mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 11:53:37 +00:00
Beth Levin
GitHub
@ -25,7 +25,7 @@ ms.topic: conceptual
|
|||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
|
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
|
||||||
|
|
||||||
Your Configuration score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. It reflects the collective security configuration state of your machines across the following categories:
|
Your Configuration score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your machines across the following categories:
|
||||||
|
|
||||||
- Application
|
- Application
|
||||||
- Operating system
|
- Operating system
|
||||||
@ -33,7 +33,7 @@ Your Configuration score is visible in the [Threat & Vulnerability Management da
|
|||||||
- Accounts
|
- Accounts
|
||||||
- Security controls
|
- Security controls
|
||||||
|
|
||||||
A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks.
|
Select a category to go to the [**Security recommendations**](tvm-security-recommendation.md) page and view the relevant recommendations.
|
||||||
|
|
||||||
## How it works
|
## How it works
|
||||||
|
|
||||||
@ -43,35 +43,31 @@ A higher configuration score means your endpoints are more resilient from cybers
|
|||||||
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
|
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
|
||||||
|
|
||||||
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
|
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
|
||||||
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction) by remediating the misconfiguration
|
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
|
||||||
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
|
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
|
||||||
- Collect and monitor changes of security control configuration state from all assets
|
- Collect and monitor changes of security control configuration state from all assets
|
||||||
|
|
||||||
From the widget, you'd be able to see which security aspect requires attention. You can click the configuration score categories and it will take you to the **Security recommendations** page to see more details and understand the context of the issue. From there, you can act on them based on security benchmarks.
|
|
||||||
|
|
||||||
## Improve your security configuration
|
## Improve your security configuration
|
||||||
|
|
||||||
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
|
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
|
||||||
|
|
||||||
1. From the Configuration score card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md), select **Security controls**. The [**Security recommendations**](tvm-security-recommendation.md) page opens to shows the list of recommendations related to security controls.
|
1. From the Configuration score card in the Threat & Vulnerability Management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
|
||||||
|
|
||||||
2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
|
2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to the email that you can send to your IT Administrator for follow-up.
|
3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
|
||||||
|
|
||||||
>.
|
4. **Submit request**. You will see a confirmation message that the remediation task has been created.
|
||||||
|
|
||||||
You will see a confirmation message that the remediation task has been created.
|
|
||||||
>
|
>
|
||||||
|
|
||||||
4. Save your CSV file.
|
5. Save your CSV file.
|
||||||
|
|
||||||
|
|
||||||
5. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
|
6. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
|
||||||
|
|
||||||
6. Review the machine **Configuration score** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
|
7. Review the **Configuration score** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
|
>To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
|
||||||
@ -86,17 +82,14 @@ You can improve your security configuration when you remediate issues from the s
|
|||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
|
||||||
- [Exposure score](tvm-exposure-score.md)
|
- [Exposure score](tvm-exposure-score.md)
|
||||||
- [Security recommendations](tvm-security-recommendation.md)
|
- [Security recommendations](tvm-security-recommendation.md)
|
||||||
- [Remediation and exception](tvm-remediation.md)
|
- [Remediation and exception](tvm-remediation.md)
|
||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
|
|
||||||
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
|
|
||||||
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
|
||||||
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
|
||||||
|
|||||||
Binary file not shown.
|
Before Width: | Height: | Size: 305 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 47 KiB |
@ -96,7 +96,7 @@ Ensure that your machines:
|
|||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||||
- [Exposure score](tvm-exposure-score.md)
|
- [Exposure score](tvm-exposure-score.md)
|
||||||
- [Configuration score](configuration-score.md)
|
- [Configuration score](configuration-score.md)
|
||||||
- [Security recommendations](tvm-security-recommendation.md)
|
- [Security recommendations](tvm-security-recommendation.md)
|
||||||
@ -104,10 +104,6 @@ Ensure that your machines:
|
|||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
|
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
|
||||||
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
|
|
||||||
- [Machine APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine)
|
|
||||||
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
|
||||||
- [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/)
|
- [BLOG: Microsoft's Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time](https://www.microsoft.com/security/blog/2019/07/02/microsofts-threat-vulnerability-management-now-helps-thousands-of-customers-to-discover-prioritize-and-remediate-vulnerabilities-in-real-time/)
|
||||||
|
|||||||
@ -27,6 +27,16 @@ ms.topic: article
|
|||||||
|
|
||||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||||
|
|
||||||
|
## APIs
|
||||||
|
|
||||||
|
Threat and vulnerability management supports multiple APIs. See the following topics for related APIs:
|
||||||
|
|
||||||
|
- [Machine APIs](machine.md)
|
||||||
|
- [Recommendation APIs](vulnerability.md)
|
||||||
|
- [Score APIs](score.md)
|
||||||
|
- [Software APIs](software.md)
|
||||||
|
- [Vulnerability APIs](vulnerability.md)
|
||||||
|
|
||||||
## Use advanced hunting query to search for machines with High active alerts or critical CVE public exploit
|
## Use advanced hunting query to search for machines with High active alerts or critical CVE public exploit
|
||||||
|
|
||||||
1. Go to **Advanced hunting** from the left-hand navigation pane of the Microsoft Defender Security Center.
|
1. Go to **Advanced hunting** from the left-hand navigation pane of the Microsoft Defender Security Center.
|
||||||
@ -85,16 +95,6 @@ To view a list of version that have reached end of support, or end or support so
|
|||||||
|
|
||||||
After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
|
After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
|
||||||
|
|
||||||
## Use APIs
|
|
||||||
|
|
||||||
Threat and vulnerability management supports multiple APIs. See the following topics for related APIs:
|
|
||||||
|
|
||||||
- [Machine APIs](machine.md)
|
|
||||||
- [Recommendation APIs](vulnerability.md)
|
|
||||||
- [Score APIs](score.md)
|
|
||||||
- [Software APIs](software.md)
|
|
||||||
- [Vulnerability APIs](vulnerability.md)
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
|
|||||||
@ -85,8 +85,8 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
|
|||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
|
||||||
- [Exposure score](tvm-exposure-score.md)
|
- [Exposure score](tvm-exposure-score.md)
|
||||||
- [Configuration score](configuration-score.md)
|
- [Configuration score](configuration-score.md)
|
||||||
- [Security recommendations](tvm-security-recommendation.md)
|
- [Security recommendations](tvm-security-recommendation.md)
|
||||||
@ -94,4 +94,5 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
|
|||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
|
|||||||
@ -70,21 +70,16 @@ To lower your threat and vulnerability exposure, follow these steps.
|
|||||||
|
|
||||||
6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
|
6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
|
||||||
- [Configuration score](configuration-score.md)
|
- [Configuration score](configuration-score.md)
|
||||||
- [Security recommendations](tvm-security-recommendation.md)
|
- [Security recommendations](tvm-security-recommendation.md)
|
||||||
- [Remediation and exception](tvm-remediation.md)
|
- [Remediation and exception](tvm-remediation.md)
|
||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
- [Recommendation APIs](vulnerability.md)
|
|
||||||
- [Machine APIs](machine.md)
|
|
||||||
- [Score APIs](score.md)
|
|
||||||
- [Software APIs](software.md)
|
|
||||||
- [Vulnerability APIs](vulnerability.md)
|
|
||||||
|
|||||||
@ -26,61 +26,32 @@ ms.topic: conceptual
|
|||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
|
>To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
|
||||||
|
|
||||||
After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
|
After your organization's cybersecurity weaknesses are identified and mapped to actionable [security recommendations](tvm-security-recommendation.md), start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
|
||||||
|
|
||||||
Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
|
Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
|
||||||
|
|
||||||
## How remediation requests work
|
## Navigate to the Remediation page
|
||||||
|
|
||||||
When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
|
You can access the remediation page though the navigation menu, and top remediation activities in the dashboard.
|
||||||
|
|
||||||
The dashboard will show the status of your top remediation activities. Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
|
|
||||||
|
|
||||||
## Accessing the remediation page
|
|
||||||
|
|
||||||
You can access the remediation page in a few places in the portal:
|
|
||||||
|
|
||||||
- Security recommendations flyout panel
|
|
||||||
- Navigation menu
|
|
||||||
- Top remediation activities in the dashboard
|
|
||||||
|
|
||||||
### Security recommendation flyout page
|
|
||||||
|
|
||||||
You'll see remediation options when you select one of the security recommendations in the [Security recommendations page](tvm-security-recommendation.md).
|
|
||||||
|
|
||||||
1. From the flyout panel, you'll see the security recommendation details including next steps. Select **Remediation options**.
|
|
||||||
2. In the **Remediation options** page, select **Open a ticket in Intune (for AAD joined devices)**.
|
|
||||||
3. Select a remediation due date.
|
|
||||||
4. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance.
|
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
>If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune.
|
|
||||||
|
|
||||||
If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
|
||||||
|
|
||||||
### Navigation menu
|
### Navigation menu
|
||||||
|
|
||||||
1. Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization.
|
Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization. Select the remediation activity that you want to view.
|
||||||
|
|
||||||
To see software which has reached end-of-support, select **Software uninstall** from the **Remediation type** filter. For specific software versions which have reached end-of-support, select **Software update** from the **Remediation type** filter. Select **In progress** then **Apply**.
|
|
||||||
|
|
||||||
|
|
||||||
2. Select the remediation activity that you want to view.
|
|
||||||
|
|
||||||
|
|
||||||
### Top remediation activities in the dashboard
|
### Top remediation activities in the dashboard
|
||||||
|
|
||||||
1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top remediation activities** card. The list is sorted and prioritized based on what is listed in the **Top security recommendations**.
|
View **Top remediation activities** in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task.
|
||||||
2. Select the remediation activity that you want to view.
|
|
||||||
|
|
||||||
|
## Remediation activities
|
||||||
|
|
||||||
## Exception options
|
When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
|
||||||
|
|
||||||
|
## Exceptions
|
||||||
|
|
||||||
You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
|
You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
|
||||||
|
|
||||||
When you select a [security recommendation](tvm-security-recommendation.md), it opens a flyout screen with details and options for your next steps. Select **Exception options** to fill out the justification and context.
|
[File for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Exception justification
|
### Exception justification
|
||||||
|
|
||||||
@ -131,18 +102,14 @@ The exception impact shows on both the Security recommendations page column and
|
|||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
|
||||||
- [Exposure score](tvm-exposure-score.md)
|
- [Exposure score](tvm-exposure-score.md)
|
||||||
- [Configuration score](configuration-score.md)
|
- [Configuration score](configuration-score.md)
|
||||||
- [Security recommendation](tvm-security-recommendation.md)
|
- [Security recommendations](tvm-security-recommendation.md)
|
||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
- [Recommendation APIs](vulnerability.md)
|
|
||||||
- [Machine APIs](machine.md)
|
|
||||||
- [Score APIs](score.md)
|
|
||||||
- [Software APIs](software.md)
|
|
||||||
- [Vulnerability APIs](vulnerability.md)
|
|
||||||
|
|||||||
@ -27,7 +27,7 @@ ms.topic: conceptual
|
|||||||
|
|
||||||
[!include[Prerelease information](../../includes/prerelease.md)]
|
[!include[Prerelease information](../../includes/prerelease.md)]
|
||||||
|
|
||||||
Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendation helps shorten the time to mitigate or remediate vulnerabilities and drive compliance.
|
Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendations help shorten the time to mitigate or remediate vulnerabilities and drive compliance.
|
||||||
|
|
||||||
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
|
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
|
||||||
|
|
||||||
@ -43,7 +43,11 @@ Each machine in the organization is scored based on three important factors to h
|
|||||||
|
|
||||||
## Navigate to security recommendations
|
## Navigate to security recommendations
|
||||||
|
|
||||||
You can access security recommendations from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page.
|
You can access security recommendations from the Microsoft Defender ATP Threat & Vulnerability Management navigation menu, dashboard, software page, and machine page.
|
||||||
|
|
||||||
|
### Navigation menu
|
||||||
|
|
||||||
|
Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization.
|
||||||
|
|
||||||
### Top security recommendations in the Threat & Vulnerability Management dashboard
|
### Top security recommendations in the Threat & Vulnerability Management dashboard
|
||||||
|
|
||||||
@ -53,21 +57,17 @@ In a given day as a Security Administrator, you can take a look at the [Threat &
|
|||||||
|
|
||||||
The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
|
The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation.
|
||||||
|
|
||||||
### Navigation menu
|
|
||||||
|
|
||||||
Go to the Threat & Vulnerability Management navigation menu and select **Security recommendations** to open the list of security recommendations for the threats and vulnerabilities found in your organization.
|
|
||||||
|
|
||||||
## Security recommendations overview
|
## Security recommendations overview
|
||||||
|
|
||||||
You will be able to view the recommendation, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
|
View recommendations, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
|
||||||
|
|
||||||
The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the amount of exposed machines, the color of the graph will change into green. This happens when the numbers on the right hand side is greater than what's on the left, which means an increase or decrease at the end of even a single machine will change the graph's color.
|
The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Icons
|
### Icons
|
||||||
|
|
||||||
Useful icons also quickly calls your attention to <ul><li>  possible active alerts</li><li> associated public exploits</li><li> recommendation insights</li></ul><br>
|
Useful icons also quickly calls your attention to: <ul><li>  possible active alerts</li><li> associated public exploits</li><li> recommendation insights</li></ul><br>
|
||||||
|
|
||||||
### Investigate
|
### Investigate
|
||||||
|
|
||||||
@ -77,22 +77,22 @@ Select the security recommendation that you want to investigate or process.
|
|||||||
|
|
||||||
From the flyout, you can do any of the following:
|
From the flyout, you can do any of the following:
|
||||||
|
|
||||||
- **Open software page** - Drill down and open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-life, and charts so you can see the exposure trend over time.
|
- **Open software page** - Open the software page to get more context of the software details, prevalence in the organization, weaknesses discovered, version distribution, software or software version end-of-support, and charts of the exposure trend over time.
|
||||||
|
|
||||||
- **Remediation options** - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
|
- **Remediation options** - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address.
|
||||||
|
|
||||||
- **Exception options** - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet due to specific business reasons, compensation controls, or if it is a false positive.
|
- **Exception options** - Submit an exception, provide justification, and set exception duration if you can't remediate the issue just yet.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>When a change is made on a machine, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center.
|
>When a change is made on a machine, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center.
|
||||||
|
|
||||||
## Request remediation
|
## Request remediation
|
||||||
|
|
||||||
The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT Administrators through the remediation request workflow. Security Administrators like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
|
The Threat & Vulnerability Management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
|
||||||
|
|
||||||
### Enable Microsoft Intune connection
|
### Enable Microsoft Intune connection
|
||||||
|
|
||||||
To use this capability, enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle on.
|
To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**.
|
||||||
|
|
||||||
See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||||
|
|
||||||
@ -106,16 +106,18 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT
|
|||||||
|
|
||||||
4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request.
|
4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request.
|
||||||
|
|
||||||
|
If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If your request involves remediating more than 10,000 machines, we can only send 10,000 machines for remediation to Intune.
|
>If your request involves remediating more than 10,000 machines, we can only send 10,000 machines for remediation to Intune.
|
||||||
|
|
||||||
## File for exception
|
## File for exception
|
||||||
|
|
||||||
With Threat & Vulnerability Management, you can create exceptions for recommendations, as an alternative to a remediation request.
|
As an alternative to a remediation request, you can create exceptions for recommendations.
|
||||||
|
|
||||||
There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
|
There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
|
||||||
|
|
||||||
Exceptions can be created for both *Security update* and *Configuration change* recommendations.
|
Exceptions can be created for both Security update and Configuration change recommendations.
|
||||||
|
|
||||||
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
|
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
|
||||||
|
|
||||||
@ -127,10 +129,8 @@ When an exception is created for a recommendation, the recommendation is no long
|
|||||||
> 
|
> 
|
||||||
|
|
||||||
3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
|
3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
|
||||||
|
|
||||||
|
|
||||||
4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and click the **Exceptions** tab to view all your exceptions (current and past).
|
4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past).
|
||||||
|
|
||||||
|
|
||||||
## Report inaccuracy
|
## Report inaccuracy
|
||||||
|
|
||||||
@ -149,21 +149,16 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
|
|||||||
4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
|
4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
|
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
|
||||||
- [Exposure score](tvm-exposure-score.md)
|
- [Exposure score](tvm-exposure-score.md)
|
||||||
- [Configuration score](configuration-score.md)
|
- [Configuration score](configuration-score.md)
|
||||||
- [Remediation and exception](tvm-remediation.md)
|
- [Remediation and exception](tvm-remediation.md)
|
||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Recommendation APIs](vulnerability.md)
|
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
- [Machine APIs](machine.md)
|
|
||||||
- [Score APIs](score.md)
|
|
||||||
- [Software APIs](software.md)
|
|
||||||
- [Vulnerability APIs](vulnerability.md)
|
|
||||||
@ -45,7 +45,8 @@ Some of the above prerequisites might be different from the [Minimum requirement
|
|||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||||
|
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||||
- [Exposure score](tvm-exposure-score.md)
|
- [Exposure score](tvm-exposure-score.md)
|
||||||
- [Configuration score](configuration-score.md)
|
- [Configuration score](configuration-score.md)
|
||||||
- [Security recommendations](tvm-security-recommendation.md)
|
- [Security recommendations](tvm-security-recommendation.md)
|
||||||
@ -53,4 +54,5 @@ Some of the above prerequisites might be different from the [Minimum requirement
|
|||||||
- [Software inventory](tvm-software-inventory.md)
|
- [Software inventory](tvm-software-inventory.md)
|
||||||
- [Weaknesses](tvm-weaknesses.md)
|
- [Weaknesses](tvm-weaknesses.md)
|
||||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||||
|
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||||
|
|||||||
Reference in New Issue
Block a user