From e016d18c28aa704f41fc7b003c9aab1cb0e56265 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 22 Jan 2020 15:36:13 -0800 Subject: [PATCH 1/5] update table --- windows/deployment/windows-autopilot/add-devices.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index 4a2ba1d5c7..cec72b237a 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -123,13 +123,13 @@ A summary of each platform's capabilities is provided below.
Partner Center YES - 1000 at a time max -YES3 +YES34 Tuple or PKID or 4K HH Intune -YES - 1000 at a time max1 +YES - 500 at a time max1 YES12 4K HH @@ -137,7 +137,7 @@ A summary of each platform's capabilities is provided below.
Microsoft Store for Business4 YES - 1000 at a time max -YES +YES4 4K HH From b34800fa7c027d81bbf51d7672eacf9e335985d4 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 22 Jan 2020 17:17:56 -0800 Subject: [PATCH 2/5] Name change AlertEvents > DeviceAlertEvents --- windows/security/threat-protection/TOC.md | 2 +- ....md => advanced-hunting-devicealertevents-table.md} | 10 +++++----- .../advanced-hunting-schema-reference.md | 2 +- .../threat-and-vuln-mgt-scenarios.md | 2 +- ...nges-to-security-settings-with-tamper-protection.md | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) rename windows/security/threat-protection/microsoft-defender-atp/{advanced-hunting-alertevents-table.md => advanced-hunting-devicealertevents-table.md} (79%) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 84f646914b..6bd34daec8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -114,7 +114,7 @@ #### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md) #### [Advanced hunting schema reference]() ##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md) -##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md) +##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md) ##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md) ##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md) ##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md similarity index 79% rename from windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md rename to windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md index c7fd28fc75..28d0176f0f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md @@ -1,7 +1,7 @@ --- -title: AlertEvents table in the advanced hunting schema -description: Learn about alert generation events in the AlertEvents table of the advanced hunting schema -keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category +title: DeviceAlertEvents table in the advanced hunting schema +description: Learn about alert generation events in the DeviceAlertEvents table of the advanced hunting schema +keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -18,7 +18,7 @@ ms.topic: article ms.date: 10/08/2019 --- -# AlertEvents +# DeviceAlertEvents **Applies to:** @@ -26,7 +26,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. +The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 8eb7542ce5..6e13b372ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -37,7 +37,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce | Table name | Description | |------------|-------------| -| **[AlertEvents](advanced-hunting-alertevents-table.md)** | Alerts on Microsoft Defender Security Center | +| **[DeviceAlertEvents](advanced-hunting-devicealertevents-table.md)** | Alerts on Microsoft Defender Security Center | | **[DeviceInfo](advanced-hunting-deviceinfo-table.md)** | Machine information, including OS information | | **[DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md)** | Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains | | **[DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md)** | Process creation and related events | diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 55ffb2b7ca..5f9dcadac9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -174,7 +174,7 @@ DeviceTvmSoftwareInventoryVulnerabilities | where IsExploitAvailable == 1 and CvssScore >= 7 | summarize NumOfVulnerabilities=dcount(CveId), DeviceName=any(DeviceName) by DeviceId -| join kind =inner(AlertEvents) on DeviceId +| join kind =inner(DeviceAlertEvents) on DeviceId | summarize NumOfVulnerabilities=any(NumOfVulnerabilities), DeviceName=any(DeviceName) by DeviceId, AlertId | project DeviceName, NumOfVulnerabilities, AlertId diff --git a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index 21736ff5a6..5c91ca4d4b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -219,7 +219,7 @@ Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securi In addition, your security operations team can use hunting queries, such as the following: -`AlertEvents | where Title == "Tamper Protection bypass"` +`DeviceAlertEvents | where Title == "Tamper Protection bypass"` [View information about tampering attempts](#view-information-about-tampering-attempts). From 61d45e9795797ce9901f8e36177ceced5b75a9d8 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 22 Jan 2020 17:25:55 -0800 Subject: [PATCH 3/5] GitIssues + Redirect for DeviceAlertEvents --- .openpublishing.redirection.json | 5 +++++ .../advanced-hunting-devicealertevents-table.md | 2 +- .../advanced-hunting-deviceimageloadevents-table.md | 2 +- .../advanced-hunting-tvm-softwarevulnerability-table.md | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f8f2090d66..91081ca4d6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -981,6 +981,11 @@ "redirect_document_id": false }, { +"source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md", +"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table", +"redirect_document_id": true +}, +{ "source_path": "windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-filecreationevents-table.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table", "redirect_document_id": true diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md index 28d0176f0f..50d1242878 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 10/08/2019 +ms.date: 01/22/2020 --- # DeviceAlertEvents diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md index d57a965bcf..bec74d489e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md @@ -26,7 +26,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The `DeviceImageLoadEvents table` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. +The `DeviceImageLoadEvents` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md index 9efd108ce9..5af1cfe1f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md @@ -28,7 +28,7 @@ ms.date: 11/12/2019 [!include[Prerelease information](../../includes/prerelease.md)] -The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. +The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md). From 8075e9c17621d985e5f87b0a40e9ff2aee67bbb7 Mon Sep 17 00:00:00 2001 From: lomayor Date: Wed, 22 Jan 2020 17:40:25 -0800 Subject: [PATCH 4/5] Update advanced-hunting-deviceimageloadevents-table.md --- .../advanced-hunting-deviceimageloadevents-table.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md index bec74d489e..fe1f719c73 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md @@ -26,7 +26,7 @@ ms.date: 10/08/2019 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -The `DeviceImageLoadEvents` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. +The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md). From 6507234020fb450da18d10c77ee6173a06e7adb6 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Jan 2020 09:27:25 -0800 Subject: [PATCH 5/5] make sure this is pushed correctly --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index cec72b237a..b9ed3fdd35 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -171,4 +171,4 @@ When deploying new devices using Windows Autopilot, the following steps are requ ## Other configuration settings -- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started. +- [Bitlocker encryption settings](bitlocker.md): You can configure the BitLocker encryption settings to be applied before automatic encryption is started. \ No newline at end of file