deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

troubleshooting

Browse Source
This commit is contained in:
Iaan
2016-05-10 15:27:32 +10:00
parent af13a6cf74
commit 4895227646
2 changed files with 44 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
View File

@ -13,10 +13,12 @@ ms.sitesec: library
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP.
> **Note**&nbsp;&nbsp;This document covers the information specific to the Windows Defender ATP service. Other data shared and stored by Windows Defender and Windows 10 is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See the [Windows 10 privacy FAQ for more information](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq).
## What data does Windows Defender ATP collect?
@ -35,12 +37,12 @@ Microsoft does not mine your data for advertising or for any other purpose other
## Do I have the flexibility to select where to store my data?
Data for this new service is stored in Microsoft Azure datacenters in the United States and European Union based on the geolocation properties subject to the relevant preview program you may be able to specify your preferred geolocation when you onboard to the service. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations in which your data will reside. Microsoft will not transfer the data from the specified geolocation except in specific circumstances during the preview stage.
Data for this new service is stored in Microsoft Azure datacenters in the United States and European Union based on the geolocation properties. Subject to the relevant preview program you may be able to specify your preferred geolocation when you onboard to the service. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations in which your data will reside. Microsoft will not transfer the data from the specified geolocation except in specific circumstances during the preview stage.
## Is my data isolated from other customer data?
Yes. The new cloud service provides appropriate segregation at a number of levels, such as isolation of files, configurations, and telemetry data. Aside from data access authentication, simply keeping different data appropriately segregated provides well-recognized protection.
## How do you prevent malicious insider activities and abuse of high privilege roles?
## How does Microsoft prevent malicious insider activities and abuse of high privilege roles?
Microsoft developers and administrators have, by design, been given sufficient privileges to carry out their assigned duties to operate and evolve the service. Microsoft deploys combinations of preventive, detective, and reactive controls including the following mechanisms to help protect against unauthorized developer and/or administrative activity:
@ -54,11 +56,11 @@ Additionally, Microsoft conducts background verification checks of certain opera
No. Customer data is isolated from other customers and is not shared. However, insights on the data resulting from Microsoft processing, and which dont contain any customer specific data, might be shared with other customers. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
## How long will Microsoft store my data? What is Microsofts data retention policy?
Your data privacy is one of our key commitments for the cloud. For this service, at contract termination or expiration, your data will be erased from Microsofts systems to make it unrecoverable after 90 days from contract termination or expiration.
Your data privacy is one of Microsoft's key commitments for the cloud. For this service, at contract termination or expiration, your data will be erased from Microsofts systems to make it unrecoverable after 90 days (from contract termination or expiration).
## Can Microsoft help us maintain regulatory compliance?
By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service.
Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP has a roadmap for obtaining national, regional and industry-specific certifications, starting with ISO 27001. The service is designed, implemented, and maintained according to the compliance and privacy principles of ISO 27001, as well as Microsofts compliance standards.
By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service.
## Is there a difference between how Microsoft handles data for the preview programs and for General Availability?
Subject to the preview program you are in, you could be asked to choose to store your data in a datacenter either in Europe or United States. Your data will not be copied or moved outside of the datacenter you choose, except in the following specific circumstance:

73
windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -18,8 +18,9 @@ author: mjcaparas
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You might need to troubleshoot the onboarding process if you encounter issues.
This page provides detailed steps for troubleshooting endpoints that aren't reporting correctly, common error codes encountered during onboarding, and steps for resolving problems with Azure Active Directory (AAD).
## Endpoints not reporting to the service correctly
## Endpoints are not reporting to the service correctly
If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after 20 minutes, it might indicate an endpoint onboarding or a connectivity problem.
@ -42,13 +43,17 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi
3. From the **Run** dialog box, type **regedit** and press **Enter**.
4. In the **Registry Editor** navigate to the Status key under **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection**.
4. In the **Registry Editor** navigate to the Status key under
```
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection
```
5. Check that the **OnboardingState** value is set to **1**.
![Image of OnboardingState status in Registry Editor](images/onboardingstate.png)
If the **OnboardingState** value is not set to **1**, follow the instructions on **Identifying and addressing onboarding issues**.
If the **OnboardingState** value is not set to `1`, follow the instructions on **Identifying and addressing onboarding issues**.
**Identifying and addressing onboarding errors**:
@ -77,7 +82,7 @@ Event ID | Message | Resolution steps
### Ensure that the Windows Defender ATP service is enabled
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 Windows Defender Advanced Threat Protection service is enabled on the endpoint.
If the endpoints aren't reporting correctly, you might need to check that the Windows Defender ATP service is enabled on the endpoint. You can use the SC comman line program for querying and managing the service.
**Check the startup type from the command line**:
@ -95,7 +100,7 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi
![Result of the sq query sense command](images/sc-query-sense-autostart.png)
3. If the service **START_TYPE** is not set to **AUTO_START**, then you'll need to enter the following command and press **Enter**:
3. If the service `START\_TYPE` is not set to `AUTO\_START`, then you'll need to enter the following command and press **Enter**:
```
sc config sense start=auto
```
@ -214,36 +219,6 @@ If the verification fails and your environment is using a proxy to connect to th
## Add users to an Azure Active Directory
If you don't see any users in the [Azure Management Portal](https://manage.windowsazure.com/) during the service onboarding stage, you might need to add users to the directory first.
1. Go to the Azure Management Portal and select the directory you want to manage.
2. Click **Users** from the top menu bar.
![Example Azure Management Portal organization](images/contoso-users.png)
3. Click **Add user** from the menu bar at the bottom.
![Add user menu](images/add-user.png)
4. Select the type of user and enter their details. There might be multiple steps in the **Add user** dialog box depending on the type of user. When you're done, click **Complete** ![Check icon](images/check-icon.png) or **OK**.
5. Continue to add users. They will now appear in the **Users** section of the **Windows ATP Service** application. You must assign the user a role before they can access the [Windows Defender ATP portal](https://securitycenter.windows.com/).
## Manage access for all users in Azure Active Directory
If you remove access for all users to the Windows ATP Service application (by clicking Manage access), you will not see the application in the list of applications in your directory in the [Azure Management Portal](https://manage.windowsazure.com/).
Log in to the application in the Azure Management Portal again:
1. Sign in to the [Windows Defender ATP portal](https://securitycenter.windows.com/) with the user account you want to give access to.
2. Confirm that you have signed in with the correct details, and click **Accept**.
3. Go to the [Azure Management Portal](https://manage.windowsazure.com/) and navigate to your directory. You will see the **Windows ATP Service** application in the **Applications** section again.
## Review events and errors on endpoints with Event Viewer
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/en-US/library/aa745633(v=bts.10).aspx) on individual endpoints, or check the status of machines from the [Windows Defender ATP portal](https://securitycenter.windows.com/).
@ -479,6 +454,34 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
</table>
## There are no users in the Azure Active Directory
If you don't see any users in the [Azure Management Portal](https://manage.windowsazure.com/) during the service onboarding stage, you might need to add users to the directory first.
1. Go to the Azure Management Portal and select the directory you want to manage.
2. Click **Users** from the top menu bar.
![Example Azure Management Portal organization](images/contoso-users.png)
3. Click **Add user** from the menu bar at the bottom.
![Add user menu](images/add-user.png)
4. Select the type of user and enter their details. There might be multiple steps in the **Add user** dialog box depending on the type of user. When you're done, click **Complete** ![Check icon](images/check-icon.png) or **OK**.
5. Continue to add users. They will now appear in the **Users** section of the **Windows ATP Service** application. You must assign the user a role before they can access the [Windows Defender ATP portal](https://securitycenter.windows.com/).
## The Windows Defender ATP app doesn't appear in the Azure Management Portal
If you remove access for all users to the Windows ATP Service application (by clicking Manage access), you will not see the application in the list of applications in your directory in the [Azure Management Portal](https://manage.windowsazure.com/).
Log in to the application in the Azure Management Portal again:
1. Sign in to the [Windows Defender ATP portal](https://securitycenter.windows.com/) with the user account you want to give access to.
2. Confirm that you have signed in with the correct details, and click **Accept**.
3. Go to the [Azure Management Portal](https://manage.windowsazure.com/) and navigate to your directory. You will see the **Windows ATP Service** application in the **Applications** section again.
## Related topics
- [Windows Defender ATP service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md)