From 424fb0d6d82a70ec5f8605ff67a0bdee57d0e5fb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Sep 2017 13:41:16 -0700 Subject: [PATCH 01/11] remove suppression rules --- .../settings-windows-defender-advanced-threat-protection.md | 4 ++-- .../windows-defender-advanced-threat-protection.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md index 81b976e914..aee67ec43e 100644 --- a/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/settings-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender Advanced Threat Protection settings -description: Use the menu to configure the time zone, suppression rules, and view license information. -keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules +description: Use the menu to configure the time zone and view license information. +keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 4f308f2bea..e208f89717 100644 --- a/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -101,7 +101,7 @@ Topic | Description [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) | Understand the security status of your organization, including the status of machines, alerts, and investigations using the Windows Defender ATP reporting feature that integrates with Power BI. [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) | Check the sensor health state on endpoints to verify that they are providing sensor data and communicating with the Windows Defender ATP service. [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Use the Preferences setup menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature. -[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings, suppression rules, and view license information. +[Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) | Configure time zone settings and view license information. [Windows Defender ATP service health](service-status-windows-defender-advanced-threat-protection.md) | Verify that the service health is running properly or if there are current issues. [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP. [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required. From f794356249ccd53a19f0b42a0284d062fa18a3b6 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Tue, 19 Sep 2017 14:39:19 -0700 Subject: [PATCH 02/11] updated publish date to actual --- browsers/edge/microsoft-edge-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md index f24235f60d..bb633e1460 100644 --- a/browsers/edge/microsoft-edge-faq.md +++ b/browsers/edge/microsoft-edge-faq.md @@ -7,6 +7,7 @@ ms.prod: edge ms.mktglfcycl: general ms.sitesec: library ms.localizationpriority: high +ms.date: 09/07/2017 --- # Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros From ac254b778f579c4e17260ac3d81e413be1f69751 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Tue, 19 Sep 2017 14:45:28 -0700 Subject: [PATCH 03/11] Adding FAQ document --- browsers/edge/change-history-for-microsoft-edge.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index e3c6a0b2d7..83fb456c61 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -12,6 +12,11 @@ This topic lists new and updated topics in the Microsoft Edge documentation for For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/). +## September 2017 +|New or changed topic | Description | +|---------------------|-------------| +|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New | + ## February 2017 |New or changed topic | Description | |----------------------|-------------| @@ -47,4 +52,4 @@ For a detailed feature list of what's in the current Microsoft Edge releases, th |New or changed topic | Description | |----------------------|-------------| -|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | \ No newline at end of file +|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | From 8db7b8587a92f214ee633b8fff87cc61dc13157f Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Tue, 19 Sep 2017 15:13:26 -0700 Subject: [PATCH 04/11] TEI link updates Updated the Total Economic Impact infographic link; added link and wording to full Forrester report --- browsers/edge/Index.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index 77890240cb..5893fdf819 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -23,7 +23,7 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. >[!Note] ->For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892). +>For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847). >Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area. @@ -59,7 +59,9 @@ You'll need to keep running them using IE11. If you don't have IE11 installed an ## Related topics -- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892) +- [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956) + +- [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847) - [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) From 69eafe1073ddc64438b05681f301b9b999c7d6f7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 19 Sep 2017 15:32:24 -0700 Subject: [PATCH 05/11] updates --- ...r-codes-windows-defender-advanced-threat-protection.md | 4 ++-- ...verview-windows-defender-advanced-threat-protection.md | 4 ++-- ...-status-windows-defender-advanced-threat-protection.md | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 4200e50e85..f1ff28638b 100644 --- a/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -29,14 +29,14 @@ ms.date: 09/05/2017 You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints. -For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. +For example, if endpoints are not appearing in the **Machines list**, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. > [!NOTE] > It can take several days for endpoints to begin reporting to the Windows Defender ATP service. **Open Event Viewer and find the Windows Defender ATP service event log:** -1. Click **Start**, type **Event Viewer**, and press **Enter**. +1. Click **Start** on the Windows menu, type **Event Viewer**, and press **Enter**. 2. In the log list, under **Log Summary**, scroll until you see **Microsoft-Windows-SENSE/Operational**. Double-click the item to open the log. diff --git a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index 9e98297388..5d510f2eb6 100644 --- a/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -30,7 +30,7 @@ Enterprise security teams can use the Windows Defender ATP portal to monitor and You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to: - View, sort, and triage alerts from your endpoints - Search for more information on observed indicators such as files and IP Addresses -- Change Windows Defender ATP settings, including time zone and licensing information. +- Change Windows Defender ATP settings, including time zone and review licensing information. ## Windows Defender ATP portal When you open the portal, you’ll see the main areas of the application: @@ -54,7 +54,7 @@ Area | Description **Alerts queue** | Enables you to view separate queues of new, in progress, resolved alerts, alerts assigned to you, and suppression rules. **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. -**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. +**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, enable or turn off advanced features, and build Power BI reports. **Endpoint management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. (3) Main portal| Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list. diff --git a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index aed38dc020..67b2520eea 100644 --- a/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Check the Windows Defender ATP service health description: Check Windows Defender ATP service health, see if the service is experiencing issues and review previous issues that have been resolved. -keywords: dashboard, service, issues, service health, current issues, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time +keywords: dashboard, service, issues, service health, current status, status history, summary of impact, preliminary root cause, resolution, resolution time, expected resolution time search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -33,11 +33,11 @@ You can view details on the service health by clicking the tile from the **Secur The **Service health** details page has the following tabs: -- **Current issues** +- **Current status** - **Status history** -## Current issues -The **Current issues** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: +## Current status +The **Current status** tab shows the current state of the Windows Defender ATP service. When the service is running smoothly a healthy service health is shown. If there are issues seen, the following service details are shown to help you gain better insight about the issue: - Date and time for when the issue was detected - A short description of the issue From 2802081f69c8be4f1a65676c63449fb9d5f8dc6c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 19 Sep 2017 16:11:41 -0700 Subject: [PATCH 06/11] update organize alerts queue --- ...-windows-defender-advanced-threat-protection.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 4fa77ae8f4..70660d58f9 100644 --- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -37,7 +37,7 @@ Use the Machines list in these main scenarios: ## Sort, filter, and download the list of machines from the Machines list You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order. -Filter the **Machines list** by time period, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, or **Groups** to focus on certain sets of machines, according to the desired criteria. +Filter the **Machines list** by **Time**, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, **Groups**, or **Tags** to focus on certain sets of machines, according to the desired criteria. You can also download the entire list in CSV format using the **Export to CSV** feature. @@ -78,7 +78,15 @@ Filter the list to view specific machines grouped together by the following mach - **Inactive** – Machines that have completely stopped sending signals for more than 7 days. -**Malware category**
+**Security state**
+Filter the list to view specific machines that are well configured or require attention based on the Windows Defender security controls that are enabled in your organization. + + +- **Well configured** - Machines have the Windows Defender security controls well configured. +- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. + + +**Malware category alerts**
Filter the list to view specific machines grouped together by the following malware categories: - **Ransomware** – Ransomware use common methods to encrypt files using keys that are known only to attackers. As a result, victims are unable to access the contents of the encrypted files. Most ransomware display or drop a ransom note—an image or an HTML file that contains information about how to obtain the attacker-supplied decryption tool for a fee. - **Credential theft** – Spying tools, whether commercially available or solely used for unauthorized purposes, include general purpose spyware, monitoring software, hacking programs, and password stealers. @@ -88,6 +96,8 @@ Filter the list to view specific machines grouped together by the following malw - **General malware** – Malware are malicious programs that perform unwanted actions, including actions that can disrupt, cause direct damage, and facilitate intrusion and data theft. Some malware can replicate and spread from one machine to another. Others are able to receive commands from remote attackers and perform activities associated with cyberattacks. - **PUA** – Unwanted software is a category of applications that install and perform undesirable activity without adequate user consent. These applications are not necessarily malicious, but their behaviors often negatively impact the computing experience, even appearing to invade user privacy. Many of these applications display advertising, modify browser settings, and install bundled software. +## Groups and tags +You can filter the list based on the grouping and tagging that you've added to individual machines. For more information, see [Manage machine group and tags](respond-machine-alerts-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags). ## Export machine list to CSV You can download a full list of all the machines in your organization, in CSV format. Click the **Export to CSV** button to download the entire list as a CSV file. From 19a12d75b0f1d23dfe42ea4e764d9159b477f434 Mon Sep 17 00:00:00 2001 From: Jimmie Lightner Date: Wed, 20 Sep 2017 10:57:19 -0400 Subject: [PATCH 07/11] Update hello-planning-guide.md Corrected typographical errors within Trust Type section. --- .../hello-for-business/hello-planning-guide.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/access-protection/hello-for-business/hello-planning-guide.md b/windows/access-protection/hello-for-business/hello-planning-guide.md index 54739d877a..1e51ed414b 100644 --- a/windows/access-protection/hello-for-business/hello-planning-guide.md +++ b/windows/access-protection/hello-for-business/hello-planning-guide.md @@ -160,9 +160,9 @@ If your organization does not have cloud resources, write **On-Premises** in box Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers. -One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end enetity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust). +One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust). -Because the certificate trust tyoes issues certificates, there is more configuration and infrastrucutre needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificatat-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. +Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accomodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployements includes a certificate registration authority. Hybrid Azure AD joined devices managed by Group Policy need the Windows Server 2016 AD FS role to issue certificates. Hybrid Azure AD joined devices and Azure AD joined devices managed by Intune or a compatible MDM need the Windows Server NDES server role to issue certificates. If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**. @@ -320,4 +320,4 @@ If boxes **2a** or **2b** read **modern management** and you want devices to aut ## Congratulations, You’re Done -Your Windows Hello for Business planning worksheet should be complete. This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used. The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment. With this worksheet, you’ll be able to identify key elements of your Windows Hello for Business deployment. \ No newline at end of file +Your Windows Hello for Business planning worksheet should be complete. This guide provided understanding of the components used in the Windows Hello for Business infrastructure and rationalization of why they are used. The worksheet gives you an overview of the requirements needed to continue the next phase of the deployment. With this worksheet, you’ll be able to identify key elements of your Windows Hello for Business deployment. From ea35f3d24cc5d571bb295974dd57b6f9f4194251 Mon Sep 17 00:00:00 2001 From: nevedita Date: Wed, 20 Sep 2017 10:13:13 -0700 Subject: [PATCH 08/11] Update upgrade-readiness-get-started.md --- windows/deployment/upgrade/upgrade-readiness-get-started.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index 29a27310e4..ff117afd8d 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10.vortex-win.data.microsoft.com/collect/v1`
`https://Vortex-win.data.microsoft.com/health/keepalive` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. | -| `https://settings.data.microsoft.com/qos` | Enables the compatibility update KB to send data to Microsoft. | -| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. | +| `https://v10.vortex-win.data.microsoft.com` | For Windows 10, Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. +| `https://Vortex-win.data.microsoft.com` | For OS versions lower than Windows 10, Connected User Experience and Telemetry component endpoint. +| `https://settings.data.microsoft.com` | Enables the compatibility update KB to send data to Microsoft. | Note: The compatibility update KB runs under the computer’s system account. From 5894c31bd977ba9eb970f7db761d2ba1c0111cc2 Mon Sep 17 00:00:00 2001 From: Andrew Childs Date: Wed, 20 Sep 2017 13:37:32 -0500 Subject: [PATCH 09/11] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2b77126ecf..be0f75a719 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -21,7 +21,7 @@ ms.date: 07/27/2017 Delivery Optimization is a self-organizing distributed cache solution for businesses looking to reduce bandwidth consumption for operating system updates, operating system upgrades, and applications by allowing clients to download those elements from alternate sources (such as other peers on the network) in addition to the traditional Internet-based Windows Update servers. You can use Delivery Optimization in conjunction with stand-alone Windows Update, Windows Server Update Services (WSUS), and Windows Update for Business. This functionality is similar to BranchCache in other systems, such as System Center Configuration Manager. -Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This mean that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet. +Delivery Optimization is a cloud managed solution. Having access to the Delivery Optimization cloud services, is a requirement for it to be enabled. This means that in order to utilize the peer-to-peer functionality of Delivery Optimization, machines need to have access to the internet. For more details, see [Download mode](#download-mode). From 023d27eefe35190fdeee6a3a992e47641d750253 Mon Sep 17 00:00:00 2001 From: nevedita Date: Wed, 20 Sep 2017 12:12:09 -0700 Subject: [PATCH 10/11] Update upgrade-readiness-get-started.md --- windows/deployment/upgrade/upgrade-readiness-get-started.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index ff117afd8d..90fabf7307 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -84,9 +84,9 @@ To enable data sharing, whitelist the following endpoints. Note that you may nee | **Endpoint** | **Function** | |---------------------------------------------------------|-----------| -| `https://v10.vortex-win.data.microsoft.com` | For Windows 10, Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. -| `https://Vortex-win.data.microsoft.com` | For OS versions lower than Windows 10, Connected User Experience and Telemetry component endpoint. -| `https://settings.data.microsoft.com` | Enables the compatibility update KB to send data to Microsoft. | +| `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for Windows 10 computers. User computers send data to Microsoft through this endpoint. +| `https://Vortex-win.data.microsoft.com` | Connected User Experience and Telemetry component endpoint for operating systems older than Windows 10 +| `https://settings.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. | Note: The compatibility update KB runs under the computer’s system account. From 93b2bc88b745112558a4e7e7182bb3f0729872bc Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 20 Sep 2017 14:39:40 -0700 Subject: [PATCH 11/11] general updates --- ...-windows-defender-advanced-threat-protection.md | 2 +- ...-windows-defender-advanced-threat-protection.md | 14 ++------------ ...-windows-defender-advanced-threat-protection.md | 12 +++--------- 3 files changed, 6 insertions(+), 22 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md index f775017c4c..e9c01a20cf 100644 --- a/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -77,7 +77,7 @@ Field numbers match the numbers in the images below. ![Image of artifact timeline with numbers](images/atp-siem-mapping3.png) -![Image of alert timeline with numbers](images/atp-siem-mapping4.png) +![Image of artifact timeline with numbers](images/atp-siem-mapping4.png) ![Image machine view](images/atp-mapping6.png) diff --git a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index f437a524b9..4581751734 100644 --- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -93,18 +93,8 @@ Use the search bar to look for specific timeline events. Harness the power of us - Behaviors mode: displays "detections" and selected events of interest - Verbose mode: displays all raw events without aggregation or filtering -- **Event type** - Click the drop-down button to filter by the following levels: - - Windows Defender ATP alerts - - Windows Defender AV alerts - - Response actions - - AppGuard related events - - Windows Defender Device Guard events - - Process events - - Network events - - File events - - Registry events - - Load DLL events - - Other events

+- **Event type** - Click the drop-down button to filter by events such as Windows - Windows Defender ATP alerts, Windows Defender Application Guard events, registry events, file events, and others. + Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. - **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: diff --git a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 70660d58f9..ca3569887b 100644 --- a/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -60,19 +60,14 @@ You can use the following filters to limit the list of machines displayed during - Mac OS - Other -**Health**
-- All -- Well configure -- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters. - **Sensor health state**
Filter the list to view specific machines grouped together by the following machine health states: - **Active** – Machines that are actively reporting sensor data to the service. - **Misconfigured** – Machines that have impaired communications with service or are unable to send sensor data. Misconfigured machines can further be classified to: - - Impaired communications - No sensor data + - Impaired communications For more information on how to address issues on misconfigured machines see, [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). - **Inactive** – Machines that have completely stopped sending signals for more than 7 days. @@ -85,6 +80,7 @@ Filter the list to view specific machines that are well configured or require at - **Well configured** - Machines have the Windows Defender security controls well configured. - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. +For more information, see [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md). **Malware category alerts**
Filter the list to view specific machines grouped together by the following malware categories: @@ -109,13 +105,11 @@ Exporting the list in CSV format displays the data in an unfiltered manner. The You can sort the **Machines list** by the following columns: - **Machine name** - Name or GUID of the machine -- **Domain** - Domain where the machine is joined in -- **OS Platform** - Indicates the OS of the machine - **Health State** – Indicates if the machine is misconfigured or is not sending sensor data - **Last seen** - Date and time when the machine last reported sensor data - **Internal IP** - Local internal Internet Protocol (IP) address of the machine - **Active Alerts** - Number of alerts reported by the machine by severity -- **Active malware detections** - Number of active malware detections reported by the machine +- **Active malware alerts** - Number of active malware detections reported by the machine > [!NOTE] > The **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) as the active real-time protection antimalware product.