deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

merge from master

Browse Source
This commit is contained in:
Joey Caparas
2018-07-31 11:46:37 +03:00
parent 85e6d7b251 e798f98e36
commit 39cf4eb440
197 changed files with 3784 additions and 2582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md
View File

@ -45,7 +45,7 @@ To change to a new TPM owner password, in TPM.msc, click **Change Owner Password
## Use the TPM cmdlets
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule).
## Related topics

2
windows/security/hardware-protection/tpm/trusted-platform-module-overview.md
View File

@ -68,7 +68,7 @@ Some things that you can check on the device are:
- Is SecureBoot supported and enabled?
> [!NOTE]
> The device must be running Windows 10 and it must support at least TPM 2.0.
> The device must be running Windows 10 and it must support at least TPM 2.0 in order to utilize Device Health Attestation.
## Supported versions

6
windows/security/identity-protection/access-control/local-accounts.md
View File

@ -5,7 +5,7 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.date: 04/19/2017
ms.date: 07/30/2018
---
# Local Accounts
@ -114,11 +114,11 @@ Even when the Administrator account has been disabled, it can still be used to g
### <a href="" id="sec-guest"></a>Guest account
The Guest account (SID S-1-5-32-546) is disabled by default on installation. The Guest account lets occasional or one-time users, who do not have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account has a blank password. Because the Guest account can provide anonymous access, it is a security risk. For this reason, it is a best practice to leave the Guest account disabled, unless its use is entirely necessary.
The Guest account is disabled by default on installation. The Guest account lets occasional or one-time users, who do not have an account on the computer, temporarily sign in to the local server or client computer with limited user rights. By default, the Guest account has a blank password. Because the Guest account can provide anonymous access, it is a security risk. For this reason, it is a best practice to leave the Guest account disabled, unless its use is entirely necessary.
**Account group membership**
By default, the Guest account is the only member of the default Guests group, which lets a user sign in to a server. On occasion, an administrator who is a member of the Administrators group can set up a user with a Guest account on one or more computers.
By default, the Guest account is the only member of the default Guests group (SID S-1-5-32-546), which lets a user sign in to a server. On occasion, an administrator who is a member of the Administrators group can set up a user with a Guest account on one or more computers.
**Security considerations**

2
windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
View File

@ -60,7 +60,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o
1. Open an elevated Windows PowerShell prompt.
2. Use the following command to install the Active Directory Certificate Services role.
```PowerShell
Add-WindowsFeature Adcs-Cert-Authority -IncludeManageTools
add-windowsfeature adcs-cert-authority -IncludeManagementTools
```
3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration.

11
windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
View File

@ -58,6 +58,15 @@ When the trigger occurs, VPN tries to connect. If an error occurs or any user in
When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**.
Preserving user Always On preference
Windows has a feature to preserve a users AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
Value: AutoTriggerDisabledProfilesList
Type: REG_MULTI_SZ
## Trusted network detection
This feature configures the VPN such that it would not get triggered if a user is on a trusted corporate network. The value of this setting is a list of DNS suffices. The VPN stack will look at the DNS suffix on the physical interface and if it matches any in the configured list and the network is private or provisioned by MDM, then VPN will not get triggered.
@ -86,4 +95,4 @@ After you add an associated app, if you select the **Only these apps can use thi
- [VPN and conditional access](vpn-conditional-access.md)
- [VPN name resolution](vpn-name-resolution.md)
- [VPN security features](vpn-security-features.md)
- [VPN profile options](vpn-profile-options.md)
- [VPN profile options](vpn-profile-options.md)

6
windows/security/identity-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
View File

@ -6,8 +6,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
ms.date: 04/19/2017
author: Justinha
ms.date: 07/30/2018
---
# Configure the Workstation Authentication Certificate Template
@ -36,7 +36,7 @@ To complete these procedures, you must be a member of both the Domain Admins gro
6. Click the **Subject Name** tab. Make sure that **Build from this Active Directory information** is selected. In **Subject name format**, select **Fully distinguished name**.
7. Click the **Request Handling** tab. You must determine the best minimum key size for your environment. Large key sizes provide better security, but they can affect server performance. We recommended that you use the default setting of 2048.
7. Click the **Cryptography** tab. You must determine the best minimum key size for your environment. Large key sizes provide better security, but they can affect server performance. We recommended that you use the default setting of 2048.
8. Click the **Security** tab. In **Group or user names**, click **Domain Computers**, under **Allow**, select **Enroll** and **Autoenroll**, and then click **OK**.

14
windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: brianlic-msft
ms.date: 07/18/2018
ms.date: 07/27/2018
---
# BitLocker Management for Enterprises
@ -21,19 +21,11 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu
Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx).
Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. When moving to cloud-based management, following these steps could be helpful:
1. Disable MBAM management and leave MBAM as only a database backup for the recovery key.
2. Join the computers to Azure Active Directory (Azure AD).
3. Use `Manage-bde -protectors -aadbackup` to backup the recovery key to Azure AD.
BitLocker recovery keys can be managed from Azure AD thereafter. The MBAM database does not need to be migrated.
Enterprises that choose to continue managing BitLocker on-premises after MBAM support ends can use the [BitLocker WMI provider class](https://msdn.microsoft.com/library/windows/desktop/aa376483) to create a custom management solution.
Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD).
## Managing devices joined to Azure Active Directory
Devices joined to Azure Active Directory (Azure AD) are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 Business or Enterprise editions and on Windows Phones.

2
windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
View File

@ -422,7 +422,7 @@ There are no default locations included with WIP, you must add each of your netw
<tr>
<td>Network domains</td>
<td>corp.contoso.com,region.contoso.com</td>
<td>Starting with Windows 10, version 1703, this field is optional.<br><br>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<br><br>If you have multiple resources, you must separate them using the "," delimiter.</td>
<td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<br><br>If you have multiple resources, you must separate them using the "," delimiter.</td>
</tr>
<tr>
<td>Proxy servers</td>

4
windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
ms.date: 04/19/2017
ms.date: 07/25/2018
---
# Apply a basic audit policy on a file or folder
@ -32,7 +32,7 @@ To complete this procedure, you must be logged on as a member of the built-in Ad
- To audit failure events, click **Fail.**
- To audit all events, click **All.**
> **Important:**  Before setting up auditing for files and folders, you must enable object access auditing by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.
> **Important:**  Before setting up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md) by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.
 
## Additional considerations

6
windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 07/10/2018
ms.date: 07/26/2018
---
@ -83,8 +83,8 @@ Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Scan | Specify the scan type to use for a scheduled scan | Quick scan
Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
Root | Randomize scheduled task times | Randomize the start time of the scan to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments | Enabled
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am
Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans. This can be useful in VM or VDI deployments. | Enabled
**Use PowerShell cmdlets to schedule scans:**

52
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -655,32 +655,32 @@ Microsoft recommends that you block the following Microsoft-signed applications
<Deny ID="ID_DENY_D_554" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B3377D1D31E51491C0C5F074C"/>
<Deny ID="ID_DENY_D_555" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E96130766A9895B2222C4066CE820"/>
<Deny ID="ID_DENY_D_556" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154EB380D94ADE7FEB5EA470E7"/>
<Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 556" Hash="45F948AF27F4E698A8546027717901B5F70368EE"/>
<Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 556" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30"/>
<Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 556" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"/>
<Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 556" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140"/>
<Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 556" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"/>
<Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 556" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A"/>
<Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 556" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"/>
<Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 556" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010"/>
<Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 556" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"/>
<Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 556" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3"/>
<Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 556" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"/>
<Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 556" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C"/>
<Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 556" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"/>
<Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 556" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8"/>
<Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 556" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"/>
<Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 556" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439"/>
<Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 556" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"/>
<Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 556" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3"/>
<Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 556" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"/>
<Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 556" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389"/>
<Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 556" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"/>
<Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 556" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA"/>
<Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 556" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"/>
<Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 556" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
<Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 556" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
<Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 556" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
<Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 557" Hash="45F948AF27F4E698A8546027717901B5F70368EE"/>
<Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 558" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30"/>
<Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 559" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"/>
<Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 560" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140"/>
<Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 561" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"/>
<Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 562" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A"/>
<Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 563" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"/>
<Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 564" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010"/>
<Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 565" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"/>
<Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 566" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3"/>
<Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 567" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"/>
<Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 568" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C"/>
<Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 569" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"/>
<Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 570" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8"/>
<Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 571" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"/>
<Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 572" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439"/>
<Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 573" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"/>
<Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 574" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3"/>
<Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 575" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"/>
<Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 576" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389"/>
<Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 577" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"/>
<Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 578" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA"/>
<Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 579" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"/>
<Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 580" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
<Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 581" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
<Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 582" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
<!-- pubprn.vbs
-->

32
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -116,13 +116,13 @@
###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
#####File
###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
###### [Block file](block-file-windows-defender-advanced-threat-protection.md)
###### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
###### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
###### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
###### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
###### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
###### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
###### [Get FileActions collection](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
###### [Unblock file](unblock-file-windows-defender-advanced-threat-protection.md)
#####IP
###### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
@ -130,25 +130,25 @@
###### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
###### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
#####Machines
###### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
###### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection.md)
###### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
###### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
###### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
###### [Get FileMachineAction object](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
###### [Get FileMachineActions collection](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
###### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
###### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
###### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
###### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
###### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
###### [Get MachineAction object](get-machineaction-object-windows-defender-advanced-threat-protection.md)
###### [Get MachineActions collection](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
###### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
###### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
###### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
###### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
###### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
###### [Get package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
###### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection.md)
###### [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection.md)
###### [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
###### [Request sample](request-sample-windows-defender-advanced-threat-protection.md)
###### [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection.md)
###### [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine file](stop-quarantine-file-windows-defender-advanced-threat-protection.md)

4
windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
View File

@ -52,7 +52,7 @@ If successful, this method returns 200, Ok response code with empty body, which
## Example
Request
**Request**
Here is an example of the request.
@ -66,7 +66,7 @@ Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md
View File

@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -63,7 +63,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

21
windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Find machine information by internal IP API
description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or internal IP.
keywords: apis, graph api, supported apis, find machine, machine information, IP
description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP.
keywords: ip, apis, graph api, supported apis, find machine, machine information
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -9,8 +9,8 @@ ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 12/08/2017
ms.localizationpriority: high
ms.date: 07/25/2018
---
# Find machine information by internal IP API
@ -20,15 +20,17 @@ ms.date: 12/08/2017
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Find a machine entity around a specific timestamp by internal IP.
Find a machine entity around a specific timestamp by FQDN or internal IP.
>[!NOTE]
>The timestamp must be within the last 30 days.
## Permissions
User needs read permissions.
## HTTP request
```
GET /testwdatppreview/machines/find(timestamp={time},key={IP/FQDN})
GET /testwdatppreview/machines/find(timestamp={time},key={IP})
```
## Request headers
@ -49,19 +51,20 @@ If no machine found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
```
GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp={time},key={IP/FQDN})
GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61')
Content-type: application/json
```
Response
**Response**
Here is an example of the response.
The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp.
```
HTTP/1.1 200 OK

4
windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md
View File

@ -50,7 +50,7 @@ If actor does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/actors/zinc
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If actor does not exist or no related alerts - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If alert not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If alert not found or actor not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -59,7 +59,7 @@ Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If alert not found or domain not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If alert not found or files not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If alert not found or IPs not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md
View File

@ -48,7 +48,7 @@ If alert not found or machine not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -57,7 +57,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If alert not found or user not found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md
View File

@ -50,7 +50,7 @@ If no recent alerts found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If domain or alert does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If domain or machines do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If domain does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md
View File

@ -50,7 +50,7 @@ If file does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If file or alerts do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If file or machines do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If file do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md
View File

@ -51,7 +51,7 @@ If successful, this method returns 200, Ok response code with a collection of Fi
## Example
Request
**Request**
Here is an example of the request on an organization that has three FileActions.
@ -59,7 +59,7 @@ Here is an example of the request on an organization that has three FileActions.
GET https://graph.microsoft.com/testwdatppreview/fileactions
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md
View File

@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with the *FileMachineAc
## Example
Request
**Request**
Here is an example of the request.
@ -55,7 +55,7 @@ Here is an example of the request.
GET https://graph.microsoft.com/testwdatppreview/filemachineactions/3dc88ce3-dd0c-40f7-93fc-8bd14317aab6
```
Response
**Response**
Here is an example of the response.

8
windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md
View File

@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with a collection of Fi
## Example 1
Request
**Request**
Here is an example of the request on an organization that has three FileMachineActions.
@ -55,7 +55,7 @@ Here is an example of the request on an organization that has three FileMachineA
GET https://graph.microsoft.com/testwdatppreview/filemachineactions
```
Response
**Response**
Here is an example of the response.
@ -113,7 +113,7 @@ Content-type: application/json
##Example 2
Request
**Request**
Here is an example of a request that filters the FileMachineActions by machine ID and shows the latest two FileMachineActions.
@ -121,7 +121,7 @@ Here is an example of a request that filters the FileMachineActions by machine I
GET https://graph.microsoft.com/testwdatppreview/filemachineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2
```
Response
**Response**
```
HTTP/1.1 200 Ok

4
windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If IP and alerts do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md
View File

@ -42,7 +42,7 @@ If IP or machines do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -51,7 +51,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If domain does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If no machine found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines/{id}
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md
View File

@ -50,7 +50,7 @@ If no machine found or no users found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If no machine or no alerts found - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md
View File

@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with the *MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -55,7 +55,7 @@ Here is an example of the request.
GET https://graph.microsoft.com/testwdatppreview/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
```
Response
**Response**
Here is an example of the response.

8
windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md
View File

@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with a collection of Ma
## Example 1
Request
**Request**
Here is an example of the request on an organization that has three MachineActions.
@ -55,7 +55,7 @@ Here is an example of the request on an organization that has three MachineActio
GET https://graph.microsoft.com/testwdatppreview/machineactions
```
Response
**Response**
Here is an example of the response.
@ -107,7 +107,7 @@ Content-type: application/json
## Example 2
Request
**Request**
Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions.
@ -117,7 +117,7 @@ GET https://graph.microsoft.com/testwdatppreview/machineactions?$filter=machineI
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If no recent machines - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md
View File

@ -48,7 +48,7 @@ If successful, this method returns 200, Ok response code with object that holds
## Example
Request
**Request**
Here is an example of the request.
@ -57,7 +57,7 @@ GET https://graph.microsoft.com/testwdatppreview/machineactions/7327b54fd718525c
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If user does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/users/{id}
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If user does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If user or machine does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md
View File

@ -42,7 +42,7 @@ If domain does not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -51,7 +51,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md
View File

@ -49,7 +49,7 @@ If IP do not exist - 404 Not Found.
## Example
Request
**Request**
Here is an example of the request.
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}
Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md
View File

@ -57,7 +57,7 @@ If successful, this method returns 201, Created response code and _MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -70,7 +70,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md
View File

@ -52,7 +52,7 @@ If successful, this method returns 201, Created response code and *FileMachineAc
## Example
Request
**Request**
Here is an example of the request.
@ -66,7 +66,7 @@ Content-type: application/json
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md
View File

@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -63,7 +63,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md
View File

@ -59,7 +59,7 @@ If successful, this method returns 201, Created response code and _MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -72,7 +72,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md
View File

@ -52,7 +52,7 @@ If successful, this method returns 201, Created response code and _FileMachineAc
## Example
Request
**Request**
Here is an example of the request.
@ -65,7 +65,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md
View File

@ -52,7 +52,7 @@ If successful, this method returns 200, Ok response code with empty body, which
## Example
Request
**Request**
Here is an example of the request.
@ -64,7 +64,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md
View File

@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -63,7 +63,7 @@ Content-type: application/json
}
```
Response
**Response**
Here is an example of the response.

4
windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md
View File

@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
## Example
Request
**Request**
Here is an example of the request.
@ -64,7 +64,7 @@ Content-type: application/json
```
Response
**Response**
Here is an example of the response.

7
windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
View File

@ -53,10 +53,9 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
- [Windows Defender Security Center](../windows-defender-atp/windows-defender-security-center-atp.md)
- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
- [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
- Windows Defender Device Guard
- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md)
- [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
@ -76,7 +75,7 @@ This section covers requirements for each feature in Windows Defender EG.
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
| Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) |
| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) |
| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |
| Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) |