diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md index 94883b23f3..5b3cf51d1d 100644 --- a/windows/security/threat-protection/windows-defender-atp/management-apis.md +++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md @@ -17,12 +17,12 @@ ms.date: 07/01/2018 TODO: Raviv Integrate Windows Defender Advanced Threat Protection into your existing workflows. -- [Onboarding](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection) - [Configuration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection) -- [Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) +- [Onboarding](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection) +- [RBAC](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection) - [SIEM connectors](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection) - [Exposed APIs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection) -- [RBAC](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection) +- [Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection) - [Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection) @@ -30,6 +30,33 @@ Integrate Windows Defender Advanced Threat Protection into your existing workflo Scratch paper / thoughts: +*** TomerB *** + +NOTE: I changed the order of the sections above - need to also ensure this is align with how the rest of the content is orgenized + +Windows Defender ATP supports a wide variety of options to ensure a smooth and effective adotpion by a wide range of customers profile. +We acknoledge that each environment is different in how it is structure and operats, and the Windwos Defender ATP solution was created with the much needed flexability & granularity to address just that. + +Machine onboarding is fully integrate into SCCM & Intune for client machines and ASC for server machines, providing complete E2E experience of configuraiton, deployment and monitoring. In additonal Windows Defender ATP support GP and any 3rd party tool used for machines management + +Windows Defender ATP provides unparallel powerfull and flexible role based access control - defining who can see which properties, and who can performs which tasks / action. The RBAC model supports all flavors of security teams strucutre +- Globally distributed organizations and security teams +- Tiered model SOC +- Fully segregated devisions with single centralized global SOC + +Windows Defender ATP solution is built on top of an integration ready platform +[1] It support integration with a number of SIEMs solutions and also exposes APIs to fully support any pulling all the alerts underline detection information into any SIEM solutions. +[2] For those who are already heavily invested in data enrichment and automation Windows Defender ATP rich set of APIs enbales just that + * Enriching events coming from other security systems with footpring / prevelance information + * Triggering file or machine level response actions via APIs + * Keeping systems sync-ed (Import machines tags from assets management systems into ATP, Syncronizing alerts and incidents status cross ticketing systems and ATP) + +An important aspects of machines management is the ability to analyze the environment from different, broad, perspective. This often help drive new insights and proper priority of the next "go do" item +[1] Secure score dashboard provides metrics based method of prioritizing the most important proactive security measures. +[2] Windows Defender ATP includes a built-in PowerBI based reporting solution to quickly review trends and details related to ATP alerts and secure score of your machines. ATP also supports full customization of the reports, including mesh ATP data with you own data strem to produce buisness specific report + +*** TomerB *** + Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows. There's a wide variety of supported management tools you can use to onboard machines to the service. The platform also supports various security information and events management (SIEM) tools that allows you to pull alerts to. The application programming interface (APIs) provides the flexibility of pulling or creating alerts programmatically. diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md index d0d3725800..fd04af4fb7 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md @@ -15,8 +15,6 @@ ms.date: 09/03/2018 # Microsoft Cloud App Security Configuration -## How do I use it? - To benefit from Windows Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration in the **Windows Defender ATP Settings** page, under **Advanced features**: ![Advanced features](./images/advanced-features.png) @@ -25,9 +23,9 @@ Once activated, Windows Defender ATP will immediately start forwarding discovery ## View the data collected -1. Browse to the [Cloud App Security portal](portal.cloudappsecurity.com) +1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com/). -2. Navigate to the Cloud Discovery dashboard +2. Navigate to the Cloud Discovery dashboard. 3. Select **Win10 Endpoint Users report**, which contains the data coming from Windows Defender ATP. @@ -37,4 +35,8 @@ This report is similar to the existing discovery report with one major differenc Notice the new **Machine**s tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (e.g., when drilling down to a specific cloud app). -![Cloud discovery](./images/cloud-discovery.png) \ No newline at end of file +![Cloud discovery](./images/cloud-discovery.png) + +## Related topic + +- [Microsoft Cloud App Security integration](microsoft-cloud-app-security-integration.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md index c2519176cf..ae5ec60c91 100644 --- a/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md @@ -27,6 +27,6 @@ Cloud App Security integrates into your eco-system in two places: ![Cloud apps](./images/cloud-apps.png) - ## Related topic + - [Configure Microsoft Cloud App Security](microsoft-cloud-app-security-config.md) \ No newline at end of file