Merge pull request #4656 from MicrosoftDocs/master

Publish 02/01/2021, 3:30 PM

.openpublishing.redirection.json

@@ -2044,6 +2044,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list",
+      "redirect_document_id": false
     },
     {
       "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md",
@@ -16524,6 +16529,11 @@
       "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr",
+      "redirect_document_id": false
     }
   ]
 }

windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md

@@ -28,40 +28,11 @@ ms.technology: mde
 > [!NOTE]
 > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
 
-## Configure compliance policy against jailbroken devices
+## Conditional Access with Defender for Endpoint for iOS  
+Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies
+based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune.
 
-To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
-
-> [!NOTE]
-> At this time Microsoft Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally
-
-Follow the steps below to create a compliance policy against jailbroken devices.
-
-1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
-
-    > [!div class="mx-imgBorder"]
-    > ![Create Policy](images/ios-jb-policy.png)
-
-1. Specify a name of the policy, example "Compliance Policy for Jailbreak".
-1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
-
-    > [!div class="mx-imgBorder"]
-    > ![Policy Settings](images/ios-jb-settings.png)
-
-1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**.
-
-    > [!div class="mx-imgBorder"]
-    > ![Policy Actions](images/ios-jb-actions.png)
-
-1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**.
-1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
-
-## Configure custom indicators
-
-Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators.
-
-> [!NOTE]
-> Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains.
+For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
 
 ## Web Protection and VPN
 
@@ -79,10 +50,46 @@ While enabled by default, there might be some cases that require you to disable
 > [!NOTE]
 > Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**.
 
-### Co-existence of multiple VPN profiles
+## Co-existence of multiple VPN profiles
 
 Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
 
+
+## Configure compliance policy against jailbroken devices
+
+To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
+
+> [!NOTE]
+> At this time Microsoft Defender for Endpoint for iOS does not provide protection against jailbreak scenarios. If used on a jailbroken device, then in specific scenarios data that is used by the application like your corporate email id and corporate profile picture (if available) can be exposed locally
+
+Follow the steps below to create a compliance policy against jailbroken devices.
+
+1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**.
+
+    > [!div class="mx-imgBorder"]
+    > ![Create Policy](images/ios-jb-policy.png)
+
+2. Specify a name of the policy, for example "Compliance Policy for Jailbreak".
+3. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field.
+
+    > [!div class="mx-imgBorder"]
+    > ![Policy Settings](images/ios-jb-settings.png)
+
+4. In the *Action for noncompliance* section, select the actions as per your requirements and select **Next**.
+
+    > [!div class="mx-imgBorder"]
+    > ![Policy Actions](images/ios-jb-actions.png)
+
+5. In the *Assignments* section, select the user groups that you want to include for this policy and then select **Next**.
+6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
+
+## Configure custom indicators
+
+Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. For more information on how to configure custom indicators, see [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).
+
+> [!NOTE]
+> Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains.
+
 ## Report unsafe site
 
 Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site.

windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md

@@ -1,52 +0,0 @@
----
-title: Supported Microsoft Defender Advanced Threat Protection response APIs
-description: Learn about the specific response-related Microsoft Defender Advanced Threat Protection API calls.
-keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: m365-security
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: conceptual
-ms.technology: mde
----
-
-# Supported Microsoft Defender for Endpoint query APIs 
-
-[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
-
-
-**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
-
-> [!TIP]
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) 
-
-Learn about the supported response-related API calls you can run and details such as the required request headers, and expected response from the calls.
-
-## In this section
-Topic | Description
-:---|:---
-Collect investigation package | Run this API to collect an investigation package from a device.
-Isolate device | Run this API to isolate a device from the network.
-Unisolate device | Remove a device from isolation. 
-Restrict code execution | Run this API to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
-Unrestrict code execution | Run this to reverse the restriction of applications policy after you have verified that the compromised device has been remediated.
-Run antivirus scan | Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised device.
-Stop and quarantine file |  Run this call to stop running processes, quarantine  files, and delete persistency such as registry keys.
-Request sample | Run this call to request a sample of a file from a specific device. The file will be collected from the device and uploaded to a secure storage.
-Block file | Run this API to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. 
-Unblock file | Allow a file run in the organization using Microsoft Defender Antivirus.
-Get package SAS URI | Run this API to get a URI that allows downloading an investigation package.
-Get MachineAction object | Run this API to get MachineAction object.
-Get MachineActions collection | Run this to get MachineAction collection.
-Get FileActions collection | Run this API to get FileActions collection.
-Get FileMachineAction object | Run this API to get FileMachineAction object.
-Get FileMachineActions collection | Run this API to get FileMachineAction collection.