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details. - -Download the sample CSV to know the supported column attributes. - - -## Related topics -- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md) - - - - - diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md deleted file mode 100644 index 8fe6ed0a0c..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Configure Microsoft Defender Security Center settings -description: Use the settings page to configure general settings, permissions, apis, and rules. -keywords: settings, general settings, permissions, apis, rules -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- -# Configure Microsoft Defender Security Center settings - -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) - -Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. - -## In this section - -Topic | Description -:---|:--- -General settings | Modify your general settings that were previously defined as part of the onboarding process. -Permissions | Manage portal access using RBAC as well as machine groups. -APIs | Enable the threat intel and SIEM integration. -Rules | Configure suppressions rules and automation settings. -Machine management | Onboard and offboard machines. - diff --git a/windows/security/threat-protection/microsoft-defender-atp/response-actions.md b/windows/security/threat-protection/microsoft-defender-atp/response-actions.md deleted file mode 100644 index 36b3d69003..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/response-actions.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Take response actions on files and machines in Microsoft Defender ATP -description: Take response actions on files and machines by stopping and quarantining files, blocking a file, isolating machines, or collecting an investigation package. -keywords: respond, stop and quarantine, block file, deep analysis, isolate machine, collect investigation package, action center -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article ---- - -# Take response actions in Microsoft Defender ATP - -**Applies to:** -- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - - - ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-responseactions-abovefoldlink) - -You can take response actions on machines and files to quickly respond to detected attacks so that you can contain or reduce and prevent further damage caused by malicious attackers in your organization. - ->[!NOTE] -> The machine related response actions are only available for machines on Windows 10 (version 1703 or higher), Windows Server, version 1803 and Windows Server 2019. - -## In this section -Topic | Description -:---|:--- -[Take response actions on a machine](respond-machine-alerts.md)| Isolate machines or collect an investigation package. -[Take response actions on a file](respond-file-alerts.md)| Stop and quarantine files or block a file from your network. diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md deleted file mode 100644 index 0cf451828c..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Troubleshoot Microsoft Defender Advanced Threat Protection capabilities -description: Find solutions to issues on sensor state, service issues, or other Microsoft Defender ATP capabilities -keywords: troubleshoot, sensor, state, service, issues, attack surface reduction, next generation protection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: troubleshooting ---- - -# Troubleshoot Microsoft Defender Advanced Threat Protection - -Troubleshoot issues that might arise as you use Microsoft Defender ATP capabilities. - -## In this section -Topic | Description -:---|:--- -Troubleshoot sensor state | Find solutions for issues related to the Microsoft Defender ATP sensor -Troubleshoot service issues | Fix issues related to the Microsoft Defender Advanced Threat service -Troubleshoot attack surface reduction | Fix issues related to network protection and attack surface reduction rules -Troubleshoot next generation protection | If you encounter a problem with antivirus, you can search the tables in this topic to find a matching issue and potential solution - diff --git a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md b/windows/security/threat-protection/microsoft-defender-atp/use-apis.md deleted file mode 100644 index 12a8e4cc4e..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/use-apis.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -title: Microsoft Defender ATP APIs -ms.reviewer: -description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. -keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -search.appverid: met150 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: ellevin -author: levinec -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual ---- - -# Microsoft Defender ATP APIs - -**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - -## In this section -Topic | Description -:---|:--- -[Microsoft Defender ATP API overview](apis-intro.md) | Learn how to access Microsoft Defender ATP APIs. -[Supported Microsoft Defender ATP APIs](exposed-apis-list.md) | Learn more about how you can run API calls to individual supported entities, and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts.md), [domain related alerts](get-domain-related-alerts.md), or even actions such as [isolate machine](isolate-machine.md). -How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md). From 0c80e12633b54b10fb68fbe2b189239240a4d62d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 15:36:46 -0700 Subject: [PATCH 05/12] fix error --- .openpublishing.redirection.json | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f2ac2223ad..f678c7bb7b 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -14442,11 +14442,6 @@ "redirect_document_id": true }, { -"source_path":"windows/security/threat-protection/windows-defender-atp/use-apis.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis", -"redirect_document_id": false -}, -{ "source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp", "redirect_document_id": false @@ -15063,9 +15058,9 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", -"redirect_document_id": true +"source_path":"windows/security/threat-protection/windows-defender-atp/use-apis.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis", +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", From 3fd44010b1b00825c0e564a2d5d7b20e30f3aaa0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 15:43:11 -0700 Subject: [PATCH 06/12] update json --- .openpublishing.redirection.json | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f678c7bb7b..f84cd295f5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -14787,6 +14787,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started.md", +"redirect_url": "/windows/security/threat-protection/index.md", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", "redirect_document_id": false @@ -15046,12 +15051,6 @@ "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", "redirect_document_id": true }, - -{ -"source_path": "windows/security/threat-protection/microsoft-defender-atp/get-started.md", -"redirect_url": "/windows/security/threat-protection/", -"redirect_document_id": true -}, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp", From 60fc617ded8750485f089e6d778c8ab1d27effab Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 9 Aug 2019 16:09:40 -0700 Subject: [PATCH 07/12] fix --- .openpublishing.redirection.json | 72 ++++++++++++++++---------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f84cd295f5..4f7d56e2c7 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1607,16 +1607,31 @@ "redirect_document_id": true }, { +"source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { "source_path": "windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/use-apis", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/preferences-setup", "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease", "redirect_document_id": true @@ -1692,6 +1707,16 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/response-actions.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts", +"redirect_document_id": false +}, +{ +"source_path": "windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection", +"redirect_document_id": true +}, +{ "source_path": "windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1807,11 +1832,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp", -"redirect_document_id": true -}, -{ "source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-overview.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview", "redirect_document_id": true @@ -12032,11 +12052,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md", "redirect_url": "/windows/device-security/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies", "redirect_document_id": true @@ -12187,11 +12202,6 @@ "redirect_document_id": true }, { -"source_path": "windows/keep-secure/response-actions-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/keep-secure/restore-files-and-directories.md", "redirect_url": "/windows/device-security/security-policy-settings/restore-files-and-directories", "redirect_document_id": true @@ -15042,14 +15052,9 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/response-actions.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts", -"redirect_document_id": true -}, -{ -"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", -"redirect_document_id": true +"source_path": "windows/security/threat-protection/windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-mdatp", +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/microsoft-defender-atp/troubleshoot-overview.md", @@ -15062,16 +15067,6 @@ "redirect_document_id": false }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/use-apis.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", -"redirect_document_id": true -}, -{ -"source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", -"redirect_document_id": true -}, -{ "source_path": "windows/security/threat-protection/windows-defender-atp/user-alert-windows-defender-advanced-threat-protection-new.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/user", "source_path": "windows/deployment/planning/windows-10-fall-creators-deprecation.md", @@ -15099,16 +15094,21 @@ "redirect_document_id": true }, { -"source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", -"redirect_url": "/windows/deployment/windows-10-subscription-activation", +"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list", "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", +"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", "redirect_document_id": true }, { +"source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", +"redirect_url": "/windows/deployment/windows-10-subscription-activation", +"redirect_document_id": true +}, +{ "source_path": "windows/hub/windows-10-landing.yml", "redirect_url": "/windows/windows-10", "redirect_document_id": true From 33b7db65d744fcee455a5ae89af9e7890bd1e300 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 08:58:36 -0700 Subject: [PATCH 08/12] fix warnings --- .openpublishing.redirection.json | 7 +--- .../preferences-setup.md | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 4f7d56e2c7..2757821538 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1627,11 +1627,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/apis-intro", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/prerelease.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/prerelease", "redirect_document_id": true @@ -15101,7 +15096,7 @@ { "source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md new file mode 100644 index 0000000000..e5f2d93731 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md @@ -0,0 +1,37 @@ +--- +title: Configure Microsoft Defender Security Center settings +description: Use the settings page to configure general settings, permissions, apis, and rules. +keywords: settings, general settings, permissions, apis, rules +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Configure Microsoft Defender Security Center settings + +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) + +Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. + +## In this section + +Topic | Description +:---|:--- +General settings | Modify your general settings that were previously defined as part of the onboarding process. +Permissions | Manage portal access using RBAC as well as machine groups. +APIs | Enable the threat intel and SIEM integration. +Rules | Configure suppressions rules and automation settings. +Machine management | Onboard and offboard machines. From be526fdb1dc5cdf5daa485c6a0cfb7b194a454fc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:38:39 -0700 Subject: [PATCH 09/12] redirect --- .openpublishing.redirection.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2757821538..ec4bd3b774 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15084,6 +15084,11 @@ "redirect_document_id": true }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", +"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", +"redirect_document_id": false +}, +{ "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", "redirect_document_id": true @@ -15094,11 +15099,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list.md", -"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators", -"redirect_document_id": false -}, -{ "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md", "redirect_url": "/windows/deployment/windows-10-subscription-activation", "redirect_document_id": true From 33c5492a9269d5e720e23969af189dff914a9b3b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:43:43 -0700 Subject: [PATCH 10/12] json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ec4bd3b774..48f671dadc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15091,7 +15091,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", From 1e0d05382fd111d8dd9e40becf256dd156e98b59 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:44:14 -0700 Subject: [PATCH 11/12] revert --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 48f671dadc..ec4bd3b774 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15091,7 +15091,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/manage-indicators", -"redirect_document_id": false +"redirect_document_id": true }, { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", From fca8ecbd6268cf3d1aa597d76a7eecf97ac9ca73 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 15 Aug 2019 10:59:50 -0700 Subject: [PATCH 12/12] false --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ec4bd3b774..d3069c4d21 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15096,7 +15096,7 @@ { "source_path": "windows/security/threat-protection/windows-defender-atp/manage-indicators.md", "redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-allowed-blocked-list", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "windows/deployment/windows-10-enterprise-subscription-activation.md",