From c795074fc1a033d438a0467e94f052fb1be7966e Mon Sep 17 00:00:00 2001 From: Sunayana Singh <57405155+sunasing@users.noreply.github.com> Date: Sun, 31 Jan 2021 21:19:08 +0530 Subject: [PATCH 1/5] Added Conditional Access with Intune --- .../ios-configure-features.md | 47 +++++++++++-------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index d04735e349..877b61390e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -28,6 +28,33 @@ ms.technology: mde > [!NOTE] > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. +## Conditional Access with Defender for Endpoint for iOS +Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies +based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. + +For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). + +## Web Protection and VPN + +By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a VPN in order to provide this protection. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device. + +While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below: + +1. On your iOS device, open the **Settings** app, click or tap **General** and then **VPN**. +1. Click or tap the "i" button for Microsoft Defender ATP. +1. Toggle off **Connect On Demand** to disable VPN. + + > [!div class="mx-imgBorder"] + > ![VPN config connect on demand](images/ios-vpn-config.png) + +> [!NOTE] +> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**. + +## Co-existence of multiple VPN profiles + +Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time. + + ## Configure compliance policy against jailbroken devices To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune. @@ -63,26 +90,6 @@ Defender for Endpoint for iOS enables admins to configure custom indicators on i > [!NOTE] > Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains. -## Web Protection and VPN - -By default, Defender for Endpoint for iOS includes and enables the web protection feature. [Web protection](web-protection-overview.md) helps to secure devices against web threats and protect users from phishing attacks. Defender for Endpoint for iOS uses a VPN in order to provide this protection. Please note this is a local VPN and unlike traditional VPN, network traffic is not sent outside the device. - -While enabled by default, there might be some cases that require you to disable VPN. For example, you want to run some apps that do not work when a VPN is configured. In such cases, you can choose to disable VPN from the app on the device by following the steps below: - -1. On your iOS device, open the **Settings** app, click or tap **General** and then **VPN**. -1. Click or tap the "i" button for Microsoft Defender ATP. -1. Toggle off **Connect On Demand** to disable VPN. - - > [!div class="mx-imgBorder"] - > ![VPN config connect on demand](images/ios-vpn-config.png) - -> [!NOTE] -> Web Protection will not be available when VPN is disabled. To re-enable Web Protection, open the Microsoft Defender for Endpoint app on the device and click or tap **Start VPN**. - -### Co-existence of multiple VPN profiles - -Apple iOS does not support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time. - ## Report unsafe site Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page if you want to report a website that could be a phishing site. From d13ea7f085443acd43a9fa6bb706bb7612c47696 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Mon, 1 Feb 2021 10:44:16 -0800 Subject: [PATCH 2/5] Update ios-configure-features.md --- .../ios-configure-features.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 877b61390e..10354d8762 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -32,7 +32,7 @@ ms.technology: mde Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. -For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). +For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] (https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). ## Web Protection and VPN @@ -64,28 +64,28 @@ To protect corporate data from being accessed on jailbroken iOS devices, we reco Follow the steps below to create a compliance policy against jailbroken devices. -1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> click on **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**. +1. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** -> **Compliance policies** -> **Create Policy**. Select "iOS/iPadOS" as platform and click **Create**. > [!div class="mx-imgBorder"] > ![Create Policy](images/ios-jb-policy.png) -1. Specify a name of the policy, example "Compliance Policy for Jailbreak". -1. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field. +2. Specify a name of the policy, for example "Compliance Policy for Jailbreak". +3. In the compliance settings page, click to expand **Device Health** section and click **Block** for **Jailbroken devices** field. > [!div class="mx-imgBorder"] > ![Policy Settings](images/ios-jb-settings.png) -1. In the *Action for noncompliance* section, select the actions as per your requirements and click **Next**. +4. In the *Action for noncompliance* section, select the actions as per your requirements and select **Next**. > [!div class="mx-imgBorder"] > ![Policy Actions](images/ios-jb-actions.png) -1. In the *Assignments* section, select the user groups that you want to include for this policy and then click **Next**. -1. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. +5. In the *Assignments* section, select the user groups that you want to include for this policy and then select **Next**. +6. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. ## Configure custom indicators -Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. Refer to [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators) on how to configure custom indicators. +Defender for Endpoint for iOS enables admins to configure custom indicators on iOS devices as well. For more information on how to configure custom indicators, see [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators). > [!NOTE] > Defender for Endpoint for iOS supports creating custom indicators only for IP addresses and URLs/domains. From 1adb141e2b2f459d735481a7ddbf7f10311f7322 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Mon, 1 Feb 2021 11:32:08 -0800 Subject: [PATCH 3/5] pencil edit --- .../microsoft-defender-atp/ios-configure-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 10354d8762..00fc73300c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -32,7 +32,7 @@ ms.technology: mde Microsoft Defender for Endpoint for iOS along with Microsoft Intune and Azure Active Directory enables enforcing Device compliance and Conditional Access policies based on device risk levels. Defender for Endpoint is a Mobile Threat Defense (MTD) solution that you can deploy to leverage this capability via Intune. -For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune] (https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). +For more information about how to set up Conditional Access with Defender for Endpoint for iOS, see [Defender for Endpoint and Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection). ## Web Protection and VPN From 5eab1f1af72b8f6bb950f48b8d7e1acd08f53206 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 1 Feb 2021 13:08:11 -0800 Subject: [PATCH 4/5] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6c6cd0335b..4af39e6318 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -16524,6 +16524,11 @@ "source_path": "windows/security/threat-protection/microsoft-defender-antivirus/antivirus-false-positives-negatives.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives", "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr", + "redirect_document_id": false } ] } From c38a104e09a6336cc2d137b81f58016861192a53 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 1 Feb 2021 14:28:43 -0800 Subject: [PATCH 5/5] delete page --- .openpublishing.redirection.json | 5 ++ .../supported-response-apis.md | 52 ------------------- 2 files changed, 5 insertions(+), 52 deletions(-) delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6c6cd0335b..3e7809a16e 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2044,6 +2044,11 @@ "source_path": "windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis", "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list", + "redirect_document_id": false }, { "source_path": "windows/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md", diff --git a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md b/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md deleted file mode 100644 index 111a228fa4..0000000000 --- a/windows/security/threat-protection/microsoft-defender-atp/supported-response-apis.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Supported Microsoft Defender Advanced Threat Protection response APIs -description: Learn about the specific response-related Microsoft Defender Advanced Threat Protection API calls. -keywords: response apis, graph api, supported apis, actor, alerts, device, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: m365-security -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.technology: mde ---- - -# Supported Microsoft Defender for Endpoint query APIs - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - - -**Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - -> [!TIP] -> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-supported-response-apis-abovefoldlink) - -Learn about the supported response-related API calls you can run and details such as the required request headers, and expected response from the calls. - -## In this section -Topic | Description -:---|:--- -Collect investigation package | Run this API to collect an investigation package from a device. -Isolate device | Run this API to isolate a device from the network. -Unisolate device | Remove a device from isolation. -Restrict code execution | Run this API to contain an attack by stopping malicious processes. You can also lock down a device and prevent subsequent attempts of potentially malicious programs from running. -Unrestrict code execution | Run this to reverse the restriction of applications policy after you have verified that the compromised device has been remediated. -Run antivirus scan | Remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised device. -Stop and quarantine file | Run this call to stop running processes, quarantine files, and delete persistency such as registry keys. -Request sample | Run this call to request a sample of a file from a specific device. The file will be collected from the device and uploaded to a secure storage. -Block file | Run this API to prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. -Unblock file | Allow a file run in the organization using Microsoft Defender Antivirus. -Get package SAS URI | Run this API to get a URI that allows downloading an investigation package. -Get MachineAction object | Run this API to get MachineAction object. -Get MachineActions collection | Run this to get MachineAction collection. -Get FileActions collection | Run this API to get FileActions collection. -Get FileMachineAction object | Run this API to get FileMachineAction object. -Get FileMachineActions collection | Run this API to get FileMachineAction collection.