Merge pull request #1067 from MicrosoftDocs/indicator-links

Indicator links
2025-05-12 13:27:23 +00:00 · 2019-09-09 15:22:02 -07:00 · 2019-09-09 15:22:02 -07:00 · 541ac64d7e
commit 541ac64d7e
parent 6c1f66d7d2 0c8c2d1395
6 changed files with 15 additions and 60 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -1336,6 +1336,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md",
+"redirect_url": "/windows/security/threat-protection/microsoft-defender-atp/manage-indicators",
+"redirect_document_id": false
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection",
 "redirect_document_id": true
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -429,7 +429,6 @@
 ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)

 #### [API for custom alerts (Deprecated)]()
-##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
 ##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
 ##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
 ##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-custom-ti.md
@ -1,56 +0,0 @@
---
-title: Enable the custom threat intelligence API in Microsoft Defender ATP
-description: Learn how to setup the custom threat intelligence application in Microsoft Defender ATP to create custom threat intelligence (TI).
-keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
-search.product: eADQiWindows 10XVcnh
-search.appverid: met150
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance 
-ms.topic: article
---
-
-# Enable the custom threat intelligence API in Microsoft Defender ATP (Deprecated)
-
-**Applies to:**
-
-
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
-> [!TIP]
-> This topic has been deprecated. See [Indicators](ti-indicator.md) for the updated content.
-> 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) 
-
-Before you can create custom threat intelligence (TI) using REST API, you'll need to set up the custom threat intelligence application through Microsoft Defender Security Center.
-
-1. In the navigation pane, select **Settings** >  **Threat intel**.
-
-   ![Image of threat intel API menu](images/atp-threat-intel-api.png)
-
-2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values.
-
-3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
-
-   >[!WARNING]
-   >The client secret is only displayed once. Make sure you keep a copy of it in a safe place. <br>
-   For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti.md#learn-how-to-get-a-new-client-secret).
-
-4. Select **Generate tokens** to get an access and refresh token.
-
-You’ll need to use the access token in the Authorization header when doing REST API calls.
-
-## Related topics
- [Understand threat intelligence concepts](threat-indicator-concepts.md)
- [Create custom alerts using the threat intelligence API](custom-ti-api.md)
- [PowerShell code examples for the custom threat intelligence API](powershell-example-code.md)
- [Python code examples for the custom threat intelligence API](python-example-code.md)
- [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
- [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@ -121,6 +121,10 @@ It's important to understand the following prerequisites prior to creating indic
 - The Antimalware client version must be 4.18.1906.x or later. 
 - Supported on machines on Windows 10, version 1709 or later. 
 - Ensure that **Custom network indicators** is enabled in **Microsoft Defender Security Center > Settings > Advanced features**. For more information, see [Advanced features](advanced-features.md).
+
+
+>[!IMPORTANT]
+> Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs.
 
 >[!NOTE]
 >There may be up to 2 hours latency (usually less) between the time the action is taken, and the URL and IP being blocked. 
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@ -22,13 +22,14 @@ ms.topic: article
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)


->[!Note]
+>[!NOTE]
 > Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)


 - Submits or Updates new [Indicator](ti-indicator.md) entity.

-
+>[!NOTE]
+>There is a limit of 5000 indicators per tenant. 

 ## Permissions
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/ti-indicator.md
@ -28,7 +28,9 @@ Method|Return Type |Description
 [Submit Indicator](post-ti-indicator.md) | [Indicator](ti-indicator.md) | Submits [Indicator](ti-indicator.md) entity.
 [Delete Indicator](delete-ti-indicator-by-id.md) | No Content | Deletes [Indicator](ti-indicator.md) entity.

- See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal: 
+- See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal. 
+
+For more information on creating indicators, see [Manage indicators](manage-indicators.md).

 # Properties
 Property |	Type	|	Description