From dbefd611fe11e09c2c01a269075711adfaf670b4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 12:58:28 -0700 Subject: [PATCH 01/12] fixing links --- ...nd-windows-defender-application-control.md | 6 ++---- .../TOC.md | 2 -- ...ender-application-control-and-applocker.md | 19 ------------------- 3 files changed, 2 insertions(+), 25 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-and-applocker.md diff --git a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md index 6d1f3ebae2..4d96519ca3 100644 --- a/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md @@ -38,13 +38,11 @@ But configurable CI carries no specific hardware or software requirements other Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. So we are promoting configurable CI within our security stack and giving it a name of its own: [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control). We hope this branding change will help us better communicate options for adopting application control within an organization. -Does this mean Windows Defender Device Guard is going away? Not at all. Device Guard will continue to exist as a way to describe the fully locked down state achieved through the use of Windows Defender Application Control (WDAC), [HVCI](https://docs.microsoft.com/windows/security/threat-protection/enable-virtualization-based-protection-of-code-integrity), and hardware and firmware security features. It also allows us to work with our OEM partners to identify specifications for devices that are “Device Guard capable” so that our joint customers can easily purchase devices that meet all of the hardware and firmware requirements of the original Device Guard scenario. +Does this mean Windows Defender Device Guard is going away? Not at all. Device Guard will continue to exist as a way to describe the fully locked down state achieved through the use of Windows Defender Application Control (WDAC), HVCI, and hardware and firmware security features. It also allows us to work with our OEM partners to identify specifications for devices that are “Device Guard capable” so that our joint customers can easily purchase devices that meet all of the hardware and firmware requirements of the original Device Guard scenario. ## Related topics -- [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) - -- [HVCI](https://docs.microsoft.com/windows/security/threat-protection/enable-virtualization-based-protection-of-code-integrity) +[Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control) [Dropping the Hammer Down on Malware Threats with Windows 10’s Windows Defender Device Guard](https://channel9.msdn.com/Events/Ignite/2015/BRK2336) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 836e7211f6..6644912c09 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -29,8 +29,6 @@ #### [Signing WDAC policies with SignTool.exe](signing-policies-with-signtool.md) ### [Disable WDAC policies](disable-windows-defender-application-control-policies.md) -## [Windows Defender Application Control and AppLocker](windows-defender-application-control-and-applocker.md) - ## [AppLocker](applocker\applocker-overview.md) ### [Administer AppLocker](applocker\administer-applocker.md) #### [Maintain AppLocker policies](applocker\maintain-applocker-policies.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-and-applocker.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-and-applocker.md deleted file mode 100644 index 241de1c37b..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-and-applocker.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Windows Defender Application Control and AppLocker (Windows 10) -description: Windows Defender Application Control and AppLocker. -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -author: jsuther1974 -ms.date: 01/24/2018 ---- - -# Windows Defender Application Control and AppLocker - -**Applies to:** - -- Windows 10 -- Windows Server 2016 - From 5b621710729f4ae3b79084ac323cc0d2212ea60c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 14:06:39 -0700 Subject: [PATCH 02/12] added redirects for AppLocker --- .openpublishing.redirection.json | 435 +++++++++++++++++++++++++++++++ 1 file changed, 435 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 2dfa98c412..cd00af0373 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -1,6 +1,441 @@ { "redirections": [ { +"source_path": "windows/security/threat-protection/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/administer-applocker-using-mdm.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/administer-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-architecture-and-components.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-functions.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-overview.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-policies-deployment-guide.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-policies-design-guide.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-policy-use-scenarios.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-processes-and-interactions.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-settings.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/applocker-technical-reference.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/AppLockerFileNames.txt", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/AppLockerFileNames.", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-enforce-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/configure-exceptions-for-an-applocker-rule.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/configure-the-application-identity-service.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/configure-the-appLocker-reference-device.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-a-rule-for-packaged-apps.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-file-hash-condition.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-path-condition.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-a-rule-that-uses-a-publisher-condition.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-applocker-default-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-list-of-applications-deployed-to-each-business-group.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-your-applocker-policies.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/create-your-applocker-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/delete-an-applocker-rule.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/deploy-the-applocker-policy-into-production.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/determine-group-policy-structure-and-rule-enforcement.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/determine-your-application-control-objectives.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/dll-rules-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/document-your-application-list.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/document-your-applocker-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/edit-an-applocker-policy.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/edit-applocker-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/enable-the-dll-rule-collection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/enforce-applocker-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/executable-rules-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-from-a-gpo.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/export-an-applocker-policy-to-an-xml-file.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/how-applocker-works-techref.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-from-another-computer.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/import-an-applocker-policy-into-a-gpo.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/maintain-applocker-policies.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/manage-packaged-apps-with-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/merge-applocker-policies-manually.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/monitor-application-usage-with-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/optimize-applocker-performance.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/plan-for-applocker-policy-management.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/refresh-an-applocker-policy.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/requirements-for-deploying-applocker-policies.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/requirements-to-use-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/run-the-automatically-generate-rules-wizard.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/script-rules-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/security-considerations-for-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/select-types-of-rules-to-create.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/test-and-update-an-applocker-policy.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/tools-to-use-with-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understand-applocker-enforcement-settings.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understand-applocker-policy-design-decisions.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understand-the-applocker-policy-deployment-process.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-applocker-default-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-behavior.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-collections.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-condition-types.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-applocker-rule-exceptions.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-the-file-hash-rule-condition-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-the-path-rule-condition-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/understanding-the-publisher-rule-condition-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/use-the-applocker-windows-powershell-cmdlets.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/using-event-viewer-with-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/using-software-restriction-policies-and-applocker-policies.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/what-is-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/windows-installer-rules-in-applocker.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/working-with-applocker-policies.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies", +"redirect_document_id": true +}, +{ +"source_path": "windows/security/threat-protection/applocker/working-with-applocker-rules.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md", "redirect_url": "/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity", "redirect_document_id": true From 867b8d69d3d61897d34c471ae4f010f2c87e1eaa Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 14:23:50 -0700 Subject: [PATCH 03/12] added to entries for Exploit Guard --- windows/security/threat-protection/TOC.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 4e889eb5ff..dc7db305ef 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -294,6 +294,9 @@ #### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md) #### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md) ##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md) +#### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md) +##### [Requirements and deployment planning guidelines for virtualization-based protection of code integrity](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) +##### [Enable virtualization-based protection of code integrity](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) ### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md) #### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md) #### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md) From e6ade3198c9825b8057c0e6e18cc1044e6a79162 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 14:28:57 -0700 Subject: [PATCH 04/12] added to entries for Exploit Guard --- .openpublishing.redirection.json | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index cd00af0373..d8095c6843 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -61,11 +61,6 @@ "redirect_document_id": true }, { -"source_path": "windows/security/threat-protection/applocker/AppLockerFileNames.txt", -"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/AppLockerFileNames.", -"redirect_document_id": true -}, -{ "source_path": "windows/security/threat-protection/applocker/configure-an-applocker-policy-for-audit-only.md", "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only", "redirect_document_id": true From 2af81b2c53c1f44d24c1a13ece0b076897acf21b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 14:58:26 -0700 Subject: [PATCH 05/12] added dates --- ...nced-features-windows-defender-advanced-threat-protection.md | 2 +- ...est-practices-windows-defender-advanced-threat-protection.md | 2 +- ...ing-reference-windows-defender-advanced-threat-protection.md | 2 +- ...anced-hunting-windows-defender-advanced-threat-protection.md | 2 +- .../alerts-queue-windows-defender-advanced-threat-protection.md | 2 +- ...portal-access-windows-defender-advanced-threat-protection.md | 2 +- ...nvestigations-windows-defender-advanced-threat-protection.md | 2 +- ...sensor-status-windows-defender-advanced-threat-protection.md | 2 +- .../community-windows-defender-advanced-threat-protection.md | 2 +- ...tional-access-windows-defender-advanced-threat-protection.md | 2 +- ...notifications-windows-defender-advanced-threat-protection.md | 2 +- ...-endpoints-gp-windows-defender-advanced-threat-protection.md | 2 +- ...endpoints-mdm-windows-defender-advanced-threat-protection.md | 2 +- ...s-non-windows-windows-defender-advanced-threat-protection.md | 2 +- ...ndpoints-sccm-windows-defender-advanced-threat-protection.md | 2 +- ...points-script-windows-defender-advanced-threat-protection.md | 2 +- ...endpoints-vdi-windows-defender-advanced-threat-protection.md | 2 +- ...ure-endpoints-windows-defender-advanced-threat-protection.md | 2 +- ...ver-endpoints-windows-defender-advanced-threat-protection.md | 2 +- ...custom-ti-api-windows-defender-advanced-threat-protection.md | 2 +- ...tion-settings-windows-defender-advanced-threat-protection.md | 2 +- ...compatibility-windows-defender-advanced-threat-protection.md | 2 +- ...ble-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- ...-secure-score-windows-defender-advanced-threat-protection.md | 2 +- ...m-integration-windows-defender-advanced-threat-protection.md | 2 +- ...t-error-codes-windows-defender-advanced-threat-protection.md | 2 +- ...tigate-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...tigate-domain-windows-defender-advanced-threat-protection.md | 2 +- ...stigate-files-windows-defender-advanced-threat-protection.md | 2 +- ...nvestigate-ip-windows-defender-advanced-threat-protection.md | 2 +- ...gate-machines-windows-defender-advanced-threat-protection.md | 2 +- ...estigate-user-windows-defender-advanced-threat-protection.md | 2 +- ...n-seen-in-org-windows-defender-advanced-threat-protection.md | 2 +- ...achine-groups-windows-defender-advanced-threat-protection.md | 2 +- ...view-overview-windows-defender-advanced-threat-protection.md | 2 +- ...manage-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...-blocked-list-windows-defender-advanced-threat-protection.md | 2 +- ...-file-uploads-windows-defender-advanced-threat-protection.md | 2 +- ...er-exclusions-windows-defender-advanced-threat-protection.md | 2 +- ...ression-rules-windows-defender-advanced-threat-protection.md | 2 +- ...-requirements-windows-defender-advanced-threat-protection.md | 2 +- ...oard-machines-windows-defender-advanced-threat-protection.md | 2 +- ...ard-configure-windows-defender-advanced-threat-protection.md | 2 +- ...rtal-overview-windows-defender-advanced-threat-protection.md | 2 +- ...werbi-reports-windows-defender-advanced-threat-protection.md | 2 +- ...-example-code-windows-defender-advanced-threat-protection.md | 2 +- ...erences-setup-windows-defender-advanced-threat-protection.md | 2 +- ...view-settings-windows-defender-advanced-threat-protection.md | 2 +- .../preview-windows-defender-advanced-threat-protection.md | 2 +- ...sing-rest-api-windows-defender-advanced-threat-protection.md | 2 +- ...-example-code-windows-defender-advanced-threat-protection.md | 2 +- .../rbac-windows-defender-advanced-threat-protection.md | 2 +- ...d-file-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...ore-dashboard-windows-defender-advanced-threat-protection.md | 2 +- ...ons-dashboard-windows-defender-advanced-threat-protection.md | 2 +- ...ervice-status-windows-defender-advanced-threat-protection.md | 2 +- ...upported-apis-windows-defender-advanced-threat-protection.md | 2 +- ...ator-concepts-windows-defender-advanced-threat-protection.md | 2 +- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- ...use-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- .../windows-defender-advanced-threat-protection.md | 2 +- 61 files changed, 61 insertions(+), 61 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index bece8724df..4d69ad7c7b 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Configure advanced features in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md index 49284ab1d1..f553f152fd 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Advanced hunting query best practices Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index db6c9b6f35..fd147bb4ef 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Advanced hunting reference in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index f523b1c8d1..c5a0aa9147 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Query data using Advanced hunting in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md index 26eef896ca..3955ce8269 100644 --- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # View and organize the Windows Defender Advanced Threat Protection Alerts queue diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md index 4b947eec35..5acb334a86 100644 --- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Assign user access to the Windows Defender ATP portal diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index 6046993dba..760acda319 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Use Automated investigations to investigate and remediate threats diff --git a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md index 6a933ada64..968c448af5 100644 --- a/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Check sensor health state in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md index f56d8e3bae..d55f04fddc 100644 --- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md index aacc9c9ee1..5c7c425311 100644 --- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Enable conditional access to better protect users, devices, and data diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 6559e3e082..b35af2246b 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Configure alert notifications in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index 20a25e6d96..e3b7fb8022 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard Windows 10 machines using Group Policy diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index fc37a29fbc..c7774a5663 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard Windows 10 machines using Mobile Device Management tools diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index 60fdf52cf6..450371174d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard non-Windows machines diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index 1da2299153..ab8da7cafa 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard Windows 10 machines using System Center Configuration Manager diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index 51910b2668..4dbf933ec5 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard Windows 10 machines using a local script diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md index 477529fa7d..3053183884 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard non-persistent virtual desktop infrastructure (VDI) machines diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md index e6d78d4bb0..dab99dbf01 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard Windows 10 machines diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index c55f7851c0..ba55fbe424 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard servers to the Windows Defender ATP service diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md index 8af91533b7..e06ccda51d 100644 --- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Create custom alerts using the threat intelligence (TI) application program interface (API) diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md index 2c31b1365d..2f1642def7 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Update data retention settings for Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md index 09ed79f526..035afaf190 100644 --- a/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Windows Defender Antivirus compatibility with Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index 4864c55ad8..babca11760 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Enable the custom threat intelligence API in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md index 9e6c2f081b..da135efb65 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Enable Secure Score security controls diff --git a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md index 9b39935b31..183ecc286d 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Enable SIEM integration in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 7dbc500f97..f4c7dd2bb3 100644 --- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md index 840ac36b91..c8df547c6b 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Investigate Windows Defender Advanced Threat Protection alerts diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md index 9d2442bd7c..cf096a36d3 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Investigate a domain associated with a Windows Defender ATP alert diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md index 8303abcda1..042216f1a6 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Investigate a file associated with a Windows Defender ATP alert diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md index a22179f273..cd9eaa9b7c 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Investigate an IP address associated with a Windows Defender ATP alert diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 06fd351604..9149871e85 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Investigate machines in the Windows Defender ATP Machines list diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md index 46a2f46c0e..fb5d06dfd4 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Investigate a user account in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md index 240d558937..a7c1630a56 100644 --- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Is domain seen in org diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md index 454d1a3aec..221bfd7884 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Create and manage machine groups in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index a87a7f95fe..924bd2359f 100644 --- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # View and organize the Windows Defender ATP Machines list diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md index 5912acb1a8..54bc053ce4 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Manage Windows Defender Advanced Threat Protection alerts diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 1f68016ea9..abe6240f77 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Manage automation allowed/blocked lists diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md index f6b88381ff..a418fca559 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Manage automation file uploads diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md index c7d1e70c54..0388d3e0dd 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Manage automation folder exclusions diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md index c06aea4230..afd498bd1b 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Manage suppression rules diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index 3983d79af5..9afdfa86cb 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Minimum requirements for Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md index 78710989d2..5083d2feae 100644 --- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Offboard machines from the Windows Defender ATP service diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index 84c7cee481..e5ee209594 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Onboard machines to the Windows Defender ATP service diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index ce444d924a..d8e518f47c 100644 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Windows Defender Advanced Threat Protection portal overview diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index e92d59ee73..ecb07ccd1e 100644 --- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Create and build Power BI reports using Windows Defender ATP data diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md index 36e285cce8..f08533a767 100644 --- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # PowerShell code examples for the custom threat intelligence API diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md index 4d00c68de1..72dd86675c 100644 --- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Configure Windows Defender ATP settings diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md index 6f65f14423..61315574f8 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Turn on the preview experience in Windows Defender ATP diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index a018b2c742..cb370648b1 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Windows Defender ATP preview features diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index d3de2bec95..441d1895d8 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Pull Windows Defender ATP alerts using REST API diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md index 278e02f9bb..58abb6bddc 100644 --- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Python code examples for the custom threat intelligence API diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md index 8b7ad9f93e..fdb452e1ad 100644 --- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Manage portal access using role-based access control diff --git a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 0e5f08d3d5..f3fa656be3 100644 --- a/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Take response actions on a file diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md index 43e1cf6abb..8fce3d5f13 100644 --- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: mjcaparas localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # View the Windows Defender Advanced Threat Protection Secure score dashboard diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md index 7b4b053ce3..d3740aa25f 100644 --- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # View the Windows Defender Advanced Threat Protection Security operations dashboard diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index 0e0c2d60c4..488f25d704 100644 --- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Check the Windows Defender Advanced Threat Protection service health diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md index 6e4c10056a..9fa8d8f13a 100644 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Supported Windows Defender ATP query APIs diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md index 3324909b34..160df53514 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Understand threat intelligence concepts diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 637bf8c04f..53bbce16ae 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md index 43d2792de3..fca8e3f3ee 100644 --- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Use the threat intelligence API to create custom alerts diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 2789778750..408dd8bb78 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/17/2018 +ms.date: 04/24/2018 --- # Windows Defender Advanced Threat Protection From 487ce018ec27cedadab3c18b970b4956b4ae5439 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 16:30:05 -0700 Subject: [PATCH 06/12] added conditional access to ToC --- windows/security/threat-protection/TOC.md | 1 + ...ows-defender-advanced-threat-protection.md | 27 ------------------- ...ows-defender-advanced-threat-protection.md | 1 - ...ows-defender-advanced-threat-protection.md | 3 --- 4 files changed, 1 insertion(+), 31 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 4e889eb5ff..b25b3b1b82 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -189,6 +189,7 @@ ##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md) ##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md) ##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md) +##### [Protect data with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) ####Permissions ##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index ba55fbe424..62c3b16138 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -18,7 +18,6 @@ ms.date: 04/24/2018 - Windows Server 2012 R2 - Windows Server 2016 -- Windows Server, version 1803 - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] @@ -30,7 +29,6 @@ Windows Defender ATP extends support to also include the Windows Server operatin Windows Defender ATP supports the onboarding of the following servers: - Windows Server 2012 R2 - Windows Server 2016 -- Windows Server, version 1803 ## Onboard Windows Server 2012 R2 and Windows Server 2016 @@ -82,31 +80,6 @@ Once completed, you should see onboarded servers in the portal within an hour. | winatp-gw-neu.microsoft.com | 443 | | winatp-gw-weu.microsoft.com | 443 | -## Onboard Windows Server, version 1803 -You’ll be able to onboard in the same method available for Windows 10 client machines. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. - -1. Install the latest Windows Server Insider build on a machine. For more information, see [Windows Server Insider Preview](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver). - -2. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). - -3. If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly: - - a. Set the following registry entry: - - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` - - Name: ForceDefenderPassiveMode - - Value: 1 - - b. Run the following PowerShell command to verify that the passive mode was configured: - ```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}``` - - c. Confirm that a recent event containing the passive mode event is found: - ![Image of passive mode verification result](images/atp-verify-passive-mode.png) - -4. Run the following command to check if Windows Defender AV is installed: - ```sc query Windefend``` - - If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). - ## Offboard servers You have two options to offboard servers from the service: - Uninstall the MMA agent diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index 63395308fe..af0f9887a7 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -47,7 +47,6 @@ The following features are included in the preview release: Windows Defender ATP supports the onboarding of the following servers: - Windows Server 2012 R2 - Windows Server 2016 - - Windows Server, version 1803 - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph. diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md index 8fce3d5f13..c6c4102eb5 100644 --- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md @@ -297,9 +297,6 @@ For more information, see [Windows Defender Firewall with Advanced Security](htt ### BitLocker optimization For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for BitLocker is fulfilled. ->[!IMPORTANT] ->This security control is only applicable for machines with Windows 10, version 1803 or later. - #### Minimum baseline configuration setting for BitLocker - Ensure all supported internal drives are encrypted - Ensure that all suspended protection on drives resume protection From c9886073aff9e8f0c2e138cc1c54bb470be3ec63 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 20:41:42 -0700 Subject: [PATCH 07/12] fixed atp toc --- .../windows-defender-atp/TOC.md | 1022 ++++++++++++++--- 1 file changed, 858 insertions(+), 164 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index d14024b3df..b25b3b1b82 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -1,173 +1,867 @@ -# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) - -##Get started -## [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) -## [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) -## [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) -## [Preview features](preview-windows-defender-advanced-threat-protection.md) -## [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) -## [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) -## [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) -## [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) -### [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) -### [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) -### [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) -#### [Configure endpoints using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune) -### [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) -### [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) -## [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) -## [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) -## [Run a detection test on a newly onboarded endpoint](run-detection-test-windows-defender-advanced-threat-protection.md) -## [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) -## [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) -## [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) -## [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) -## [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) -## [View the Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) - -##Investigate and remediate threats -##Alerts queue -### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) -### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) -### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) -### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) -### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) -### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) -### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) -### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) - -##Machines list -### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) -### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) -### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) -### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) -#### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) -#### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) -#### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) -#### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) +# [Threat protection](index.md) -## [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) -### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) -#### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) -### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) -### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) -### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) -### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) -### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) -### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) -### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) -### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) -### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) -### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) -### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) -#### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) -#### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) -#### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) - -##API and SIEM support -## [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) -### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) -### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) -### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) -### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) -### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) - -## [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) -### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) -### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) -### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) -### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) -### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) -## [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) -### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) -###Actor -#### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md) -#### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -###Alerts -#### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md) -#### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -#### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -#### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -#### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -#### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -#### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -###Domain -#### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -#### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -#### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) -#### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -###File -#### [Block file API](block-file-windows-defender-advanced-threat-protection.md) -#### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md) -#### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md) -#### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md) -#### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md) -#### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md) -#### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md) - -###IP -#### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -#### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md) -#### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md) -#### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md) -###Machines -#### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md) -#### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -#### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) -#### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -#### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -#### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md) -#### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -#### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -#### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md) -#### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md) -#### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) -#### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md) -#### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md) -#### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md) -#### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -#### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md) -#### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) -#### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) -#### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) +## [The Windows Defender Security Center app](windows-defender-security-center/windows-defender-security-center.md) +### [Customize the Windows Defender Security Center app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md) +### [Hide Windows Defender Security Center app notifications](windows-defender-security-center/wdsc-hide-notifications.md) +### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md) +### [Device performance and health](windows-defender-security-center/wdsc-device-performance-health.md) +### [Firewall and network protection](windows-defender-security-center/wdsc-firewall-network-protection.md) +### [App and browser control](windows-defender-security-center/wdsc-app-browser-control.md) +### [Family options](windows-defender-security-center/wdsc-family-options.md) -###User -#### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -#### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) -#### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) -#### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) -##Reporting -## [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -##Check service health and sensor state -## [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) -### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) -### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) -### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) -## [Check service health](service-status-windows-defender-advanced-threat-protection.md) -## [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) -## [Update general settings](general-settings-windows-defender-advanced-threat-protection.md) -## [Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md) -## [Enable preview experience](preview-settings-windows-defender-advanced-threat-protection.md) -## [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) -## [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) -## [Enable Threat intel API](enable-custom-ti-windows-defender-advanced-threat-protection.md) -## [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -## [Enable Security Analytics security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) -## [Configure Windows Defender ATP time zone settings](settings-windows-defender-advanced-threat-protection.md) -## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) -## [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) -## [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) -## [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) +## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) +###Get started +#### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md) +#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) +#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md) +#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md) +#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md) +### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) +#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) +###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune) +##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md) +##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) +#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md) +#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) +#### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md) +#### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md) +#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) +### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md) +#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md) +#### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md) +#### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md) +#### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) +###Investigate and remediate threats +####Alerts queue +##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md) +##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md) +##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md) +##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md) +##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md) +##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md) +##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md) +##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md) + + + + +####Machines list +##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md) +##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) +##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) +##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) +###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) +###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) +###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) +###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) + + +#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md) +##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md) +###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) +###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) +###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) +###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) +###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) +###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) +###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md) +###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) +###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) +###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) +###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) +###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) +####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) +####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) + +#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) +#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md) +##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md) +##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) + +###API and SIEM support +#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) +##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md) +##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md) +##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md) +##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md) +##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md) + +#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) +##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) +##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) +##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) +##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) +######Actor +####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md) +####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md) +######Alerts +####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md) +####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md) +####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) +######Domain +####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) +####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) + +######File +####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) +####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md) +####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md) +####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md) +####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md) + +######IP +####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md) +####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md) +######Machines +####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md) +####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) +####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) +####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md) +####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) +####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md) +####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md) +####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md) +####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md) +####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) +####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md) +####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md) +####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md) +####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md) +####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md) +####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) +####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) +####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) + + + +######User +####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) +####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md) +####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) + +###Reporting +#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) + +###Check service health and sensor state +#### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md) +##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) +##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) +##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) +#### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md) +### [Configure Windows Defender ATP Settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md) + +####General +##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md) +##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md) +##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md) +##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md) +##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md) +##### [Protect data with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) + +####Permissions +##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md) +##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md) + +####APIs +##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md) + +####Rules +##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md) +##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) +##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) + +####Machine management +##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) +##### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md) + +### [Configure Windows Defender ATP time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md) + +### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md) +### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md) +#### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md) +### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md) + +## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md) +### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md) + +### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md) + +### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md) +#### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md) + + +### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md) + + +### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md) +#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md) +##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md) +#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md) +##### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md) +#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md) +##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md) +##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md) +##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md) +##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md) +##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md) + + +### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md) +#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md) +##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md) +##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md) +##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md) +##### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md) +##### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md) +#### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md) +##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) +##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md) +#### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md) +##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md) +##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md) +##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md) + + +### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md) +#### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md) +##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md) +##### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md) +##### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md) +#### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md) +#### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md) +#### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md) +#### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md) +#### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md) +#### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md) +#### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md) + + +### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md) + + + +### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md) +#### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md) +#### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md) +#### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md) +#### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md) +#### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md) + + + +## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md) +### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md) +#### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md) +#### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md) + +### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md) +#### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md) +#### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md) +#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md) +#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md) +##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md) +### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md) +#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md) +#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md) +#### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md) +#### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md) +### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md) +#### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md) +#### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md) +#### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md) +### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md) +#### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md) +#### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md) +#### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md) + + +## [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md) + +## [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) + +## [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) + +## [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) +### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md) +### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md) + +##[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md) +###[System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md) +###[Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) +###[Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md) +###[Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md) +###[Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md) + +## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) + +## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) + +## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md) + +## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) + +## [Security auditing](auditing/security-auditing-overview.md) +### [Basic security audit policies](auditing/basic-security-audit-policies.md) +#### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md) +#### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md) +#### [View the security event log](auditing/view-the-security-event-log.md) +#### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md) +##### [Audit account logon events](auditing/basic-audit-account-logon-events.md) +##### [Audit account management](auditing/basic-audit-account-management.md) +##### [Audit directory service access](auditing/basic-audit-directory-service-access.md) +##### [Audit logon events](auditing/basic-audit-logon-events.md) +##### [Audit object access](auditing/basic-audit-object-access.md) +##### [Audit policy change](auditing/basic-audit-policy-change.md) +##### [Audit privilege use](auditing/basic-audit-privilege-use.md) +##### [Audit process tracking](auditing/basic-audit-process-tracking.md) +##### [Audit system events](auditing/basic-audit-system-events.md) +### [Advanced security audit policies](auditing/advanced-security-auditing.md) +#### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md) +#### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md) +##### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md) +#### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) +##### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md) +##### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md) +##### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md) +##### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md) +##### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md) +##### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md) +##### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md) +##### [Monitor claim types](auditing/monitor-claim-types.md) +#### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md) +##### [Audit Credential Validation](auditing/audit-credential-validation.md) +###### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md) +###### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md) +###### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md) +###### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md) +##### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md) +###### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md) +###### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md) +###### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md) +##### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md) +###### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md) +###### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md) +###### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md) +##### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md) +##### [Audit Application Group Management](auditing/audit-application-group-management.md) +##### [Audit Computer Account Management](auditing/audit-computer-account-management.md) +###### [Event 4741 S: A computer account was created.](auditing/event-4741.md) +###### [Event 4742 S: A computer account was changed.](auditing/event-4742.md) +###### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md) +##### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md) +###### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md) +###### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md) +###### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md) +###### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md) +###### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md) +##### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md) +###### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md) +###### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md) +##### [Audit Security Group Management](auditing/audit-security-group-management.md) +###### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md) +###### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md) +###### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md) +###### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md) +###### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md) +###### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md) +###### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md) +##### [Audit User Account Management](auditing/audit-user-account-management.md) +###### [Event 4720 S: A user account was created.](auditing/event-4720.md) +###### [Event 4722 S: A user account was enabled.](auditing/event-4722.md) +###### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md) +###### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md) +###### [Event 4725 S: A user account was disabled.](auditing/event-4725.md) +###### [Event 4726 S: A user account was deleted.](auditing/event-4726.md) +###### [Event 4738 S: A user account was changed.](auditing/event-4738.md) +###### [Event 4740 S: A user account was locked out.](auditing/event-4740.md) +###### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md) +###### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md) +###### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md) +###### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md) +###### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md) +###### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md) +###### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md) +###### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md) +###### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md) +##### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md) +###### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md) +###### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md) +###### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md) +###### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md) +##### [Audit PNP Activity](auditing/audit-pnp-activity.md) +###### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md) +###### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md) +###### [Event 6420 S: A device was disabled.](auditing/event-6420.md) +###### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md) +###### [Event 6422 S: A device was enabled.](auditing/event-6422.md) +###### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md) +###### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md) +##### [Audit Process Creation](auditing/audit-process-creation.md) +###### [Event 4688 S: A new process has been created.](auditing/event-4688.md) +###### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md) +##### [Audit Process Termination](auditing/audit-process-termination.md) +###### [Event 4689 S: A process has exited.](auditing/event-4689.md) +##### [Audit RPC Events](auditing/audit-rpc-events.md) +###### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md) +##### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md) +###### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md) +###### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md) +###### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md) +###### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md) +###### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md) +###### [Event 4935 F: Replication failure begins.](auditing/event-4935.md) +###### [Event 4936 S: Replication failure ends.](auditing/event-4936.md) +###### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md) +##### [Audit Directory Service Access](auditing/audit-directory-service-access.md) +###### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md) +###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md) +##### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md) +###### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md) +###### [Event 5137 S: A directory service object was created.](auditing/event-5137.md) +###### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md) +###### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md) +###### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md) +##### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md) +###### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md) +###### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md) +##### [Audit Account Lockout](auditing/audit-account-lockout.md) +###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md) +##### [Audit User/Device Claims](auditing/audit-user-device-claims.md) +###### [Event 4626 S: User/Device claims information.](auditing/event-4626.md) +##### [Audit Group Membership](auditing/audit-group-membership.md) +###### [Event 4627 S: Group membership information.](auditing/event-4627.md) +##### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md) +##### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md) +##### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md) +##### [Audit Logoff](auditing/audit-logoff.md) +###### [Event 4634 S: An account was logged off.](auditing/event-4634.md) +###### [Event 4647 S: User initiated logoff.](auditing/event-4647.md) +##### [Audit Logon](auditing/audit-logon.md) +###### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md) +###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md) +###### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md) +###### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md) +##### [Audit Network Policy Server](auditing/audit-network-policy-server.md) +##### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md) +###### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md) +###### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md) +###### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md) +###### [Event 4800 S: The workstation was locked.](auditing/event-4800.md) +###### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md) +###### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md) +###### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md) +###### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md) +###### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md) +###### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md) +##### [Audit Special Logon](auditing/audit-special-logon.md) +###### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md) +###### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md) +##### [Audit Application Generated](auditing/audit-application-generated.md) +##### [Audit Certification Services](auditing/audit-certification-services.md) +##### [Audit Detailed File Share](auditing/audit-detailed-file-share.md) +###### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md) +##### [Audit File Share](auditing/audit-file-share.md) +###### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md) +###### [Event 5142 S: A network share object was added.](auditing/event-5142.md) +###### [Event 5143 S: A network share object was modified.](auditing/event-5143.md) +###### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md) +###### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md) +##### [Audit File System](auditing/audit-file-system.md) +###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) +###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) +###### [Event 4660 S: An object was deleted.](auditing/event-4660.md) +###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) +###### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md) +###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) +###### [Event 5051: A file was virtualized.](auditing/event-5051.md) +###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) +##### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md) +###### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md) +###### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md) +###### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md) +###### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md) +###### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md) +###### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md) +###### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md) +###### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md) +###### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md) +##### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md) +###### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md) +###### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md) +##### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md) +###### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md) +##### [Audit Kernel Object](auditing/audit-kernel-object.md) +###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) +###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) +###### [Event 4660 S: An object was deleted.](auditing/event-4660.md) +###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) +##### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md) +###### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md) +###### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md) +###### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md) +###### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md) +###### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md) +###### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md) +###### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md) +###### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md) +###### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md) +###### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md) +###### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md) +###### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md) +##### [Audit Registry](auditing/audit-registry.md) +###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) +###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) +###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) +###### [Event 4660 S: An object was deleted.](auditing/event-4660.md) +###### [Event 4657 S: A registry value was modified.](auditing/event-4657.md) +###### [Event 5039: A registry key was virtualized.](auditing/event-5039.md) +###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) +##### [Audit Removable Storage](auditing/audit-removable-storage.md) +##### [Audit SAM](auditing/audit-sam.md) +###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md) +##### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md) +###### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md) +##### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md) +###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) +###### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md) +###### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md) +###### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md) +###### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md) +###### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md) +###### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md) +###### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md) +###### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md) +###### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md) +###### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md) +##### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md) +###### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md) +###### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md) +###### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md) +###### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md) +###### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md) +###### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md) +###### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md) +###### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md) +###### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md) +###### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md) +###### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md) +##### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md) +###### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md) +###### [Event 4704 S: A user right was assigned.](auditing/event-4704.md) +###### [Event 4705 S: A user right was removed.](auditing/event-4705.md) +###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) +###### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md) +###### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md) +##### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md) +##### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md) +###### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md) +###### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md) +###### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md) +###### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md) +###### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md) +###### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md) +###### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md) +###### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md) +###### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md) +###### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md) +###### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md) +###### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md) +###### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md) +###### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md) +##### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md) +###### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md) +###### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md) +###### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md) +###### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md) +###### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md) +###### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md) +###### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md) +###### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md) +###### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md) +###### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md) +###### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md) +###### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md) +###### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md) +###### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md) +###### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md) +###### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md) +##### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md) +###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md) +###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md) +###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) +##### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md) +###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md) +###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md) +###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) +##### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md) +###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) +##### [Audit IPsec Driver](auditing/audit-ipsec-driver.md) +##### [Audit Other System Events](auditing/audit-other-system-events.md) +###### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md) +###### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md) +###### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md) +###### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md) +###### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md) +###### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md) +###### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md) +###### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md) +###### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md) +###### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md) +###### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md) +###### [Event 5058 S, F: Key file operation.](auditing/event-5058.md) +###### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md) +###### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md) +###### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md) +###### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md) +###### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md) +###### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md) +###### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md) +###### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md) +###### [Event 6407: 1%.](auditing/event-6407.md) +###### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md) +###### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md) +##### [Audit Security State Change](auditing/audit-security-state-change.md) +###### [Event 4608 S: Windows is starting up.](auditing/event-4608.md) +###### [Event 4616 S: The system time was changed.](auditing/event-4616.md) +###### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md) +##### [Audit Security System Extension](auditing/audit-security-system-extension.md) +###### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md) +###### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md) +###### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md) +###### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md) +###### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md) +##### [Audit System Integrity](auditing/audit-system-integrity.md) +###### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md) +###### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md) +###### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md) +###### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md) +###### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md) +###### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md) +###### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md) +###### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md) +###### [Event 5060 F: Verification operation failed.](auditing/event-5060.md) +###### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md) +###### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md) +###### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md) +##### [Other Events](auditing/other-events.md) +###### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md) +###### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md) +###### [Event 1104 S: The security log is now full.](auditing/event-1104.md) +###### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md) +###### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md) +##### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md) +##### [Registry (Global Object Access Auditing) ](auditing/registry-global-object-access-auditing.md) +##### [File System (Global Object Access Auditing) ](auditing/file-system-global-object-access-auditing.md) + +## [Security policy settings](security-policy-settings/security-policy-settings.md) +### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md) +#### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md) +### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md) +### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md) +#### [Account Policies](security-policy-settings/account-policies.md) +##### [Password Policy](security-policy-settings/password-policy.md) +###### [Enforce password history](security-policy-settings/enforce-password-history.md) +###### [Maximum password age](security-policy-settings/maximum-password-age.md) +###### [Minimum password age](security-policy-settings/minimum-password-age.md) +###### [Minimum password length](security-policy-settings/minimum-password-length.md) +###### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md) +###### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md) +##### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md) +###### [Account lockout duration](security-policy-settings/account-lockout-duration.md) +###### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md) +###### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md) +##### [Kerberos Policy](security-policy-settings/kerberos-policy.md) +###### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md) +###### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md) +###### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md) +###### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md) +###### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md) +#### [Audit Policy](security-policy-settings/audit-policy.md) +#### [Security Options](security-policy-settings/security-options.md) +##### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md) +##### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md) +##### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md) +##### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md) +##### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md) +##### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md) +##### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md) +##### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md) +##### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md) +##### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md) +##### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md) +##### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md) +##### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md) +##### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md) +##### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md) +##### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md) +##### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md) +##### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md) +##### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md) +##### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md) +##### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md) +##### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md) +##### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md) +##### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md) +##### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md) +##### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md) +##### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md) +##### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md) +##### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md) +##### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md) +##### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md) +##### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md) +##### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md) +##### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md) +##### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md) +##### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md) +##### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) +##### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md) +##### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md) +##### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md) +##### [Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md) +##### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md) +##### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md) +##### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md) +##### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md) +##### [Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md) +##### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md) +##### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md) +##### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md) +##### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md) +##### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md) +##### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md) +##### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md) +##### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md) +##### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md) +##### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md) +##### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md) +##### [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) +##### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md) +##### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md) +##### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md) +##### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md) +##### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md) +##### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md) +##### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md) +##### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md) +##### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md) +##### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md) +##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md) +##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md) +##### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md) +##### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md) +##### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md) +##### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md) +##### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md) +##### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md) +##### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md) +##### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md) +##### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md) +##### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md) +##### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md) +##### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md) +##### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md) +##### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md) +##### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md) +##### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md) +##### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md) +##### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md) +##### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md) +##### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md) +##### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md) +##### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md) +##### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md) +##### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md) +##### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md) +##### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md) +##### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md) +#### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md) +#### [User Rights Assignment](security-policy-settings/user-rights-assignment.md) +##### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md) +##### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md) +##### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md) +##### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md) +##### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md) +##### [Allow log on locally](security-policy-settings/allow-log-on-locally.md) +##### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md) +##### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md) +##### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md) +##### [Change the system time](security-policy-settings/change-the-system-time.md) +##### [Change the time zone](security-policy-settings/change-the-time-zone.md) +##### [Create a pagefile](security-policy-settings/create-a-pagefile.md) +##### [Create a token object](security-policy-settings/create-a-token-object.md) +##### [Create global objects](security-policy-settings/create-global-objects.md) +##### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md) +##### [Create symbolic links](security-policy-settings/create-symbolic-links.md) +##### [Debug programs](security-policy-settings/debug-programs.md) +##### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md) +##### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md) +##### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md) +##### [Deny log on locally](security-policy-settings/deny-log-on-locally.md) +##### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md) +##### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md) +##### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md) +##### [Generate security audits](security-policy-settings/generate-security-audits.md) +##### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md) +##### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md) +##### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md) +##### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md) +##### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md) +##### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md) +##### [Log on as a service](security-policy-settings/log-on-as-a-service.md) +##### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md) +##### [Modify an object label](security-policy-settings/modify-an-object-label.md) +##### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md) +##### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md) +##### [Profile single process](security-policy-settings/profile-single-process.md) +##### [Profile system performance](security-policy-settings/profile-system-performance.md) +##### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md) +##### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md) +##### [Restore files and directories](security-policy-settings/restore-files-and-directories.md) +##### [Shut down the system](security-policy-settings/shut-down-the-system.md) +##### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md) +##### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md) + + +## [Windows security baselines](windows-security-baselines.md) +### [Security Compliance Toolkit](security-compliance-toolkit-10.md) +### [Get support](get-support-for-security-baselines.md) + +## [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) + +## [Change history for Threat protection](change-history-for-threat-protection.md) From c1123e5c356ca7a6c426867c3dc983ac009df88a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 21:03:11 -0700 Subject: [PATCH 08/12] fixing toc links --- .../windows-defender-atp/TOC.md | 981 +++--------------- 1 file changed, 157 insertions(+), 824 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index b25b3b1b82..ef9b665b39 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -1,867 +1,200 @@ -# [Threat protection](index.md) - - -## [The Windows Defender Security Center app](windows-defender-security-center/windows-defender-security-center.md) -### [Customize the Windows Defender Security Center app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md) -### [Hide Windows Defender Security Center app notifications](windows-defender-security-center/wdsc-hide-notifications.md) -### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md) -### [Device performance and health](windows-defender-security-center/wdsc-device-performance-health.md) -### [Firewall and network protection](windows-defender-security-center/wdsc-firewall-network-protection.md) -### [App and browser control](windows-defender-security-center/wdsc-app-browser-control.md) -### [Family options](windows-defender-security-center/wdsc-family-options.md) - - - - - - -## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) +## [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) ###Get started -#### [Minimum requirements](windows-defender-atp\minimum-requirements-windows-defender-advanced-threat-protection.md) -#### [Validate licensing and complete setup](windows-defender-atp\licensing-windows-defender-advanced-threat-protection.md) -#### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) -#### [Preview features](windows-defender-atp\preview-windows-defender-advanced-threat-protection.md) -#### [Data storage and privacy](windows-defender-atp\data-storage-privacy-windows-defender-advanced-threat-protection.md) -#### [Assign user access to the portal](windows-defender-atp\assign-portal-access-windows-defender-advanced-threat-protection.md) -### [Onboard machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) -#### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md) -##### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md) -##### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) -##### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) -###### [Onboard machines using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune) -##### [Onboard machines using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md) -##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) -#### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md) -#### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) -#### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md) -#### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md) -#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md) -#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) -### [Understand the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md) -#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md) -#### [View the Security operations dashboard](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md) -#### [View the Secure Score dashboard and improve your secure score](windows-defender-atp\secure-score-dashboard-windows-defender-advanced-threat-protection.md) -#### [View the Threat analytics dashboard and take recommended mitigation actions](windows-defender-atp\threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) +#### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) +#### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) +#### [Preview features](preview-windows-defender-advanced-threat-protection.md) +#### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) +#### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) +### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) +#### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) +###### [Onboard machines using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune) +##### [Onboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) +#### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) +#### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) +#### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) +#### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md) +#### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) +### [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) +#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) +#### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) +#### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) +#### [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) ###Investigate and remediate threats ####Alerts queue -##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md) -##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md) -##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md) -##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md) -##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md) -##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md) -##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md) -##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md) +##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) +##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) +##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) +##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) +##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) +##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) +##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) +##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) ####Machines list -##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md) -##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) -##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) -##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) -###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) -###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) -###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) -###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) +##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) +##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) +##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) +###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) +###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) +###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) +###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) -#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md) -##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md) -###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) -###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) -###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) -###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) -###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) -###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) -###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md) -###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) -###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) -###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) -###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) -###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) -####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) -####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) -####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) +#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) +##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) +###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) +###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) +###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) +###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) +###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) +###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) +###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) +###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) +###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) +###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) +###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) +###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +####### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) +####### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) +####### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) -#### [Use Automated investigation to investigate and remediate threats](windows-defender-atp\automated-investigations-windows-defender-advanced-threat-protection.md) -#### [Query data using Advanced hunting](windows-defender-atp\advanced-hunting-windows-defender-advanced-threat-protection.md) -##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md) -##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) +#### [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md) +#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) +##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) +##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) ###API and SIEM support -#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) -##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md) -##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md) -##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md) -##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md) -##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md) +#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) +##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) +##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) -#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) -##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) -##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) -##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) -#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) +#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) +##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) ######Actor -####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md) -####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md) +####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) ######Alerts -####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md) -####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) +####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md) +####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) +####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) +####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) ######Domain -####### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) +####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) +####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) ######File -####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) -####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md) -####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md) -####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md) -####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md) +####### [Block file API](block-file-windows-defender-advanced-threat-protection.md) +####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md) +####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md) +####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md) +####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md) ######IP -####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md) -####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md) +####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md) +####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md) ######Machines -####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md) -####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md) -####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md) -####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md) -####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md) -####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md) -####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) -####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) +####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md) +####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) +####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) +####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) +####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) +####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md) +####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) +####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md) +####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md) +####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) +####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md) +####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md) +####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md) +####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) +####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md) +####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) +####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) +####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) ######User -####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md) -####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) +####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) +####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) +####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) +####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) ###Reporting -#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) +#### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) ###Check service health and sensor state -#### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md) -##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) -##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) -##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) -#### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md) -### [Configure Windows Defender ATP Settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md) +#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) +##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) +##### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) +##### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) +#### [Check service health](service-status-windows-defender-advanced-threat-protection.md) +### [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md) ####General -##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md) -##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md) -##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md) -##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md) -##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md) -##### [Protect data with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md) +##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md) +##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) +##### [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md) +##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) +##### [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md) ####Permissions -##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md) -##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md) +##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) +##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) ####APIs -##### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md) +##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) ####Rules -##### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md) -##### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) -##### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) -##### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) +##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md) +##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) +##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) ####Machine management -##### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md) -##### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md) +##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md) +##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md) -### [Configure Windows Defender ATP time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md) +### [Configure Windows Defender ATP time zone settings](time-settings-windows-defender-advanced-threat-protection.md) -### [Access the Windows Defender ATP Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md) -### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md) -#### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md) -### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md) - -## [Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md) -### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md) - -### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md) - -### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md) -#### [Use limited periodic scanning in Windows Defender AV](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md) - - -### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md) - - -### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md) -#### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md) -##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md) -#### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md) -##### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md) -#### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md) -##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md) -##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md) -##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md) -##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md) -##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md) - - -### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md) -#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md) -##### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md) -##### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md) -##### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md) -##### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md) -#### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md) -##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md) -#### [Configure end-user interaction with Windows Defender AV](windows-defender-antivirus\configure-end-user-interaction-windows-defender-antivirus.md) -##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md) -##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md) -##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md) - - -### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md) -#### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md) -##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md) -##### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md) -##### [Configure exclusions in Windows Defender AV on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md) -#### [Configure scanning options in Windows Defender AV](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md) -#### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md) -#### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md) -#### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md) -#### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md) -#### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md) -#### [Restore quarantined files in Windows Defender AV](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md) - - -### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md) - - - -### [Manage Windows Defender AV in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md) -#### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md) -#### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md) -#### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md) -#### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md) -#### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md) - - - -## [Windows Defender Exploit Guard](windows-defender-exploit-guard\windows-defender-exploit-guard.md) -### [Evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\evaluate-windows-defender-exploit-guard.md) -#### [Use auditing mode to evaluate Windows Defender Exploit Guard](windows-defender-exploit-guard\audit-windows-defender-exploit-guard.md) -#### [View Exploit Guard events](windows-defender-exploit-guard\event-views-exploit-guard.md) - -### [Exploit protection](windows-defender-exploit-guard\exploit-protection-exploit-guard.md) -#### [Comparison with Enhanced Mitigation Experience Toolkit](windows-defender-exploit-guard\emet-exploit-protection-exploit-guard.md) -#### [Evaluate Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md) -#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md) -#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md) -##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md) -### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md) -#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md) -#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md) -#### [Customize Attack surface reduction](windows-defender-exploit-guard\customize-attack-surface-reduction.md) -#### [Troubleshoot Attack surface reduction rules](windows-defender-exploit-guard\troubleshoot-asr.md) -### [Network Protection](windows-defender-exploit-guard\network-protection-exploit-guard.md) -#### [Evaluate Network Protection](windows-defender-exploit-guard\evaluate-network-protection.md) -#### [Enable Network Protection](windows-defender-exploit-guard\enable-network-protection.md) -#### [Troubleshoot Network protection](windows-defender-exploit-guard\troubleshoot-np.md) -### [Controlled folder access](windows-defender-exploit-guard\controlled-folders-exploit-guard.md) -#### [Evaluate Controlled folder access](windows-defender-exploit-guard\evaluate-controlled-folder-access.md) -#### [Enable Controlled folder access](windows-defender-exploit-guard\enable-controlled-folders-exploit-guard.md) -#### [Customize Controlled folder access](windows-defender-exploit-guard\customize-controlled-folders-exploit-guard.md) - - -## [Windows Defender Application Control](windows-defender-application-control/windows-defender-application-control.md) - -## [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md) - -## [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - -## [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) -### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md) -### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md) - -##[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md) -###[System requirements for Windows Defender Application Guard](windows-defender-application-guard/reqs-wd-app-guard.md) -###[Prepare and install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) -###[Configure the Group Policy settings for Windows Defender Application Guard](windows-defender-application-guard/configure-wd-app-guard.md) -###[Testing scenarios using Windows Defender Application Guard in your business or organization](windows-defender-application-guard/test-scenarios-wd-app-guard.md) -###[Frequently Asked Questions - Windows Defender Application Guard](windows-defender-application-guard/faq-wd-app-guard.md) - -## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) - -## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) - -## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-intrusion-detection.md) - -## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) - -## [Security auditing](auditing/security-auditing-overview.md) -### [Basic security audit policies](auditing/basic-security-audit-policies.md) -#### [Create a basic audit policy for an event category](auditing/create-a-basic-audit-policy-settings-for-an-event-category.md) -#### [Apply a basic audit policy on a file or folder](auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md) -#### [View the security event log](auditing/view-the-security-event-log.md) -#### [Basic security audit policy settings](auditing/basic-security-audit-policy-settings.md) -##### [Audit account logon events](auditing/basic-audit-account-logon-events.md) -##### [Audit account management](auditing/basic-audit-account-management.md) -##### [Audit directory service access](auditing/basic-audit-directory-service-access.md) -##### [Audit logon events](auditing/basic-audit-logon-events.md) -##### [Audit object access](auditing/basic-audit-object-access.md) -##### [Audit policy change](auditing/basic-audit-policy-change.md) -##### [Audit privilege use](auditing/basic-audit-privilege-use.md) -##### [Audit process tracking](auditing/basic-audit-process-tracking.md) -##### [Audit system events](auditing/basic-audit-system-events.md) -### [Advanced security audit policies](auditing/advanced-security-auditing.md) -#### [Planning and deploying advanced security audit policies](auditing/planning-and-deploying-advanced-security-audit-policies.md) -#### [Advanced security auditing FAQ](auditing/advanced-security-auditing-faq.md) -##### [Which editions of Windows support advanced audit policy configuration](auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md) -#### [Using advanced security auditing options to monitor dynamic access control objects](auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md) -##### [Monitor the central access policies that apply on a file server](auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md) -##### [Monitor the use of removable storage devices](auditing/monitor-the-use-of-removable-storage-devices.md) -##### [Monitor resource attribute definitions](auditing/monitor-resource-attribute-definitions.md) -##### [Monitor central access policy and rule definitions](auditing/monitor-central-access-policy-and-rule-definitions.md) -##### [Monitor user and device claims during sign-in](auditing/monitor-user-and-device-claims-during-sign-in.md) -##### [Monitor the resource attributes on files and folders](auditing/monitor-the-resource-attributes-on-files-and-folders.md) -##### [Monitor the central access policies associated with files and folders](auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md) -##### [Monitor claim types](auditing/monitor-claim-types.md) -#### [Advanced security audit policy settings](auditing/advanced-security-audit-policy-settings.md) -##### [Audit Credential Validation](auditing/audit-credential-validation.md) -###### [Event 4774 S, F: An account was mapped for logon.](auditing/event-4774.md) -###### [Event 4775 F: An account could not be mapped for logon.](auditing/event-4775.md) -###### [Event 4776 S, F: The computer attempted to validate the credentials for an account.](auditing/event-4776.md) -###### [Event 4777 F: The domain controller failed to validate the credentials for an account.](auditing/event-4777.md) -##### [Audit Kerberos Authentication Service](auditing/audit-kerberos-authentication-service.md) -###### [Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested.](auditing/event-4768.md) -###### [Event 4771 F: Kerberos pre-authentication failed.](auditing/event-4771.md) -###### [Event 4772 F: A Kerberos authentication ticket request failed.](auditing/event-4772.md) -##### [Audit Kerberos Service Ticket Operations](auditing/audit-kerberos-service-ticket-operations.md) -###### [Event 4769 S, F: A Kerberos service ticket was requested.](auditing/event-4769.md) -###### [Event 4770 S: A Kerberos service ticket was renewed.](auditing/event-4770.md) -###### [Event 4773 F: A Kerberos service ticket request failed.](auditing/event-4773.md) -##### [Audit Other Account Logon Events](auditing/audit-other-account-logon-events.md) -##### [Audit Application Group Management](auditing/audit-application-group-management.md) -##### [Audit Computer Account Management](auditing/audit-computer-account-management.md) -###### [Event 4741 S: A computer account was created.](auditing/event-4741.md) -###### [Event 4742 S: A computer account was changed.](auditing/event-4742.md) -###### [Event 4743 S: A computer account was deleted.](auditing/event-4743.md) -##### [Audit Distribution Group Management](auditing/audit-distribution-group-management.md) -###### [Event 4749 S: A security-disabled global group was created.](auditing/event-4749.md) -###### [Event 4750 S: A security-disabled global group was changed.](auditing/event-4750.md) -###### [Event 4751 S: A member was added to a security-disabled global group.](auditing/event-4751.md) -###### [Event 4752 S: A member was removed from a security-disabled global group.](auditing/event-4752.md) -###### [Event 4753 S: A security-disabled global group was deleted.](auditing/event-4753.md) -##### [Audit Other Account Management Events](auditing/audit-other-account-management-events.md) -###### [Event 4782 S: The password hash an account was accessed.](auditing/event-4782.md) -###### [Event 4793 S: The Password Policy Checking API was called.](auditing/event-4793.md) -##### [Audit Security Group Management](auditing/audit-security-group-management.md) -###### [Event 4731 S: A security-enabled local group was created.](auditing/event-4731.md) -###### [Event 4732 S: A member was added to a security-enabled local group.](auditing/event-4732.md) -###### [Event 4733 S: A member was removed from a security-enabled local group.](auditing/event-4733.md) -###### [Event 4734 S: A security-enabled local group was deleted.](auditing/event-4734.md) -###### [Event 4735 S: A security-enabled local group was changed.](auditing/event-4735.md) -###### [Event 4764 S: A group’s type was changed.](auditing/event-4764.md) -###### [Event 4799 S: A security-enabled local group membership was enumerated.](auditing/event-4799.md) -##### [Audit User Account Management](auditing/audit-user-account-management.md) -###### [Event 4720 S: A user account was created.](auditing/event-4720.md) -###### [Event 4722 S: A user account was enabled.](auditing/event-4722.md) -###### [Event 4723 S, F: An attempt was made to change an account's password.](auditing/event-4723.md) -###### [Event 4724 S, F: An attempt was made to reset an account's password.](auditing/event-4724.md) -###### [Event 4725 S: A user account was disabled.](auditing/event-4725.md) -###### [Event 4726 S: A user account was deleted.](auditing/event-4726.md) -###### [Event 4738 S: A user account was changed.](auditing/event-4738.md) -###### [Event 4740 S: A user account was locked out.](auditing/event-4740.md) -###### [Event 4765 S: SID History was added to an account.](auditing/event-4765.md) -###### [Event 4766 F: An attempt to add SID History to an account failed.](auditing/event-4766.md) -###### [Event 4767 S: A user account was unlocked.](auditing/event-4767.md) -###### [Event 4780 S: The ACL was set on accounts which are members of administrators groups.](auditing/event-4780.md) -###### [Event 4781 S: The name of an account was changed.](auditing/event-4781.md) -###### [Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password.](auditing/event-4794.md) -###### [Event 4798 S: A user's local group membership was enumerated.](auditing/event-4798.md) -###### [Event 5376 S: Credential Manager credentials were backed up.](auditing/event-5376.md) -###### [Event 5377 S: Credential Manager credentials were restored from a backup.](auditing/event-5377.md) -##### [Audit DPAPI Activity](auditing/audit-dpapi-activity.md) -###### [Event 4692 S, F: Backup of data protection master key was attempted.](auditing/event-4692.md) -###### [Event 4693 S, F: Recovery of data protection master key was attempted.](auditing/event-4693.md) -###### [Event 4694 S, F: Protection of auditable protected data was attempted.](auditing/event-4694.md) -###### [Event 4695 S, F: Unprotection of auditable protected data was attempted.](auditing/event-4695.md) -##### [Audit PNP Activity](auditing/audit-pnp-activity.md) -###### [Event 6416 S: A new external device was recognized by the System.](auditing/event-6416.md) -###### [Event 6419 S: A request was made to disable a device.](auditing/event-6419.md) -###### [Event 6420 S: A device was disabled.](auditing/event-6420.md) -###### [Event 6421 S: A request was made to enable a device.](auditing/event-6421.md) -###### [Event 6422 S: A device was enabled.](auditing/event-6422.md) -###### [Event 6423 S: The installation of this device is forbidden by system policy.](auditing/event-6423.md) -###### [Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy.](auditing/event-6424.md) -##### [Audit Process Creation](auditing/audit-process-creation.md) -###### [Event 4688 S: A new process has been created.](auditing/event-4688.md) -###### [Event 4696 S: A primary token was assigned to process.](auditing/event-4696.md) -##### [Audit Process Termination](auditing/audit-process-termination.md) -###### [Event 4689 S: A process has exited.](auditing/event-4689.md) -##### [Audit RPC Events](auditing/audit-rpc-events.md) -###### [Event 5712 S: A Remote Procedure Call, RPC, was attempted.](auditing/event-5712.md) -##### [Audit Detailed Directory Service Replication](auditing/audit-detailed-directory-service-replication.md) -###### [Event 4928 S, F: An Active Directory replica source naming context was established.](auditing/event-4928.md) -###### [Event 4929 S, F: An Active Directory replica source naming context was removed.](auditing/event-4929.md) -###### [Event 4930 S, F: An Active Directory replica source naming context was modified.](auditing/event-4930.md) -###### [Event 4931 S, F: An Active Directory replica destination naming context was modified.](auditing/event-4931.md) -###### [Event 4934 S: Attributes of an Active Directory object were replicated.](auditing/event-4934.md) -###### [Event 4935 F: Replication failure begins.](auditing/event-4935.md) -###### [Event 4936 S: Replication failure ends.](auditing/event-4936.md) -###### [Event 4937 S: A lingering object was removed from a replica.](auditing/event-4937.md) -##### [Audit Directory Service Access](auditing/audit-directory-service-access.md) -###### [Event 4662 S, F: An operation was performed on an object.](auditing/event-4662.md) -###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md) -##### [Audit Directory Service Changes](auditing/audit-directory-service-changes.md) -###### [Event 5136 S: A directory service object was modified.](auditing/event-5136.md) -###### [Event 5137 S: A directory service object was created.](auditing/event-5137.md) -###### [Event 5138 S: A directory service object was undeleted.](auditing/event-5138.md) -###### [Event 5139 S: A directory service object was moved.](auditing/event-5139.md) -###### [Event 5141 S: A directory service object was deleted.](auditing/event-5141.md) -##### [Audit Directory Service Replication](auditing/audit-directory-service-replication.md) -###### [Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun.](auditing/event-4932.md) -###### [Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended.](auditing/event-4933.md) -##### [Audit Account Lockout](auditing/audit-account-lockout.md) -###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md) -##### [Audit User/Device Claims](auditing/audit-user-device-claims.md) -###### [Event 4626 S: User/Device claims information.](auditing/event-4626.md) -##### [Audit Group Membership](auditing/audit-group-membership.md) -###### [Event 4627 S: Group membership information.](auditing/event-4627.md) -##### [Audit IPsec Extended Mode](auditing/audit-ipsec-extended-mode.md) -##### [Audit IPsec Main Mode](auditing/audit-ipsec-main-mode.md) -##### [Audit IPsec Quick Mode](auditing/audit-ipsec-quick-mode.md) -##### [Audit Logoff](auditing/audit-logoff.md) -###### [Event 4634 S: An account was logged off.](auditing/event-4634.md) -###### [Event 4647 S: User initiated logoff.](auditing/event-4647.md) -##### [Audit Logon](auditing/audit-logon.md) -###### [Event 4624 S: An account was successfully logged on.](auditing/event-4624.md) -###### [Event 4625 F: An account failed to log on.](auditing/event-4625.md) -###### [Event 4648 S: A logon was attempted using explicit credentials.](auditing/event-4648.md) -###### [Event 4675 S: SIDs were filtered.](auditing/event-4675.md) -##### [Audit Network Policy Server](auditing/audit-network-policy-server.md) -##### [Audit Other Logon/Logoff Events](auditing/audit-other-logonlogoff-events.md) -###### [Event 4649 S: A replay attack was detected.](auditing/event-4649.md) -###### [Event 4778 S: A session was reconnected to a Window Station.](auditing/event-4778.md) -###### [Event 4779 S: A session was disconnected from a Window Station.](auditing/event-4779.md) -###### [Event 4800 S: The workstation was locked.](auditing/event-4800.md) -###### [Event 4801 S: The workstation was unlocked.](auditing/event-4801.md) -###### [Event 4802 S: The screen saver was invoked.](auditing/event-4802.md) -###### [Event 4803 S: The screen saver was dismissed.](auditing/event-4803.md) -###### [Event 5378 F: The requested credentials delegation was disallowed by policy.](auditing/event-5378.md) -###### [Event 5632 S, F: A request was made to authenticate to a wireless network.](auditing/event-5632.md) -###### [Event 5633 S, F: A request was made to authenticate to a wired network.](auditing/event-5633.md) -##### [Audit Special Logon](auditing/audit-special-logon.md) -###### [Event 4964 S: Special groups have been assigned to a new logon.](auditing/event-4964.md) -###### [Event 4672 S: Special privileges assigned to new logon.](auditing/event-4672.md) -##### [Audit Application Generated](auditing/audit-application-generated.md) -##### [Audit Certification Services](auditing/audit-certification-services.md) -##### [Audit Detailed File Share](auditing/audit-detailed-file-share.md) -###### [Event 5145 S, F: A network share object was checked to see whether client can be granted desired access.](auditing/event-5145.md) -##### [Audit File Share](auditing/audit-file-share.md) -###### [Event 5140 S, F: A network share object was accessed.](auditing/event-5140.md) -###### [Event 5142 S: A network share object was added.](auditing/event-5142.md) -###### [Event 5143 S: A network share object was modified.](auditing/event-5143.md) -###### [Event 5144 S: A network share object was deleted.](auditing/event-5144.md) -###### [Event 5168 F: SPN check for SMB/SMB2 failed.](auditing/event-5168.md) -##### [Audit File System](auditing/audit-file-system.md) -###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) -###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) -###### [Event 4660 S: An object was deleted.](auditing/event-4660.md) -###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) -###### [Event 4664 S: An attempt was made to create a hard link.](auditing/event-4664.md) -###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -###### [Event 5051: A file was virtualized.](auditing/event-5051.md) -###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -##### [Audit Filtering Platform Connection](auditing/audit-filtering-platform-connection.md) -###### [Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network.](auditing/event-5031.md) -###### [Event 5150: The Windows Filtering Platform blocked a packet.](auditing/event-5150.md) -###### [Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5151.md) -###### [Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.](auditing/event-5154.md) -###### [Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.](auditing/event-5155.md) -###### [Event 5156 S: The Windows Filtering Platform has permitted a connection.](auditing/event-5156.md) -###### [Event 5157 F: The Windows Filtering Platform has blocked a connection.](auditing/event-5157.md) -###### [Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port.](auditing/event-5158.md) -###### [Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port.](auditing/event-5159.md) -##### [Audit Filtering Platform Packet Drop](auditing/audit-filtering-platform-packet-drop.md) -###### [Event 5152 F: The Windows Filtering Platform blocked a packet.](auditing/event-5152.md) -###### [Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet.](auditing/event-5153.md) -##### [Audit Handle Manipulation](auditing/audit-handle-manipulation.md) -###### [Event 4690 S: An attempt was made to duplicate a handle to an object.](auditing/event-4690.md) -##### [Audit Kernel Object](auditing/audit-kernel-object.md) -###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) -###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) -###### [Event 4660 S: An object was deleted.](auditing/event-4660.md) -###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) -##### [Audit Other Object Access Events](auditing/audit-other-object-access-events.md) -###### [Event 4671: An application attempted to access a blocked ordinal through the TBS.](auditing/event-4671.md) -###### [Event 4691 S: Indirect access to an object was requested.](auditing/event-4691.md) -###### [Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.](auditing/event-5148.md) -###### [Event 5149 F: The DoS attack has subsided and normal processing is being resumed.](auditing/event-5149.md) -###### [Event 4698 S: A scheduled task was created.](auditing/event-4698.md) -###### [Event 4699 S: A scheduled task was deleted.](auditing/event-4699.md) -###### [Event 4700 S: A scheduled task was enabled.](auditing/event-4700.md) -###### [Event 4701 S: A scheduled task was disabled.](auditing/event-4701.md) -###### [Event 4702 S: A scheduled task was updated.](auditing/event-4702.md) -###### [Event 5888 S: An object in the COM+ Catalog was modified.](auditing/event-5888.md) -###### [Event 5889 S: An object was deleted from the COM+ Catalog.](auditing/event-5889.md) -###### [Event 5890 S: An object was added to the COM+ Catalog.](auditing/event-5890.md) -##### [Audit Registry](auditing/audit-registry.md) -###### [Event 4663 S: An attempt was made to access an object.](auditing/event-4663.md) -###### [Event 4656 S, F: A handle to an object was requested.](auditing/event-4656.md) -###### [Event 4658 S: The handle to an object was closed.](auditing/event-4658.md) -###### [Event 4660 S: An object was deleted.](auditing/event-4660.md) -###### [Event 4657 S: A registry value was modified.](auditing/event-4657.md) -###### [Event 5039: A registry key was virtualized.](auditing/event-5039.md) -###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -##### [Audit Removable Storage](auditing/audit-removable-storage.md) -##### [Audit SAM](auditing/audit-sam.md) -###### [Event 4661 S, F: A handle to an object was requested.](auditing/event-4661.md) -##### [Audit Central Access Policy Staging](auditing/audit-central-access-policy-staging.md) -###### [Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.](auditing/event-4818.md) -##### [Audit Audit Policy Change](auditing/audit-audit-policy-change.md) -###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -###### [Event 4715 S: The audit policy, SACL, on an object was changed.](auditing/event-4715.md) -###### [Event 4719 S: System audit policy was changed.](auditing/event-4719.md) -###### [Event 4817 S: Auditing settings on object were changed.](auditing/event-4817.md) -###### [Event 4902 S: The Per-user audit policy table was created.](auditing/event-4902.md) -###### [Event 4906 S: The CrashOnAuditFail value has changed.](auditing/event-4906.md) -###### [Event 4907 S: Auditing settings on object were changed.](auditing/event-4907.md) -###### [Event 4908 S: Special Groups Logon table modified.](auditing/event-4908.md) -###### [Event 4912 S: Per User Audit Policy was changed.](auditing/event-4912.md) -###### [Event 4904 S: An attempt was made to register a security event source.](auditing/event-4904.md) -###### [Event 4905 S: An attempt was made to unregister a security event source.](auditing/event-4905.md) -##### [Audit Authentication Policy Change](auditing/audit-authentication-policy-change.md) -###### [Event 4706 S: A new trust was created to a domain.](auditing/event-4706.md) -###### [Event 4707 S: A trust to a domain was removed.](auditing/event-4707.md) -###### [Event 4716 S: Trusted domain information was modified.](auditing/event-4716.md) -###### [Event 4713 S: Kerberos policy was changed.](auditing/event-4713.md) -###### [Event 4717 S: System security access was granted to an account.](auditing/event-4717.md) -###### [Event 4718 S: System security access was removed from an account.](auditing/event-4718.md) -###### [Event 4739 S: Domain Policy was changed.](auditing/event-4739.md) -###### [Event 4864 S: A namespace collision was detected.](auditing/event-4864.md) -###### [Event 4865 S: A trusted forest information entry was added.](auditing/event-4865.md) -###### [Event 4866 S: A trusted forest information entry was removed.](auditing/event-4866.md) -###### [Event 4867 S: A trusted forest information entry was modified.](auditing/event-4867.md) -##### [Audit Authorization Policy Change](auditing/audit-authorization-policy-change.md) -###### [Event 4703 S: A user right was adjusted.](auditing/event-4703.md) -###### [Event 4704 S: A user right was assigned.](auditing/event-4704.md) -###### [Event 4705 S: A user right was removed.](auditing/event-4705.md) -###### [Event 4670 S: Permissions on an object were changed.](auditing/event-4670.md) -###### [Event 4911 S: Resource attributes of the object were changed.](auditing/event-4911.md) -###### [Event 4913 S: Central Access Policy on the object was changed.](auditing/event-4913.md) -##### [Audit Filtering Platform Policy Change](auditing/audit-filtering-platform-policy-change.md) -##### [Audit MPSSVC Rule-Level Policy Change](auditing/audit-mpssvc-rule-level-policy-change.md) -###### [Event 4944 S: The following policy was active when the Windows Firewall started.](auditing/event-4944.md) -###### [Event 4945 S: A rule was listed when the Windows Firewall started.](auditing/event-4945.md) -###### [Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added.](auditing/event-4946.md) -###### [Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified.](auditing/event-4947.md) -###### [Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted.](auditing/event-4948.md) -###### [Event 4949 S: Windows Firewall settings were restored to the default values.](auditing/event-4949.md) -###### [Event 4950 S: A Windows Firewall setting has changed.](auditing/event-4950.md) -###### [Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall.](auditing/event-4951.md) -###### [Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.](auditing/event-4952.md) -###### [Event 4953 F: Windows Firewall ignored a rule because it could not be parsed.](auditing/event-4953.md) -###### [Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied.](auditing/event-4954.md) -###### [Event 4956 S: Windows Firewall has changed the active profile.](auditing/event-4956.md) -###### [Event 4957 F: Windows Firewall did not apply the following rule.](auditing/event-4957.md) -###### [Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.](auditing/event-4958.md) -##### [Audit Other Policy Change Events](auditing/audit-other-policy-change-events.md) -###### [Event 4714 S: Encrypted data recovery policy was changed.](auditing/event-4714.md) -###### [Event 4819 S: Central Access Policies on the machine have been changed.](auditing/event-4819.md) -###### [Event 4826 S: Boot Configuration Data loaded.](auditing/event-4826.md) -###### [Event 4909: The local policy settings for the TBS were changed.](auditing/event-4909.md) -###### [Event 4910: The group policy settings for the TBS were changed.](auditing/event-4910.md) -###### [Event 5063 S, F: A cryptographic provider operation was attempted.](auditing/event-5063.md) -###### [Event 5064 S, F: A cryptographic context operation was attempted.](auditing/event-5064.md) -###### [Event 5065 S, F: A cryptographic context modification was attempted.](auditing/event-5065.md) -###### [Event 5066 S, F: A cryptographic function operation was attempted.](auditing/event-5066.md) -###### [Event 5067 S, F: A cryptographic function modification was attempted.](auditing/event-5067.md) -###### [Event 5068 S, F: A cryptographic function provider operation was attempted.](auditing/event-5068.md) -###### [Event 5069 S, F: A cryptographic function property operation was attempted.](auditing/event-5069.md) -###### [Event 5070 S, F: A cryptographic function property modification was attempted.](auditing/event-5070.md) -###### [Event 5447 S: A Windows Filtering Platform filter has been changed.](auditing/event-5447.md) -###### [Event 6144 S: Security policy in the group policy objects has been applied successfully.](auditing/event-6144.md) -###### [Event 6145 F: One or more errors occurred while processing security policy in the group policy objects.](auditing/event-6145.md) -##### [Audit Sensitive Privilege Use](auditing/audit-sensitive-privilege-use.md) -###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md) -###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md) -###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -##### [Audit Non Sensitive Privilege Use](auditing/audit-non-sensitive-privilege-use.md) -###### [Event 4673 S, F: A privileged service was called.](auditing/event-4673.md) -###### [Event 4674 S, F: An operation was attempted on a privileged object.](auditing/event-4674.md) -###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -##### [Audit Other Privilege Use Events](auditing/audit-other-privilege-use-events.md) -###### [Event 4985 S: The state of a transaction has changed.](auditing/event-4985.md) -##### [Audit IPsec Driver](auditing/audit-ipsec-driver.md) -##### [Audit Other System Events](auditing/audit-other-system-events.md) -###### [Event 5024 S: The Windows Firewall Service has started successfully.](auditing/event-5024.md) -###### [Event 5025 S: The Windows Firewall Service has been stopped.](auditing/event-5025.md) -###### [Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.](auditing/event-5027.md) -###### [Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.](auditing/event-5028.md) -###### [Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.](auditing/event-5029.md) -###### [Event 5030 F: The Windows Firewall Service failed to start.](auditing/event-5030.md) -###### [Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.](auditing/event-5032.md) -###### [Event 5033 S: The Windows Firewall Driver has started successfully.](auditing/event-5033.md) -###### [Event 5034 S: The Windows Firewall Driver was stopped.](auditing/event-5034.md) -###### [Event 5035 F: The Windows Firewall Driver failed to start.](auditing/event-5035.md) -###### [Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating.](auditing/event-5037.md) -###### [Event 5058 S, F: Key file operation.](auditing/event-5058.md) -###### [Event 5059 S, F: Key migration operation.](auditing/event-5059.md) -###### [Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content.](auditing/event-6400.md) -###### [Event 6401: BranchCache: Received invalid data from a peer. Data discarded.](auditing/event-6401.md) -###### [Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted.](auditing/event-6402.md) -###### [Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client.](auditing/event-6403.md) -###### [Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.](auditing/event-6404.md) -###### [Event 6405: BranchCache: %2 instances of event id %1 occurred.](auditing/event-6405.md) -###### [Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2.](auditing/event-6406.md) -###### [Event 6407: 1%.](auditing/event-6407.md) -###### [Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.](auditing/event-6408.md) -###### [Event 6409: BranchCache: A service connection point object could not be parsed.](auditing/event-6409.md) -##### [Audit Security State Change](auditing/audit-security-state-change.md) -###### [Event 4608 S: Windows is starting up.](auditing/event-4608.md) -###### [Event 4616 S: The system time was changed.](auditing/event-4616.md) -###### [Event 4621 S: Administrator recovered system from CrashOnAuditFail.](auditing/event-4621.md) -##### [Audit Security System Extension](auditing/audit-security-system-extension.md) -###### [Event 4610 S: An authentication package has been loaded by the Local Security Authority.](auditing/event-4610.md) -###### [Event 4611 S: A trusted logon process has been registered with the Local Security Authority.](auditing/event-4611.md) -###### [Event 4614 S: A notification package has been loaded by the Security Account Manager.](auditing/event-4614.md) -###### [Event 4622 S: A security package has been loaded by the Local Security Authority.](auditing/event-4622.md) -###### [Event 4697 S: A service was installed in the system.](auditing/event-4697.md) -##### [Audit System Integrity](auditing/audit-system-integrity.md) -###### [Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.](auditing/event-4612.md) -###### [Event 4615 S: Invalid use of LPC port.](auditing/event-4615.md) -###### [Event 4618 S: A monitored security event pattern has occurred.](auditing/event-4618.md) -###### [Event 4816 S: RPC detected an integrity violation while decrypting an incoming message.](auditing/event-4816.md) -###### [Event 5038 F: Code integrity determined that the image hash of a file is not valid.](auditing/event-5038.md) -###### [Event 5056 S: A cryptographic self-test was performed.](auditing/event-5056.md) -###### [Event 5062 S: A kernel-mode cryptographic self-test was performed.](auditing/event-5062.md) -###### [Event 5057 F: A cryptographic primitive operation failed.](auditing/event-5057.md) -###### [Event 5060 F: Verification operation failed.](auditing/event-5060.md) -###### [Event 5061 S, F: Cryptographic operation.](auditing/event-5061.md) -###### [Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid.](auditing/event-6281.md) -###### [Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process.](auditing/event-6410.md) -##### [Other Events](auditing/other-events.md) -###### [Event 1100 S: The event logging service has shut down.](auditing/event-1100.md) -###### [Event 1102 S: The audit log was cleared.](auditing/event-1102.md) -###### [Event 1104 S: The security log is now full.](auditing/event-1104.md) -###### [Event 1105 S: Event log automatic backup.](auditing/event-1105.md) -###### [Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1.](auditing/event-1108.md) -##### [Appendix A: Security monitoring recommendations for many audit events](auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md) -##### [Registry (Global Object Access Auditing) ](auditing/registry-global-object-access-auditing.md) -##### [File System (Global Object Access Auditing) ](auditing/file-system-global-object-access-auditing.md) - -## [Security policy settings](security-policy-settings/security-policy-settings.md) -### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md) -#### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md) -### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md) -### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md) -#### [Account Policies](security-policy-settings/account-policies.md) -##### [Password Policy](security-policy-settings/password-policy.md) -###### [Enforce password history](security-policy-settings/enforce-password-history.md) -###### [Maximum password age](security-policy-settings/maximum-password-age.md) -###### [Minimum password age](security-policy-settings/minimum-password-age.md) -###### [Minimum password length](security-policy-settings/minimum-password-length.md) -###### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md) -###### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md) -##### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md) -###### [Account lockout duration](security-policy-settings/account-lockout-duration.md) -###### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md) -###### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md) -##### [Kerberos Policy](security-policy-settings/kerberos-policy.md) -###### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md) -###### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md) -###### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md) -###### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md) -###### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md) -#### [Audit Policy](security-policy-settings/audit-policy.md) -#### [Security Options](security-policy-settings/security-options.md) -##### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md) -##### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md) -##### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md) -##### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md) -##### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md) -##### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md) -##### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md) -##### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md) -##### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md) -##### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md) -##### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md) -##### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md) -##### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md) -##### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md) -##### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md) -##### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md) -##### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md) -##### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md) -##### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md) -##### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md) -##### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md) -##### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md) -##### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md) -##### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md) -##### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md) -##### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md) -##### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md) -##### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md) -##### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md) -##### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md) -##### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md) -##### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md) -##### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md) -##### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md) -##### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md) -##### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md) -##### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) -##### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md) -##### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md) -##### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md) -##### [Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/microsoft-network-client-digitally-sign-communications-if-server-agrees.md) -##### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md) -##### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md) -##### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md) -##### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md) -##### [Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/microsoft-network-server-digitally-sign-communications-if-client-agrees.md) -##### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md) -##### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md) -##### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md) -##### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md) -##### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md) -##### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md) -##### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md) -##### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md) -##### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md) -##### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md) -##### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md) -##### [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) -##### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md) -##### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md) -##### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md) -##### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md) -##### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md) -##### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md) -##### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md) -##### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md) -##### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md) -##### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md) -##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md) -##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md) -##### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md) -##### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md) -##### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md) -##### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md) -##### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md) -##### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md) -##### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md) -##### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md) -##### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md) -##### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md) -##### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md) -##### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md) -##### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md) -##### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md) -##### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md) -##### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md) -##### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md) -##### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md) -##### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md) -##### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md) -##### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md) -##### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md) -##### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md) -##### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md) -##### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md) -##### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md) -##### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md) -#### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md) -#### [User Rights Assignment](security-policy-settings/user-rights-assignment.md) -##### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md) -##### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md) -##### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md) -##### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md) -##### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md) -##### [Allow log on locally](security-policy-settings/allow-log-on-locally.md) -##### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md) -##### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md) -##### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md) -##### [Change the system time](security-policy-settings/change-the-system-time.md) -##### [Change the time zone](security-policy-settings/change-the-time-zone.md) -##### [Create a pagefile](security-policy-settings/create-a-pagefile.md) -##### [Create a token object](security-policy-settings/create-a-token-object.md) -##### [Create global objects](security-policy-settings/create-global-objects.md) -##### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md) -##### [Create symbolic links](security-policy-settings/create-symbolic-links.md) -##### [Debug programs](security-policy-settings/debug-programs.md) -##### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md) -##### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md) -##### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md) -##### [Deny log on locally](security-policy-settings/deny-log-on-locally.md) -##### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md) -##### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md) -##### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md) -##### [Generate security audits](security-policy-settings/generate-security-audits.md) -##### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md) -##### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md) -##### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md) -##### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md) -##### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md) -##### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md) -##### [Log on as a service](security-policy-settings/log-on-as-a-service.md) -##### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md) -##### [Modify an object label](security-policy-settings/modify-an-object-label.md) -##### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md) -##### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md) -##### [Profile single process](security-policy-settings/profile-single-process.md) -##### [Profile system performance](security-policy-settings/profile-system-performance.md) -##### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md) -##### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md) -##### [Restore files and directories](security-policy-settings/restore-files-and-directories.md) -##### [Shut down the system](security-policy-settings/shut-down-the-system.md) -##### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md) -##### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md) - - -## [Windows security baselines](windows-security-baselines.md) -### [Security Compliance Toolkit](security-compliance-toolkit-10.md) -### [Get support](get-support-for-security-baselines.md) - -## [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) - -## [Change history for Threat protection](change-history-for-threat-protection.md) +### [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) +### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) +#### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) +### [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) From 4a25a47a76f4b03c1f22a79a796a4b64c018e1a2 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 24 Apr 2018 21:29:12 -0700 Subject: [PATCH 09/12] reduced toc one level --- .../windows-defender-atp/TOC.md | 350 +++++++++--------- 1 file changed, 175 insertions(+), 175 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index ef9b665b39..c46a4ebe2d 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -1,200 +1,200 @@ -## [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) -###Get started -#### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) -#### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) -#### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) -#### [Preview features](preview-windows-defender-advanced-threat-protection.md) -#### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) -#### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) -### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) -#### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) -##### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) -##### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) -##### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) -###### [Onboard machines using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune) -##### [Onboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) -##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) -#### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) -#### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) -#### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) -#### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md) -#### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) -#### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) -### [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) -#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) -#### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) -#### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) -#### [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) +# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) +##Get started +### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) +### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) +### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) +### [Preview features](preview-windows-defender-advanced-threat-protection.md) +### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) +### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) +## [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) +### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) +#### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) +#### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) +#### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md) +##### [Onboard machines using Microsoft Intune](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-windows-10-machines-using-microsoft-intune) +#### [Onboard machines using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) +#### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) +### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) +### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) +### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) +### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md) +### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) +### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) +## [Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) +### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) +### [View the Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md) +### [View the Secure Score dashboard and improve your secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) +### [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) -###Investigate and remediate threats -####Alerts queue -##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) -##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) -##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) -##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) -##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) -##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) -##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) -##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) +##Investigate and remediate threats +###Alerts queue +#### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) +#### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) +#### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) +#### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) +#### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) +#### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) +#### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) +#### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md) -####Machines list -##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) -##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) -##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) -##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) -###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) -###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) -###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) -###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) +###Machines list +#### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md) +#### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags) +#### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine) +#### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline) +##### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events) +##### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date) +##### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events) +##### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages) -#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) -##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) -###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) -###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) -###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) -###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) -###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) -###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) -###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) -###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) -###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) -###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) -###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) -###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) -###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) -####### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) -####### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) -####### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) +### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md) +#### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) +##### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) +##### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines) +##### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution) +##### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction) +##### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) +##### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation) +##### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +#### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) +##### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) +##### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) +##### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) +##### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list) +##### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center) +##### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis) +###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports) +###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis) -#### [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md) -#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) -##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) -##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) +### [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md) +### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md) +#### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md) +#### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md) -###API and SIEM support -#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) -##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) -##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) -##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) -##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) -##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) -##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) +##API and SIEM support +### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) +#### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) +#### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +#### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +#### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +#### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md) -#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) -##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) -##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) -##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) -##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) -#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) -##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) -######Actor -####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md) -####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -######Alerts -####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md) -####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -######Domain -####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) +### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md) +#### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +#### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +#### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +#### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) +#### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) +#####Actor +###### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md) +###### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) +#####Alerts +###### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md) +###### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) +###### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) +###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) +#####Domain +###### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md) +###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) -######File -####### [Block file API](block-file-windows-defender-advanced-threat-protection.md) -####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md) -####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md) -####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md) -####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md) +#####File +###### [Block file API](block-file-windows-defender-advanced-threat-protection.md) +###### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md) +###### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md) +###### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md) +###### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md) -######IP -####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md) -####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md) -######Machines -####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md) -####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md) -####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md) -####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md) -####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md) -####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md) -####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) -####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) +#####IP +###### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md) +###### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md) +###### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md) +#####Machines +###### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md) +###### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) +###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) +###### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) +###### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) +###### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md) +###### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) +###### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md) +###### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md) +###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md) +###### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md) +###### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md) +###### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md) +###### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) +###### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md) +###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md) +###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md) +###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md) -######User -####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) -####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) +#####User +###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) +###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md) +###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md) +###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md) -###Reporting -#### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +##Reporting +### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -###Check service health and sensor state -#### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) -##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) -##### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) -##### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) -#### [Check service health](service-status-windows-defender-advanced-threat-protection.md) +##Check service health and sensor state +### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) +### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) +### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines) +### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) +### [Check service health](service-status-windows-defender-advanced-threat-protection.md) ### [Configure Windows Defender ATP Settings](preferences-setup-windows-defender-advanced-threat-protection.md) -####General -##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md) -##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) -##### [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md) -##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) -##### [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md) +###General +#### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md) +#### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) +#### [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +#### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md) +#### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) +#### [Protect data with conditional access](conditional-access-windows-defender-advanced-threat-protection.md) -####Permissions -##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) -##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) +###Permissions +#### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) +#### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) -####APIs -##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) +###APIs +#### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md) +#### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md) -####Rules -##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md) -##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) -##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) -##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) +###Rules +#### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md) +#### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md) +#### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md) +#### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md) -####Machine management -##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md) -##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md) +###Machine management +#### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md) +#### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md) -### [Configure Windows Defender ATP time zone settings](time-settings-windows-defender-advanced-threat-protection.md) +## [Configure Windows Defender ATP time zone settings](time-settings-windows-defender-advanced-threat-protection.md) -### [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) -### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) -#### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) -### [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) +## [Access the Windows Defender ATP Community Center](community-windows-defender-advanced-threat-protection.md) +## [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) +### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) +## [Windows Defender Antivirus compatibility with Windows Defender ATP](defender-compatibility-windows-defender-advanced-threat-protection.md) From 3b0df4c24cdd033a8d7b0af1d747888121ca5e2c Mon Sep 17 00:00:00 2001 From: anthonws Date: Wed, 25 Apr 2018 11:45:30 +0100 Subject: [PATCH 10/12] Update policy-csp-deliveryoptimization.md Incorrect option number when refering to DHCP option ID. "For option 4 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID." - It should state "For option *3* (...)". --- .../client-management/mdm/policy-csp-deliveryoptimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 9b31c6322f..aa3591630f 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -509,7 +509,7 @@ If you set this policy, the GroupID policy will be ignored. The options set in this policy only apply to Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. -For option 4 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. +For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. From 9bb7ce1910d1f6f950b337bce0e3edcd83d92db6 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 25 Apr 2018 14:11:34 +0000 Subject: [PATCH 11/12] Merged PR 7465: #782 remove confusing example --- .../provisioning-packages/provisioning-how-it-works.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md index 1e514987ed..02b9e7e88b 100644 --- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md +++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md @@ -53,7 +53,7 @@ When multiple provisioning packages are available for device provisioning, the c The valid value range of package rank level is 0 to 99. -When setting conflicts are encountered, the final values provisioned on the device are determined by the owner type precedence and the rank level of the packages containing the settings. For example, the value of a setting in a package with owner **System Integrator** and rank level **3** takes precedence over the same setting in a package with owner **OEM** and rank level **4**. This is because the System Integrator owner type has the higher precedence over the OEM owner type. For packages with the same owner type, the package rank level determines the package from which the setting values get provisioned on the device. +When setting conflicts are encountered, the final values provisioned on the device are determined by the owner type precedence and the rank level of the packages containing the settings. For packages with the same owner type, the package rank level determines the package from which the setting values get provisioned on the device. ## Windows provisioning XML From 19e8ed310a1f70ee5c5da1d3096c3f52ba66aff3 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 25 Apr 2018 17:12:17 +0000 Subject: [PATCH 12/12] Merged PR 7468: #783 update SQL Server Express information --- .../change-history-for-deploy-windows-10.md | 6 ++++++ .../volume-activation/install-vamt.md | 19 ++++++++----------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md index 5f48b4eb49..f189dd0f7c 100644 --- a/windows/deployment/change-history-for-deploy-windows-10.md +++ b/windows/deployment/change-history-for-deploy-windows-10.md @@ -12,6 +12,12 @@ ms.date: 11/08/2017 # Change history for Deploy Windows 10 This topic lists new and updated topics in the [Deploy Windows 10](https://docs.microsoft.com/en-us/windows/deployment) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10). +## April 2018 + +New or changed topic | Description +--- | --- +[Install VAMT](volume-activation/install-vamt.md) | Updated the instructions and link for SQL Server Express. + ## November 2017 New or changed topic | Description diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index 1fb488e7ea..a6feddf84d 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: activation author: jdeckerms ms.localizationpriority: high -ms.date: 07/27/2017 +ms.date: 04/25/2018 --- # Install VAMT @@ -19,23 +19,20 @@ This topic describes how to install the Volume Activation Management Tool (VAMT) You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10. -**Important**   -VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator.  +>[!IMPORTANT]   +>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator.  -**Note**   -The VAMT Microsoft Management Console snap-in ships as an x86 package. +>[!NOTE]   +>The VAMT Microsoft Management Console snap-in ships as an x86 package. -After you install VAMT, if you have a computer information list (CIL) that was created in a previous version of VAMT, you must import the list into a SQL database. If you do not have SQL installed, you can download a free copy of Microsoft SQL Server Express and create a new database into which you can import the CIL. To install SQL Server Express: +To install SQL Server Express: 1. Install the Windows ADK. -2. Ensure that **Volume Activation Management Tool** and **Microsoft® SQL Server® 2012 Express** are selected to be installed. +2. Ensure that **Volume Activation Management Tool** is selected to be installed. 3. Click **Install**. ## Select a Database -**Using a SQL database installed during ADK setup** -If SQL Server 2012 Express was installed during ADK setup, the default database name will be **ADK**.By default, VAMT is configure to use a SQL database that is installed on the local machine during ADK setup and displays the server name as **.\\ADK**. If the SQL database was installed on another machine, you must configure the database to allow remote connections and you must provide the corresponding server name. If a new VAMT database needs to be created, provide a name for the new database. - -**Using a SQL database installed outside of ADK setup** +VAMT requires a SQL database. After you install VAMT, if you have a computer information list (CIL) that was created in a previous version of VAMT, you must import the list into a SQL database. If you do not have SQL installed, you can [download a free copy of Microsoft SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) and create a new database into which you can import the CIL. You must configure SQL installation to allow remote connections and you must provide the corresponding server name in the format: *Machine Name\\SQL Server Name*. If a new VAMT database needs to be created, provide a name for the new database.