diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 1937a2b7c8..7f56e16fcf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -51,7 +51,7 @@ Learn how to deploy Defender for Endpoint for Android on Intune Company Portal - center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add \> Android store app** and choose **Select**. - ![Image of Microsoft Endpoint Manager Admin Center](images/mda-addandroidstoreapp.png) + ![Image of Microsoft Endpoint Manager Admin Center1](images/mda-addandroidstoreapp.png) 2. On the **Add app** page and in the *App Information* section enter: @@ -63,7 +63,7 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> Other fields are optional. Select **Next**. - ![Image of Microsoft Endpoint Manager Admin Center](images/mda-addappinfo.png) + ![Image of Microsoft Endpoint Manager Admin Center2](images/mda-addappinfo.png) 3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Choose **Select** and then **Next**. @@ -71,14 +71,14 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> >The selected user group should consist of Intune enrolled users. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/363bf30f7d69a94db578e8af0ddd044b.png) + > ![Image of Microsoft Endpoint Manager Admin Center3](images/363bf30f7d69a94db578e8af0ddd044b.png) 4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page. - ![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png) + ![Image of Microsoft Endpoint Manager Admin Center4](images/86cbe56f88bb6e93e9c63303397fc24f.png) 5. In the app information page that is displayed, in the **Monitor** section, @@ -86,7 +86,7 @@ select **Device install status** to verify that the device installation has completed successfully. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/513cf5d59eaaef5d2b5bc122715b5844.png) + > ![Image of Microsoft Endpoint Manager Admin Center5](images/513cf5d59eaaef5d2b5bc122715b5844.png) ### Complete onboarding and check status @@ -123,14 +123,14 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** and select **Managed Google Play app**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager admin center](images/579ff59f31f599414cedf63051628b2e.png) + > ![Image of Microsoft Endpoint Manager admin center6](images/579ff59f31f599414cedf63051628b2e.png) 2. On your managed Google Play page that loads subsequently, go to the search box and lookup **Microsoft Defender.** Your search should display the Microsoft Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result. - ![Image of Microsoft Endpoint Manager admin center](images/0f79cb37900b57c3e2bb0effad1c19cb.png) + ![Image of Microsoft Endpoint Manager admin center7](images/0f79cb37900b57c3e2bb0effad1c19cb.png) 3. In the App description page that comes up next, you should be able to see app details on Defender for Endpoint. Review the information on the page and then @@ -180,7 +180,7 @@ Defender ATP should be visible in the apps list. 1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**. - ![Image of Microsoft Endpoint Manager admin center](images/android-mem.png) + ![Image of Microsoft Endpoint Manager admin center8](images/android-mem.png) 1. In the **Create app configuration policy** page, enter the following details: @@ -200,19 +200,19 @@ Defender ATP should be visible in the apps list. Then select **OK**. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-create-app-config.png) + > ![Image of create app configuration policy1](images/android-create-app-config.png) 1. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-auto-grant.png) + > ![Image of create app configuration policy2](images/android-auto-grant.png) 1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-select-group.png) + > ![Image of create app configuration policy3](images/android-select-group.png) 1. In the **Review + Create** page that comes up next, review all the information and then select **Create**.
@@ -220,7 +220,7 @@ Defender ATP should be visible in the apps list. The app configuration policy for Defender for Endpoint autogranting the storage permission is now assigned to the selected user group. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-review-create.png) + > ![Image of create app configuration policy4](images/android-review-create.png) 10. Select **Microsoft Defender ATP** app in the list \> **Properties** \> diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 5a8e56a963..b00bc7b148 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -58,11 +58,11 @@ For the Application registration stage, you must have a **Global administrator** - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. - ![Image of API access and API selection](images/add-permission.png) + ![Image of API access and API selection1](images/add-permission.png) - Choose **Application permissions** > **Alert.Read.All** > Click on **Add permissions** - ![Image of API access and API selection](images/application-permissions.png) + ![Image of API access and API selection2](images/application-permissions.png) **Important note**: You need to select the relevant permissions. 'Read All Alerts' is only an example! diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index 54ffcf11fc..3b42fefc66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -31,7 +31,7 @@ Automating security procedures is a standard requirement for every modern Securi Microsoft Defender API has an official Flow Connector with many capabilities. -![Image of edit credentials](images/api-flow-0.png) +![Image of edit credentials1](images/api-flow-0.png) ## Usage example @@ -41,15 +41,15 @@ The following example demonstrates how to create a Flow that is triggered any ti 2. Go to **My flows** > **New** > **Automated-from blank**. - ![Image of edit credentials](images/api-flow-1.png) + ![Image of edit credentials2](images/api-flow-1.png) 3. Choose a name for your Flow, search for "Microsoft Defender ATP Triggers" as the trigger, and then select the new Alerts trigger. - ![Image of edit credentials](images/api-flow-2.png) + ![Image of edit credentials3](images/api-flow-2.png) Now you have a Flow that is triggered every time a new Alert occurs. -![Image of edit credentials](images/api-flow-3.png) +![Image of edit credentials4](images/api-flow-3.png) All you need to do now is choose your next steps. For example, you can isolate the device if the Severity of the Alert is High and send an email about it. @@ -63,7 +63,7 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the 3. Set the **Alert ID** from the last step as **Input**. - ![Image of edit credentials](images/api-flow-4.png) + ![Image of edit credentials5](images/api-flow-4.png) ### Isolate the device if the Alert's severity is High @@ -73,7 +73,7 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the If yes, add the **Microsoft Defender ATP - Isolate machine** action with the Machine ID and a comment. - ![Image of edit credentials](images/api-flow-5.png) + ![Image of edit credentials6](images/api-flow-5.png) 3. Add a new step for emailing about the Alert and the Isolation. There are multiple email connectors that are very easy to use, such as Outlook or Gmail. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index ed503a7088..a0a21d751b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -84,9 +84,9 @@ Field numbers match the numbers in the images below. ![Image of alert details pane with numbers](images/atp-siem-mapping13.png) -![Image of artifact timeline with numbers](images/atp-siem-mapping3.png) +![Image of artifact timeline with numbers1](images/atp-siem-mapping3.png) -![Image of artifact timeline with numbers](images/atp-siem-mapping4.png) +![Image of artifact timeline with numbers2](images/atp-siem-mapping4.png) ![Image machine view](images/atp-mapping6.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 2d20e0d495..851e5a59d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -92,17 +92,17 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a - Click **Edit Credentials** - ![Image of edit credentials](images/power-bi-edit-credentials.png) + ![Image of edit credentials0](images/power-bi-edit-credentials.png) - Select **Organizational account** > **Sign in** - ![Image of set credentials](images/power-bi-set-credentials-organizational.png) + ![Image of set credentials1](images/power-bi-set-credentials-organizational.png) - Enter your credentials and wait to be signed in - Click **Connect** - ![Image of set credentials](images/power-bi-set-credentials-organizational-cont.png) + ![Image of set credentials2](images/power-bi-set-credentials-organizational-cont.png) - Now the results of your query will appear as table and you can start build visualizations on top of it!