deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'atp-phase2' of https://cpubwin.visualstudio.com/_git/it-client into atp-phase2

Browse Source
This commit is contained in:
Joey Caparas
2018-08-14 15:43:47 -07:00
parent 7ae158167e 4f79b21e82
commit 46bd000a13
85 changed files with 5254 additions and 4561 deletions
Download Patch File Download Diff File Expand all files Collapse all files

595
windows/security/threat-protection/TOC.md
View File

@ -3,54 +3,67 @@
## [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)
### [Overview](windows-defender-atp/overview.md)
#### [Windows Defender Security Center](windows-defender-atp/use-windows-defender-advanced-threat-protection.md)
#### [Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)
##### [Hardware-based isolation](windows-defender-application-guard/wd-app-guard-overview.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
#### [Auto investigation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
#### [Auto investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
#### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
##### [Threat analytics dashboard](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
#### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
#### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)
##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
#### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
#### [Access the Windows Defender Security Center Community Center](windows-defender-atp/community-windows-defender-advanced-threat-protection.md)
### [Get started](get-started.md)
### [Get started](windows-defender-atp/get-started.md)
#### [Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md)
#### [Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md)
#### [Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md)
#### [Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md)
#### [Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md)
#### [Evaluate Windows Defender ATP](evaluate-atp.md)
##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
##### [Exploit protection](windows-defender-exploit-guard\evaluate-exploit-protection.md)
##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Next gen protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
#### [Evaluate Windows Defender ATP](windows-defender-atp/evaluate-atp.md)
#####Evaluate attack surface reduction
###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
### [Configuration and management](onboard.md)
#### [Onboard machines - need to revise this page](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Onboard previous versions of Windows](windows-defender-atp\onboard-downlevel-windows-defender-advanced-threat-protection.md)
##### [Onboard Windows 10 machines](windows-defender-atp\configure-endpoints-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using Group Policy](windows-defender-atp\configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using System Center Configuration Manager](windows-defender-atp\configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using Mobile Device Management tools](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
### [Onboard machines, configure, and manage capabilities](windows-defender-atp/onboard.md)
#### [Onboard machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Onboard previous versions of Windows](windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md)
##### [Onboard Windows 10 machines](windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using Group Policy](windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using System Center Configuration Manager](windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
###### [Onboard machines using Mobile Device Management tools](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
####### [Onboard machines using Microsoft Intune](windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#onboard-machines-using-microsoft-intune)
###### [Onboard machines using a local script](windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md)
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
##### [Onboard servers](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
##### [Onboard non-Windows machines](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
##### [Run a detection test on a newly onboarded machine](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
##### [Run simulated attacks on machines](windows-defender-atp\attack-simulations-windows-defender-advanced-threat-protection.md)
##### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot subscription and portal access issues](windows-defender-atp\troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
##### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
##### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
##### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
##### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
##### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
####[Configure attack surface reduction](configure-attack-surface-reduction.md)
#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md)
##### [Hardware-based isolation](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control-deployment-guide.md)
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
@ -61,294 +74,252 @@
#### [Configure next generation protection](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
##### [Next generation protection in Windows Server](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
##### [Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
###### [Use limited periodic scanning](windows-defender-antivirus\limited-periodic-scanning-windows-defender-antivirus.md)
##### [Deploy next generation protection](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
###### [Deploy and enable next generation protection](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
###### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
##### [Report on next generation protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
##### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
###### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
###### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
###### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
###### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
##### [Manage scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus\configure-process-opened-file-exclusions-windows-defender-antivirus.md)
####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus\configure-server-exclusions-windows-defender-antivirus.md)
###### [Configure scanning options](windows-defender-antivirus\configure-advanced-scan-types-windows-defender-antivirus.md)
###### [Configure remediation for scans](windows-defender-antivirus\configure-remediation-windows-defender-antivirus.md)
###### [Configure scheduled scans](windows-defender-antivirus\scheduled-catch-up-scans-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
###### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus\windows-defender-offline.md)
###### [Restore quarantined files](windows-defender-antivirus\restore-quarantined-files-windows-defender-antivirus.md)
##### [Manage next generation protection in your business](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage endpoint detection and response capabilities](windows-defender-atp/manage-edr.md)
#####Alerts queue
###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
#####Machines list
###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
#### [Configure AutoIR - needs new content, u can configure through the portal settings + link to the settings page](configure3.md)
##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
#### [Manage auto investigation and remediation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
#### [Configure Security score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
#### [Management and APIs](windows-defender-atp/management-apis.md)
##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
#######Actor
######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
#######Alerts
######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
########Domain
######### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
#######File
######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
#######IP
######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
#######Machines
######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
#######User
######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
#####Reporting
###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
#### [Windows Defender Security Center settings](windows-defender-atp\preferences-setup-windows-defender-advanced-threat-protection.md)
#####General
###### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
###### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
###### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
###### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md)
###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
###### [Enable Secure score security controls](windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md)
###### [Configure advanced features](windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md)
##### Permissions
###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
###### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
#####APIs
###### [Enable Threat intel](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
#####Rules
###### [Manage suppression rules](windows-defender-atp\manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp\manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp\manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp\manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
#####Machine management
###### [Onboarding machines](windows-defender-atp\onboard-configure-windows-defender-advanced-threat-protection.md)
###### [Offboarding machines](windows-defender-atp\offboard-machines-windows-defender-advanced-threat-protection.md)
###### [Onboarding machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
###### [Offboarding machines](windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md)
##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp\time-settings-windows-defender-advanced-threat-protection.md)
##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP](windows-defender-atp/troubleshoot-wdatp.md)
#### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
### [Windows Defender Security Center](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
#### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
#### [View the Security operations dashboard - consdier moving to the relevant pillar](windows-defender-atp\security-operations-dashboard-windows-defender-advanced-threat-protection.md)
####Troubleshoot sensor state
##### [Check sensor state](windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md)
##### [Fix unhealthy sensors](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
##### [Inactive machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
##### [Misconfigured machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
##### [Review events and errors on machines with Event Viewer](windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md)
#### [Access the Windows Defender Security Center Community Center](windows-defender-atp\community-windows-defender-advanced-threat-protection.md)
#### [Configure next gen protection features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
###### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
###### [Specify the cloud-delivered protection level](windows-defender-antivirus\specify-cloud-protection-level-windows-defender-antivirus.md)
###### [Configure and validate network connections](windows-defender-antivirus\configure-network-connections-windows-defender-antivirus.md)
###### [Enable the Block at First Sight feature](windows-defender-antivirus\configure-block-at-first-sight-windows-defender-antivirus.md)
###### [Configure the cloud block timeout period](windows-defender-antivirus\configure-cloud-block-timeout-period-windows-defender-antivirus.md)
##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus\configure-protection-features-windows-defender-antivirus.md)
###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus\detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus\configure-real-time-protection-windows-defender-antivirus.md)
### [Endpoint detection and response](edr.md)
####Alerts queue
##### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
##### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
####Machines list
##### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
##### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
##### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
###### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
###### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
###### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
#### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
##### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
###### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
###### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
###### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
###### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
###### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
##### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
###### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
###### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
###### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
###### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
### [Automatic investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
###Security posture
#### [Secure posture - Evald](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
#### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
### [Management and APIs](management-apis.md)
#### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
##### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
##### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
#### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
######Actor
####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
######Alerts
####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
#######Domain
######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
######File
####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
######IP
####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
######Machines
####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
######User
####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
#### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
##### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
##### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
##### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
#### [Reporting](reporting.md)
##### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
#### [Permissions](permissions.md)
##### [Manage portal access using RBAC](windows-defender-atp\rbac-windows-defender-advanced-threat-protection.md)
##### [Create and manage machine groups](windows-defender-atp\machine-groups-windows-defender-advanced-threat-protection.md)
### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](integration.md)
#### [Protect users, data, and devices with conditional access](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
###Troubleshoot Windows Defender ATP
#### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
####Troubleshoot sensor state - Ask Heike name of sensor
##### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
##### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
##### [Inactive machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
##### [Misconfigured machines](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
##### [Review events and errors on machines with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
##### [Check service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md)
##### [Check service health](windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md)
####Troubleshoot attack surface reduction
##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
@ -357,40 +328,24 @@
#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
## More Windows 10 security
### [The Windows Security app](windows-defender-security-center/windows-defender-security-center.md)
#### [Customize the Windows Security app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
#### [Hide Windows Security app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
#### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
#### [Manage Windows Security app in Windows 10 in S mode](windows-defender-security-center/wdsc-windows-10-in-s-mode.md)
#### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
#### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
#### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
#### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
#### [Device security](windows-defender-security-center\wdsc-device-security.md)
#### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
#### [Family options](windows-defender-security-center\wdsc-family-options.md)
#### [Account protection](windows-defender-security-center/wdsc-account-protection.md)
#### [Firewall and network protection](windows-defender-security-center/wdsc-firewall-network-protection.md)
#### [App and browser control](windows-defender-security-center/wdsc-app-browser-control.md)
#### [Device security](windows-defender-security-center/wdsc-device-security.md)
#### [Device performance and health](windows-defender-security-center/wdsc-device-performance-health.md)
#### [Family options](windows-defender-security-center/wdsc-family-options.md)
### [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
#### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
#### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
### [SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
#### [SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md)
#### [Set up and use SmartScreen on individual devices](windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md)
### [Windows Defender Device Guard: virtualization-based security and WDAC](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
@ -950,4 +905,4 @@
### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
## [Change history for Threat protection](change-history-for-windows-defender-atp.md)
## [Change history for Threat protection](change-history-for-threat-protection.md)

1
windows/security/threat-protection/change-history-for-windows-defender-atp.md → windows/security/threat-protection/change-history-for-threat-protection.md
View File

@ -17,3 +17,4 @@ This topic lists new and updated topics in the [Windows Defender ATP](windows-de
New or changed topic | Description
---------------------|------------
[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md) | Reorganized Windows 10 security topics to reflect the Windows Defender ATP platform.

0
windows/security/threat-protection/configure2.md
View File

31
windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender Device Guard - virtualization-based security and code integrity policies (Windows 10)
description: Microsoft Windows Defender Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating systems security.
title: Windows Defender Application Control Configurable Code Integrity and Virtualization-based security (Windows 10)
description: Microsoft Windows 10 has a feature set that consists of both hardware and software system integrity hardening capabilites that revolutionize the Windows operating systems security.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy
@ -9,36 +9,37 @@ author: mdsakibMSFT
ms.date: 04/19/2018
---
# Windows Defender Device Guard: virtualization-based security and Windows Defender Application Control
# Windows Defender Application Control Configurable Code Integrity and Virtualization-based security (aka Windows Defender Device Guard)
**Applies to**
- Windows 10
- Windows Server 2016
With Windows 10, we introduced Windows Defender Device Guard, a set of hardware and OS technologies that, when configured together, allow enterprises to lock down Windows systems so they operate with many of the properties of mobile devices.
In this configuration, Device Guard restricts devices to only run authorized apps by using a feature called configurable code integrity (CI), while simultaneously hardening the OS against kernel memory attacks through the use of virtualization-based protection of code integrity (more specifically, HVCI).
Windows 10 includes a set of hardware and OS technologies that, when configured together, allow enterprises to "lock down" Windows systems so they operate with many of the properties of mobile devices. In this configuration, specific technologies work together to restrict devices to only run authorized apps by using a feature called configurable code integrity (CI), while simultaneously hardening the OS against kernel memory attacks through the use of virtualization-based protection of code integrity (more specifically, HVCI).
Configurable CI has these advantages over other solutions:
Configurable CI and HVCI are very powerful protections that can be used separately. However, when these two technologies are configured to work together, they present a very strong protection capability for Windows 10 devices. Starting with the Windows 10 Anniversary Update (1607), this combined "configuration state" of Configurable CI and HVCI has been referred to as Windows Defender Device Guard.
Using Configurable CI to restrict devices to only autherized apps has these advantages over other solutions:
1. Configurable CI policy is enforced by the Windows kernel itself. As such, the policy takes effect early in the boot sequence before nearly all other OS code and before traditional antivirus solutions run.
2. Configurable CI allows customers to set application control policy not only over code running in user mode, but also kernel mode hardware and software drivers and even code that runs as part of Windows.
3. Customers can protect the configurable CI policy even from local administrator tampering by digitally signing the policy. Then changing the policy requires administrative privilege and access to the organizations digital signing process, making it extremely difficult for an attacker or malware that managed to gain administrative privilege to alter the application control policy.
3. Customers can protect the configurable CI policy even from local administrator tampering by digitally signing the policy. This would mean that changing the policy would require both administrative privilege and access to the organizations digital signing process, making it extremely difficult for an attacker with administrative privledge, or malicious software that managed to gain administrative privilege, to alter the application control policy.
4. The entire configurable CI enforcement mechanism can be protected by HVCI, where even if a vulnerability exists in kernel mode code, the likelihood that an attacker could successfully exploit it is significantly diminished. Why is this relevant? Thats because an attacker that compromises the kernel would otherwise have enough privilege to disable most system defenses and override the application control policies enforced by configurable CI or any other application control solution.
## (Re-)Introducing Windows Defender Application Control
When we originally designed Device Guard it was built with a specific security promise in mind. Although there were no direct dependencies between its two main OS features, configurable CI and HVCI, we intentionally focused our marketing story around the Device Guard lockdown state you achieve when deploying them together.
When we originally designed the configuration state that we have referred to as Windows Defender Device Guard, we did so with a specific security promise in mind. Although there were no direct dependencies between the two main OS features of the Device Guard configuration, configurable CI and HVCI, we intentionally focused our discussion around the Device Guard lockdown state you achieve when deploying them together.
However, this unintentionally left an impression for many customers that the two features were inexorably linked and could not be deployed separately.
And given that HVCI relies on the Windows virtualization-based security, it comes with additional hardware, firmware, and kernel driver compatibility requirements that some older systems cant meet.
However, the use of the term Device Guard to describe this configuration state has unintentionally left an impression for many IT professionals that the two features were inexorably linked and could not be deployed separately.
Additionally, given that HVCI relies on Windows virtualization-based security, it comes with additional hardware, firmware, and kernel driver compatibility requirements that some older systems cant meet.
As a result, many customers assumed that they couldnt use configurable CI either.
But configurable CI carries no specific hardware or software requirements other than running Windows 10, which means many customers were wrongly denied the benefits of this powerful application control capability.
As a result, many IT Professionals assumed that because some systems couldn't use HVCI, they couldnt use configurable CI either.
But configurable CI carries no specific hardware or software requirements other than running Windows 10, which means many IT professionals were wrongly denied the benefits of this powerful application control capability.
Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. So we are promoting configurable CI within our security stack and giving it a name of its own: [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control).
We hope this branding change will help us better communicate options for adopting application control within an organization.
Since the initial release of Windows 10, the world has witnessed numerous hacking and malware attacks where application control alone could have prevented the attack altogether. With this in mind, we are discussing and documenting configurable CI as a independent technology within our security stack and giving it a name of its own: [Windows Defender Application Control](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control).
We hope this change will help us better communicate options for adopting application control within an organization.
Does this mean Windows Defender Device Guard is going away? Not at all. Device Guard will continue to exist as a way to describe the fully locked down state achieved through the use of Windows Defender Application Control (WDAC), HVCI, and hardware and firmware security features. It also allows us to work with our OEM partners to identify specifications for devices that are “Device Guard capable” so that our joint customers can easily purchase devices that meet all of the hardware and firmware requirements of the original Device Guard scenario.
Does this mean Windows Defender Device Guard configuration state is going away? Not at all. The term Device Guard will continue to be used as a way to describe the fully locked down state achieved through the use of Windows Defender Application Control (WDAC), HVCI, and hardware and firmware security features. It also allows us to work with our OEM partners to identify specifications for devices that are “Device Guard capable” so that our joint customers can easily purchase devices that meet all of the hardware and firmware requirements of the original "Device Guard" locked down scenario for Windows 10 based devices.
## Related topics

0
windows/security/threat-protection/edr.md
View File

51
windows/security/threat-protection/evaluate-atp.md
View File

@ -1,51 +0,0 @@
---
title: Evaluate Windows Defender Advanced Threat Protection
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 08/10/2018
---
# Evaluate Windows Defender ATP capabilities
Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
You can evaluate Windows Defender Advanced Threat Protection in your organization by [Starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
You can also evaluate the different security capabilities in Windows Defender ATP by using the following instructions.
## Evaluate attack surface reduction
These capabilities help prevent attacks and exploitations from infecting your organization.
- [Evaluate attack surface reduction](./windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
- [Evaluate exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
- [Evaluate network protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
- [Evaluate controlled folder access](evaluate-controlled-folder-access.md)
- [Evaluate application guard](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
- [Evaluate network firewall](windows-firewall\evaluating-windows-firewall-with-advanced-security-design-examples.md)
## Evaluate next generation protection
Next gen protections help detect and block the latest threats.
- [Evaluate antivirus](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
## Endpoint detection and response
- [Learn about the alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
- [Learn about the machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
- [Learn how to take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
## Auto investigation
- [Learn about automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
## Security posture
- [Learn about improving your security posture](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
## Advanced hunting
- [Learn how to build your own advanced hunting queries](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
## See Also
[Get started with Windows Defender Advanced Threat Protection](get-started.md)

BIN
windows/security/threat-protection/images/AR_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

BIN
windows/security/threat-protection/images/ASR_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

BIN
windows/security/threat-protection/images/EDR_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.0 KiB

BIN
windows/security/threat-protection/images/NGP_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
windows/security/threat-protection/images/SS_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.7 KiB

BIN
windows/security/threat-protection/images/WDATP_pillars3.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 91 KiB

54
windows/security/threat-protection/index.md
View File

File diff suppressed because one or more lines are too long

29
windows/security/threat-protection/integration.md
View File

@ -1,29 +0,0 @@
---
title:
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 07/01/2018
---
# TO do: Tomer, Alon, or Raviv
These are all the products that WDATP integrates with then link to their documentation.
Have links to the different configuration settings and put links there.
Micorosft works better togegerthr
when you integrate ms products you get btter protection
here's the list of products that work well with WDATP.
for each one, have a line or two.

32
windows/security/threat-protection/onboard.md
View File

@ -1,32 +0,0 @@
---
title: Configure and manage Windows Defender ATP capabilities
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 07/01/2018
---
# Onboard, configure, and manage Windows Defender ATP capabilities
Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization.
## In this section
Topic | Description
:---|:---
[Onboard machines to Windows Defender Security Center](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection) | Onboard machines to the platform.
[Configure attack surface reduction capabilities](windows-defender-atp/configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
[Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
[Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md) | Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
[Manage auto investigation and remediation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md) | Learn how you can manage and view the details of an automated investigation.
[Configure the security controls in Secure score](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.

0
windows/security/threat-protection/permissions.md
View File

0
windows/security/threat-protection/reporting.md
View File

23
windows/security/threat-protection/securityposture.md
View File

@ -1,23 +0,0 @@
---
title: Security posture
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/12/2018
---
## Security posture
This capability provides tailored insight on the current security state of your organization. Leverage the various insights within this capability to assess the security posture of your organization, see where attention is required, and apply the recommended action to contain attacks, increase your organizational resilience, and prevent specific threats.
## In this section
[Secure score](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)| Expand your visibility into the overall security posture of your organization.
[Threat analytics](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) | Assess the organizational impact of emerging threats and take the recommended actions to contain attacks, increase your organizational resilience, and prevent specific threats.

18
windows/security/threat-protection/troubleshoot-sense.md
View File

@ -1,18 +0,0 @@
---
title:
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 07/01/2018
---
# TO do: Heike
What do you want to call sense

0
windows/security/threat-protection/troubleshoot.md
View File

2
windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
View File

@ -18,7 +18,7 @@ ms.date: 05/03/2018
- Windows 10
- Windows Server 2016
When WDAC policies are run in audit mode, it allows administrators to discover any applications that were missed during an initial policy scan and to identify any new applications that have been installed and run since the original policy was created. While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. When these logged binaries have been validated, they can easily be added to a new WDAC policy. When the new exception policy is created, you can merge it with your existing WDAC policies.
Running Appication Control in audit mode allows administrators to discover any applications that were missed during an initial policy scan and to identify any new applications that have been installed and run since the original policy was created. While a WDAC policy is running in audit mode, any binary that runs and would have been denied had the policy been enforced is logged in the **Applications and Services Logs\\Microsoft\\Windows\\CodeIntegrity\\Operational** event log. When these logged binaries have been validated, they can easily be added to a new WDAC policy. When the new exception policy is created, you can merge it with your existing WDAC policies.
Before you begin this process, you need to create a WDAC policy binary file. If you have not already done so, see [Create an initial Windows Defender Application Control policy from a reference computer](#create-initial-default-policy).

5
windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -12,15 +12,14 @@ ms.date: 10/19/2017
# Configure Windows Defender Application Guard policy settings
**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
Windows Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a GPO, which is linked to a domain, and then apply all those settings to every computer in the domain.
Application Guard uses both network isolation and application-specific settings.
### Network isolation settings
**Applies to:**
- Windows 10 Enterpise edition, version 1709 or higher
These settings, located at **Computer Configuration\Administrative Templates\Network\Network Isolation**, help you define and manage your company's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
>[!NOTE]

4
windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
View File

@ -12,9 +12,7 @@ ms.date: 11/07/2017
# Frequently asked questions - Windows Defender Application Guard
**Applies to:**
- Windows 10 Enterpise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803
**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
Answering frequently asked questions about Windows Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration.

4
windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
View File

@ -12,9 +12,7 @@ ms.date: 11/09/2017
# System requirements for Windows Defender Application Guard
**Applies to:**
- Windows 10 Enterprise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803
**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.

11
windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
View File

@ -10,13 +10,14 @@ ms.author: justinha
ms.date: 10/19/2017
---
# Testing scenarios using Windows Defender Application Guard in your business or organization
# Application testing scenarios for hardware-based isolation
We've come up with a list of suggested testing scenarios that you can use to test Windows Defender Application Guard (Application Guard) in your organization.
**Applies to:**
- Windows 10 Enterpise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803
**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
## Application Guard in standalone mode
You can see how an employee would use standalone mode with Application Guard.

4
windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
View File

@ -12,9 +12,7 @@ ms.date: 07/09/2018
# Windows Defender Application Guard overview
**Applies to:**
- Windows 10 Enterprise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803
**Applies to:** Windows Defender Advanced Threat Protection (Windows Defender ATP)
Windows Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete.

372
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -1,7 +1,7 @@
# [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)
## [Overview](overview-attack-surface-reduction.md)
## [Overview](overview.md)
### [Attack surface reduction](overview-attack-surface-reduction.md)
#### [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
@ -12,158 +12,17 @@
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
### [Endpoint detection and response](overview-endpoint-detection-response.md)
### [Auto investigation](../windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
### [Security posture]()
### [Advanced hunting]()
### [Management and APIs]()
### [Microsoft threat protection]()
### [Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)
#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
#### [View the Security operations dashboard - consdier moving to the relevant pillar](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
#### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
### [Endpoint detection and response - Tomer B.](../edr.md)
####Alerts queue
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
####Machines list
##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
### [Automatic investigation and remediation - Benny](automated-investigations-windows-defender-advanced-threat-protection.md)
###Security posture
#### [Secure posture - Evald](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
#### [View the Threat analytics dashboard and take recommended mitigation actions - Evald](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
### [Management and APIs](../management-apis.md)
#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
######Actor
####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
######Alerts
####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
#######Domain
######## [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
######File
####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
######IP
####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
######Machines
####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
######User
####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
#### [Reporting](../reporting.md)
##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
#### [Permissions](../permissions.md)
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
### [Microsoft threat protection - Heike or Raviv or Alon - need to make new page - put anchors inside for each integ](../integration.md)
#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
### [Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md)
### [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
#### [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
### [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)
### [Microsoft threat protection](threat-protection-integration.md)
#### [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
### [Access the Windows Defender Security Center Community Center](community-windows-defender-advanced-threat-protection.md)
## [Get started](../get-started.md)
## [Get started](get-started.md)
### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md)
### [Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md)
@ -171,19 +30,20 @@
### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
### [Evaluate Windows Defender ATP](../evaluate-atp.md)
#### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
#### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
#### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
#### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
#### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
#### [Attack surface reduction controls](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
#### [Evaluate Windows Defender Antivirus protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
### [Evaluate Windows Defender ATP](evaluate-atp.md)
####Evaluate attack surface reduction
##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
##### [Attack surface reduction controls](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
#### [Next gen protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
## [Onboard and configure machines to Windows Defender ATP](../onboard.md)
### [Onboard machines - need to revise this page](onboard-configure-windows-defender-advanced-threat-protection.md)
## [Onboard machines, configure, and manage capabilities](onboard.md)
### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
#### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
#### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
##### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
@ -201,7 +61,40 @@
##### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
###[Configure attack surface reduction](../configure-attack-surface-reduction.md)
### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
####General
##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
####Permissions
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
####APIs
##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
#### [Hardware-based isolation](../windows-defender-application-guard/install-wd-app-guard.md)
##### [Group Policy settings](../windows-defender-application-guard/configure-wd-app-guard.md)
#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
@ -264,36 +157,138 @@
##### [Use PowerShell cmdlets to configure and manage Windows Defender AV](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
### [Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
####General
##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
### [Manage endpoint detection and response capabilities](manage-edr.md)
####Alerts queue
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
####Machines list
##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
####APIs
##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
### [Manage automatic investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
### [Configure Security score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
### [Management and APIs](management-apis.md)
#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
######Actor
####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
######Alerts
####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
#######Domain
######## [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
######File
####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
######IP
####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
######Machines
####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
######User
####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
####Reporting
##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
@ -304,7 +299,7 @@
#### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
#### [Check service health](service-status-windows-defender-advanced-threat-protection.md)
###Troubleshoot attack surface reduction
@ -324,8 +319,3 @@

9
windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
View File

@ -15,12 +15,6 @@ ms.date: 05/21/2018
# Use Automated investigations to investigate and remediate threats
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)
The Windows Defender ATP service has a wide breadth of visibility on multiple machines. With this kind of optics, the service generates a multitude of alerts. The volume of alerts generated can be challenging for a typical security operations team to individually address.
@ -78,6 +72,9 @@ The default machine group is configured for semi-automatic remediation. This mea
When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
## Related topic
- [Manage automated investigations](manage-auto-investigation-windows-defender-advanced-threat-protection.md)

23
windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
View File

@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: mjcaparas
ms.localizationpriority: medium
ms.date: 07/30/2018
ms.localizationpriority: high
ms.date: 08/08/2018
---
# Onboard servers to the Windows Defender ATP service
@ -36,12 +36,23 @@ The service supports the onboarding of the following servers:
To onboard your servers to Windows Defender ATP, youll need to:
- For Windows Server 2012 R2: Configure and update System Center Endpoint Protection clients.
- Turn on server monitoring from the Windows Defender Security Center portal.
- If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
>[!TIP]
> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
### Configure and update System Center Endpoint Protection clients
>[!IMPORTANT]
>This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2.
Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
The following steps are required to enable this integration:
- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie)
- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting
### Turn on Server monitoring from the Windows Defender Security Center portal
@ -89,11 +100,9 @@ Agent Resource | Ports
## Onboard Windows Server, version 1803
Youll be able to onboard in the same method available for Windows 10 client machines. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). Support for Windows Server, version 1803 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
1. Install the latest Windows Server Insider build on a machine. For more information, see [Windows Server Insider Preview](https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver).
1. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
2. Configure Windows Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md).
3. If youre running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
2. If youre running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly:
a. Set the following registry entry:
- Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection`
@ -108,7 +117,7 @@ Youll be able to onboard in the same method available for Windows 10 client m
![Image of passive mode verification result](images/atp-verify-passive-mode.png)
4. Run the following command to check if Windows Defender AV is installed:
3. Run the following command to check if Windows Defender AV is installed:
```sc query Windefend```

38
windows/security/threat-protection/windows-defender-atp/evaluate-atp.md Normal file
View File

@ -0,0 +1,38 @@
---
title: Evaluate Windows Defender Advanced Threat Protection
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 08/10/2018
---
# Evaluate Windows Defender ATP
Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.
You can evaluate Windows Defender Advanced Threat Protection in your organization by [Starting your free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp)
You can also evaluate the different security capabilities in Windows Defender ATP by using the following instructions.
## Evaluate attack surface reduction
These capabilities help prevent attacks and exploitations from infecting your organization.
- [Evaluate attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
- [Evaluate exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
- [Evaluate network protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
- [Evaluate controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
- [Evaluate application guard](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
- [Evaluate network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
## Evaluate next generation protection
Next gen protections help detect and block the latest threats.
- [Evaluate antivirus](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
## See Also
[Get started with Windows Defender Advanced Threat Protection](get-started.md)

19
windows/security/threat-protection/get-started.md → windows/security/threat-protection/windows-defender-atp/get-started.md
View File

@ -34,22 +34,21 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D
Windows Defender ATP provides a security posture capability to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security state of your network.
**Advanced hunting**<br>
Advanced hunting allows you to hunt for possible threats across your organization using a powerful search and query tool. You can also create custom detection rules based on the queries you created and surface alerts in Windows Defender Security Center.
**Management and APIs**<br>
Integrate Windows Defender Advanced Threat Protection into your existing workflows.
**Microsoft threat protection**<br>
Bring the power of Microsoft threat protection to your organization.
## In this section
Topic | Description
:---|:---
[Minimum requirements](windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform.
[Validate licensing and complete setup](windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
[Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) | Address issues that might surface when setting up the Windows Defender ATP service and capabilities.
[Preview features](windows-defender-atp/preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
[Data storage and privacy](windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
[Assign user access to the portal](windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
[Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | Learn about the requirements for onboarding machines to the platform.
[Validate licensing and complete setup](licensing-windows-defender-advanced-threat-protection.md) | Get guidance on how to check that licenses have been provisioned to your organization and how to access the portal for the first time.
[Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md) | Address issues that might surface when setting up the Windows Defender ATP service and capabilities.
[Preview features](preview-windows-defender-advanced-threat-protection.md) | Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
[Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) | Explains the data storage and privacy details related to Windows Defender ATP.
[Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) | Set permissions to manage who can access the portal. You can set basic permissions or set granular permissions using role-based access control (RBAC).
[Evaluate Windows Defender ATP](evaluate-atp.md) | Evaluate the various capabilities in Windows Defender ATP and test features out.

27
windows/security/threat-protection/windows-defender-atp/manage-edr.md Normal file
View File

@ -0,0 +1,27 @@
---
title: Manage endpoint detection and response capabilities
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 07/01/2018
---
# Manage endpoint detection and response capabilities
Manage the alerts queue, investigate machines in the machines list, take response actions, and hunt for possible threats in your organization using advanced hunting.
## In this section
Topic | Description
:---|:---
[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Windows Defender Security Center.
[Machines list](machines-list-endpoint-detection-response.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts.
[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
[Query data using advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)| Pr actively hunt for possible threats across your organization using a powerful search and query tool.

0
windows/security/threat-protection/management-apis.md → windows/security/threat-protection/windows-defender-atp/management-apis.md
View File

33
windows/security/threat-protection/windows-defender-atp/onboard.md Normal file
View File

@ -0,0 +1,33 @@
---
title: Configure and manage Windows Defender ATP capabilities
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 07/01/2018
---
# Onboard, configure, and manage Windows Defender ATP capabilities
Configure and manage all the Windows Defender ATP capabilities to get the best security protection for your organization.
## In this section
Topic | Description
:---|:---
[Onboard machines to Windows Defender Security Center](onboard-configure-windows-defender-advanced-threat-protection.md) | Onboard machines to the platform.
[Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md) | Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
[Manage endpoint detection and response capabilities](manage-edr.md)| Manage the alerts queue, investigate machines in the machines list, take response actions, and hunt for possible threats in your organization using advanced hunting.
[Manage auto investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md) | Learn how you can manage and view the details of an automated investigation.
[Configure the security controls in Secure score](secure-score-dashboard-windows-defender-advanced-threat-protection.md) | Configure the security controls in Secure score to increase the security posture of your organization.

7
windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
View File

@ -24,11 +24,6 @@ The platform provides various ways for you to investigate an incident and allows
The response capabilities gives you the power to promptly remediate threats by taking action on the affected entities.
## In this section
[Alerts queue](alerts-queue-endpoint-detection-response.md)| View the alerts surfaced in Windows Defender Security Center.
[Machines list](machines-list-endpoint-detection-response.md) | Learn how you can view and manage the machines list, manage machine groups, and investigate machine related alerts.
[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take response actions on machines and files to quickly respond to detected attacks and contain threats.
[Query data using advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)| Pr actively hunt for possible threats across your organization using a powerful search and query tool.

5
windows/security/threat-protection/windows-defender-atp/overview.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: high
ms.date: 07/01/2018
---
# Overview of Windows Defender ATP
# Overview of Windows Defender ATP capabilities
Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform.
@ -25,8 +25,9 @@ Topic | Description
[Attack surface reduction](overview-attack-surface-reduction.md) | Leverage the attack surface reduction capabilities to protect the perimeter of your organization.
[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Windows Defender ATP so you can protect desktops, portable computers, and servers.
[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Windows Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
[Auto investigation]() | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md) | In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md) | Use a powerful search and query language to create custom queries and detection rules.

7
windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
View File

@ -14,13 +14,6 @@ ms.date: 04/24/2018
---
# Configure Windows Defender Security Center settings
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink)
Use the **Settings** menu to modify general settings, advanced features, enable the preview experience, email notifications, and the custom threat intelligence feature.

16
windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
---
title: Windows Defender Advanced Threat Protection Security operations dashboard
description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
title: Windows Defender Security Center Security operations dashboard
description: Use the dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -13,18 +13,14 @@ ms.localizationpriority: medium
ms.date: 04/24/2018
---
# View the Windows Defender Advanced Threat Protection Security operations dashboard
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
# Windows Defender Security Center Security operations dashboard
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink)
The **Security operations dashboard** displays a snapshot of:
The **Security operations dashboard** is where the endpoint detection and response capabilities are surfaced. It provides a high level overview of where detections were seen and highlights where response actions are needed.
The dashboard displays a snapshot of:
- The latest active alerts on your network
- Machines at risk

8
windows/security/threat-protection/windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md
View File

@ -14,13 +14,7 @@ ms.date: 03/06/2018
---
# Threat analytics for Spectre and Meltdown
**Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
The **Threat analytics** dashboard provides insight on how emerging threats affect your organization. It provides information that's specific for your organization.
[Spectre and Meltdown](https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/) is a new class of exploits that take advantage of critical vulnerabilities in the CPU processors, allowing attackers running user-level, non-admin code to steal data from kernel memory. These exploits can potentially allow arbitrary non-admin code running on a host machine to harvest sensitive data belonging to other apps or system processes, including apps on guest VMs.

29
windows/security/threat-protection/windows-defender-atp/threat-protection-integration.md Normal file
View File

@ -0,0 +1,29 @@
---
title: Microsoft threat protection
description:
keywords:
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/12/2018
---
# Microsoft threat protection
Heike or Raviv or Alon - need to make new page - put anchors inside for each integ
Micorosft security products work better together. When you integrate Microsoft products you get better protection.
These are all the products that Windows Defender Advanced Threat Protection integrates with:
Have links to the different configuration settings and put links there.

13
windows/security/threat-protection/windows-defender-atp/troubleshoot-wdatp.md
View File

@ -13,11 +13,16 @@ ms.localizationpriority: high
ms.date: 09/12/2018
---
# Troubleshoot Windows Defender Advanced Threat Protection capabilities
# Troubleshoot Windows Defender Advanced Threat Protection
Troubleshoot issues that might arise as you use Windows Defender Secur.
Troubleshoot issues that might arise as you use Windows Defender ATP capabilities.
## In this section
Topic | Description
:---|:---
Troubleshoot sensor state | Find solutions for issues related to the Windows Defender ATP sensor
Troubleshoot service issues | Fix issues related to the Windows Defender Advanced Threat service
Review events and errors on machines | Use Event viewer to view events and errors on machines
Troubleshoot attack surface reduction | Fix issues related to network protection and attack surface reduction rules
Troubleshoot next generation protection | If you encounter a problem with antivirus, you can search the tables in this topic to find a matching issue and potential solution
[Troubleshoot Windows Defender Security Center](troubleshoot-windows-defender-advanced-threat-protection.md)| Find solutions to issues related to Windows Defender Security Center.
[

13
windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md
View File

@ -29,16 +29,9 @@ The Windows Defender ATP platform is where all the capabilities that are availab
Topic | Description
:---|:---
[Get started](../get-started.md) | Learn about the requirements of the platform and the initial steps you need to take to get started with Windows Defender ATP.
[Onboard and configure machines to Windows Defender ATP](../onboard.md)| Onboard to the sensor, configure the individual capabilities in Windows Defender ATP.
[Windows Defender Security Center](use-windows-defender-advanced-threat-protection.md)| Understand how to use the Windows Defender Security Center portal and the capabilities you can leverage to better protect your organization.
[Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) | Leverage the intrusion prevention capabilities such as application control, exploit protection, and others to manage and reduce the attack surface of your organization.
[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus, machine learning, and other capabilities to further reinforce the security perimeter of your organization.
[Endpoint detection and response](../edr.md)| Detect, investigate, and respond to advanced threats that may have made it past the first two security pillars using the endpoint detection and response capabilities.
[Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md)| Reduce the volume of alerts that need to be investigated individually by leveraging the auto investigation capability.
[Security posture](../securityposture.md)| Assess the security posture of your organization, see where attention is required, and apply the recommended action to contain attacks, increase your organizational resilience, and prevent specific threats.
[Management and APIs]() | Learn about the tools you can use to manage, integrate with, such as APIs, SIEM connectors, reporting, and others.
[Microsoft threat protection](../integration.md)| The platform is designed to integrate well with other Microsoft products. Learn about how you can maximize other Microsoft security offerings to further expand your security coverage.
[Overview](overview.md) | Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform.
[Get started](get-started.md) | Learn about the requirements of the platform and the initial steps you need to take to get started with Windows Defender ATP.
[Onboard machines, configure, and manage Windows Defender ATP capabilities](onboard.md)| Onboard machines to the sensor, then configure and manage the individual capabilities in Windows Defender ATP.
[Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md) | Learn how to address issues that you might encounter while using the platform.
## Related topic

8
windows/security/threat-protection/configure3.md → windows/security/threat-protection/windows-defender-atp/windows-defender-security-center-permissions.md
View File

@ -1,5 +1,5 @@
---
title:
title: Windows Defender Security Center access permission
description:
keywords:
search.product: eADQiWindows 10XVcnh
@ -10,9 +10,9 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 07/01/2018
ms.date: 05/21/2018
---
# TO do: Benny and joey to write this topic
# Windows Defender Security Center access permission
You can configure it through the portal, see Settings
Manage portal access using RBAC as well as machine groups.