mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 20:33:42 +00:00
Merged PR 10178: update from master
This commit is contained in:
Joey Caparas
Patti Short
@ -45,7 +45,7 @@ To change to a new TPM owner password, in TPM.msc, click **Change Owner Password
|
||||
|
||||
## Use the TPM cmdlets
|
||||
|
||||
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx).
|
||||
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule).
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
@ -68,7 +68,7 @@ Some things that you can check on the device are:
|
||||
- Is SecureBoot supported and enabled?
|
||||
|
||||
> [!NOTE]
|
||||
> The device must be running Windows 10 and it must support at least TPM 2.0.
|
||||
> The device must be running Windows 10 and it must support at least TPM 2.0 in order to utilize Device Health Attestation.
|
||||
|
||||
## Supported versions
|
||||
|
||||
|
||||
@ -60,7 +60,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o
|
||||
1. Open an elevated Windows PowerShell prompt.
|
||||
2. Use the following command to install the Active Directory Certificate Services role.
|
||||
```PowerShell
|
||||
Add-WindowsFeature Adcs-Cert-Authority -IncludeManageTools
|
||||
add-windowsfeature adcs-cert-authority -IncludeManagementTools
|
||||
```
|
||||
|
||||
3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration.
|
||||
|
||||
@ -58,6 +58,15 @@ When the trigger occurs, VPN tries to connect. If an error occurs or any user in
|
||||
|
||||
When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**.
|
||||
|
||||
Preserving user Always On preference
|
||||
|
||||
Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.
|
||||
Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
|
||||
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
|
||||
Value: AutoTriggerDisabledProfilesList
|
||||
Type: REG_MULTI_SZ
|
||||
|
||||
|
||||
## Trusted network detection
|
||||
|
||||
This feature configures the VPN such that it would not get triggered if a user is on a trusted corporate network. The value of this setting is a list of DNS suffices. The VPN stack will look at the DNS suffix on the physical interface and if it matches any in the configured list and the network is private or provisioned by MDM, then VPN will not get triggered.
|
||||
@ -86,4 +95,4 @@ After you add an associated app, if you select the **Only these apps can use thi
|
||||
- [VPN and conditional access](vpn-conditional-access.md)
|
||||
- [VPN name resolution](vpn-name-resolution.md)
|
||||
- [VPN security features](vpn-security-features.md)
|
||||
- [VPN profile options](vpn-profile-options.md)
|
||||
- [VPN profile options](vpn-profile-options.md)
|
||||
|
||||
@ -8,7 +8,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: brianlic-msft
|
||||
ms.date: 07/18/2018
|
||||
ms.date: 07/27/2018
|
||||
---
|
||||
|
||||
# BitLocker Management for Enterprises
|
||||
@ -21,19 +21,11 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu
|
||||
|
||||
Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx).
|
||||
|
||||
Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. When moving to cloud-based management, following these steps could be helpful:
|
||||
|
||||
1. Disable MBAM management and leave MBAM as only a database backup for the recovery key.
|
||||
2. Join the computers to Azure Active Directory (Azure AD).
|
||||
3. Use `Manage-bde -protectors -aadbackup` to backup the recovery key to Azure AD.
|
||||
|
||||
BitLocker recovery keys can be managed from Azure AD thereafter. The MBAM database does not need to be migrated.
|
||||
|
||||
Enterprises that choose to continue managing BitLocker on-premises after MBAM support ends can use the [BitLocker WMI provider class](https://msdn.microsoft.com/library/windows/desktop/aa376483) to create a custom management solution.
|
||||
Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD).
|
||||
|
||||
## Managing devices joined to Azure Active Directory
|
||||
|
||||
Devices joined to Azure Active Directory (Azure AD) are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
|
||||
Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online.
|
||||
|
||||
Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 Business or Enterprise editions and on Windows Phones.
|
||||
|
||||
|
||||
@ -125,13 +125,13 @@
|
||||
######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#######File
|
||||
######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
|
||||
######## [Block file](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get FileActions collection](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######## [Unblock file](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#######IP
|
||||
######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
@ -139,25 +139,25 @@
|
||||
######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
|
||||
######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
|
||||
#######Machines
|
||||
######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
|
||||
######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
|
||||
######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get FileMachineAction object](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get FileMachineActions collection](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get MachineAction object](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get MachineActions collection](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
|
||||
######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
|
||||
######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
######## [Get package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
|
||||
######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######## [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######## [Request sample](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
|
||||
######## [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
######## [Stop and quarantine file](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: brianlic-msft
|
||||
ms.date: 04/19/2017
|
||||
ms.date: 07/25/2018
|
||||
---
|
||||
|
||||
# Apply a basic audit policy on a file or folder
|
||||
@ -32,7 +32,7 @@ To complete this procedure, you must be logged on as a member of the built-in Ad
|
||||
- To audit failure events, click **Fail.**
|
||||
- To audit all events, click **All.**
|
||||
|
||||
> **Important:** Before setting up auditing for files and folders, you must enable object access auditing by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.
|
||||
> **Important:** Before setting up auditing for files and folders, you must enable [object access auditing](basic-audit-object-access.md) by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited.
|
||||
|
||||
## Additional considerations
|
||||
|
||||
|
||||
@ -11,7 +11,7 @@ ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: andreabichsel
|
||||
ms.author: v-anbic
|
||||
ms.date: 07/10/2018
|
||||
ms.date: 07/26/2018
|
||||
---
|
||||
|
||||
|
||||
@ -83,8 +83,8 @@ Location | Setting | Description | Default setting (if not configured)
|
||||
---|---|---|---
|
||||
Scan | Specify the scan type to use for a scheduled scan | Quick scan
|
||||
Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never
|
||||
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
|
||||
Root | Randomize scheduled task times | Randomize the start time of the scan to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments | Enabled
|
||||
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am
|
||||
Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans. This can be useful in VM or VDI deployments. | Enabled
|
||||
|
||||
**Use PowerShell cmdlets to schedule scans:**
|
||||
|
||||
|
||||
@ -655,32 +655,32 @@ Microsoft recommends that you block the following Microsoft-signed applications
|
||||
<Deny ID="ID_DENY_D_554" FriendlyName="PowerShellShell 554" Hash="CBD19FDB6338DB02299A3F3FFBBEBF216B18013B3377D1D31E51491C0C5F074C"/>
|
||||
<Deny ID="ID_DENY_D_555" FriendlyName="PowerShellShell 555" Hash="3A316A0A470744EB7D18339B76E786564D1E96130766A9895B2222C4066CE820"/>
|
||||
<Deny ID="ID_DENY_D_556" FriendlyName="PowerShellShell 556" Hash="68A4A1E8F4E1B903408ECD24608659B390B9E7154EB380D94ADE7FEB5EA470E7"/>
|
||||
<Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 556" Hash="45F948AF27F4E698A8546027717901B5F70368EE"/>
|
||||
<Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 556" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30"/>
|
||||
<Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 556" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"/>
|
||||
<Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 556" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140"/>
|
||||
<Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 556" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"/>
|
||||
<Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 556" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A"/>
|
||||
<Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 556" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"/>
|
||||
<Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 556" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010"/>
|
||||
<Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 556" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"/>
|
||||
<Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 556" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3"/>
|
||||
<Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 556" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"/>
|
||||
<Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 556" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C"/>
|
||||
<Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 556" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"/>
|
||||
<Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 556" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8"/>
|
||||
<Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 556" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"/>
|
||||
<Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 556" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439"/>
|
||||
<Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 556" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"/>
|
||||
<Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 556" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3"/>
|
||||
<Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 556" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"/>
|
||||
<Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 556" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389"/>
|
||||
<Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 556" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"/>
|
||||
<Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 556" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA"/>
|
||||
<Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 556" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"/>
|
||||
<Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 556" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
|
||||
<Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 556" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
|
||||
<Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 556" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
|
||||
<Deny ID="ID_DENY_D_557" FriendlyName="PowerShellShell 557" Hash="45F948AF27F4E698A8546027717901B5F70368EE"/>
|
||||
<Deny ID="ID_DENY_D_558" FriendlyName="PowerShellShell 558" Hash="2D63C337961C6CF2660C5DB906D9070CA38BCE828584874680EC4F5097B82E30"/>
|
||||
<Deny ID="ID_DENY_D_559" FriendlyName="PowerShellShell 559" Hash="DA4CD4B0158B774CE55721718F77ED91E3A42EB3"/>
|
||||
<Deny ID="ID_DENY_D_560" FriendlyName="PowerShellShell 560" Hash="7D181BB7A4A0755FF687CCE34949FC6BD6FBC377E6D4883698E8B45DCCBEA140"/>
|
||||
<Deny ID="ID_DENY_D_561" FriendlyName="PowerShellShell 561" Hash="C67D7B12BBFFD5FBD15FBD892955EA48E6F4B408"/>
|
||||
<Deny ID="ID_DENY_D_562" FriendlyName="PowerShellShell 562" Hash="1DCAD0BBCC036B85875CC0BAF1B65027933624C1A29BE336C79BCDB00FD5467A"/>
|
||||
<Deny ID="ID_DENY_D_563" FriendlyName="PowerShellShell 563" Hash="7D8CAB8D9663926E29CB810B42C5152E8A1E947E"/>
|
||||
<Deny ID="ID_DENY_D_564" FriendlyName="PowerShellShell 564" Hash="2E0203370E6E5437CE2CE1C20895919F806B4E5FEBCBE31F16CB06FC5934F010"/>
|
||||
<Deny ID="ID_DENY_D_565" FriendlyName="PowerShellShell 565" Hash="20E7156E348912C20D35BD4BE2D52C996BF5535E"/>
|
||||
<Deny ID="ID_DENY_D_566" FriendlyName="PowerShellShell 566" Hash="EB26078544BDAA34733AA660A1A2ADE98523DAFD9D58B3995919C0E524F2FFC3"/>
|
||||
<Deny ID="ID_DENY_D_567" FriendlyName="PowerShellShell 567" Hash="B9DD16FC0D02EA34613B086307C9DBEAC30546AF"/>
|
||||
<Deny ID="ID_DENY_D_568" FriendlyName="PowerShellShell 568" Hash="DE5B012C4DC3FE3DD432AF9339C36EFB8D54E8864493EA2BA151F0ADBF3E338C"/>
|
||||
<Deny ID="ID_DENY_D_569" FriendlyName="PowerShellShell 569" Hash="6397AB5D664CDB84A867BC7E22ED0789060C6276"/>
|
||||
<Deny ID="ID_DENY_D_570" FriendlyName="PowerShellShell 570" Hash="B660F6CA0788DA18375602537095C378990E8229B11B57B092AC8A550E9C61E8"/>
|
||||
<Deny ID="ID_DENY_D_571" FriendlyName="PowerShellShell 571" Hash="3BF717645AC3986AAD0B4EA9D196B18D05199DA9"/>
|
||||
<Deny ID="ID_DENY_D_572" FriendlyName="PowerShellShell 572" Hash="364C227F9E57C72F9BFA652B8C1DE738AB4747D0DB68A7B899CA3EE51D802439"/>
|
||||
<Deny ID="ID_DENY_D_573" FriendlyName="PowerShellShell 573" Hash="3A1B06680F119C03C60D12BAC682853ABE430D21"/>
|
||||
<Deny ID="ID_DENY_D_574" FriendlyName="PowerShellShell 574" Hash="850759BCE4B66997CF84E84683A2C1980D4B498821A8AB9C3568EB298B824AE3"/>
|
||||
<Deny ID="ID_DENY_D_575" FriendlyName="PowerShellShell 575" Hash="654C54AA3F2C74FBEB55B961FB1924A7B2737E61"/>
|
||||
<Deny ID="ID_DENY_D_576" FriendlyName="PowerShellShell 576" Hash="B7EA81960C6EECFD2FF385890F158F5B1CB3D1E100C7157AB161B3D23DCA0389"/>
|
||||
<Deny ID="ID_DENY_D_577" FriendlyName="PowerShellShell 577" Hash="496F793112B6BCF4B6EA16E8B2F8C3F5C1FEEB52"/>
|
||||
<Deny ID="ID_DENY_D_578" FriendlyName="PowerShellShell 578" Hash="E430485B577774825CEF53E5125B618A2608F7BE3657BB28383E9A34FCA162FA"/>
|
||||
<Deny ID="ID_DENY_D_579" FriendlyName="PowerShellShell 579" Hash="6EA8CEEA0D2879989854E8C86CECA26EF79F7B19"/>
|
||||
<Deny ID="ID_DENY_D_580" FriendlyName="PowerShellShell 580" Hash="8838FE3D8E2505F3D3D8B98C64739115838A0B443BBBBFB487342F1EE7801360"/>
|
||||
<Deny ID="ID_DENY_D_581" FriendlyName="PowerShellShell 581" Hash="28C5E53DE197E872F7E4772BF40F728F56FE3ACC"/>
|
||||
<Deny ID="ID_DENY_D_582" FriendlyName="PowerShellShell 582" Hash="3493DAEC6EC03E56ECC4A15432C750735F75F9CB38D8779C7783B4DA956BF037"/>
|
||||
|
||||
<!-- pubprn.vbs
|
||||
-->
|
||||
|
||||
@ -125,13 +125,13 @@
|
||||
###### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####File
|
||||
###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
|
||||
###### [Block file](block-file-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
###### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get FileActions collection](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
###### [Unblock file](unblock-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
#####IP
|
||||
###### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
@ -139,25 +139,25 @@
|
||||
###### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
|
||||
###### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
|
||||
#####Machines
|
||||
###### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
|
||||
###### [Collect investigation package](collect-investigation-package-windows-defender-advanced-threat-protection.md)
|
||||
###### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get FileMachineAction object](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get FileMachineActions collection](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get MachineAction object](get-machineaction-object-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get MachineActions collection](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
|
||||
###### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
###### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
###### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
###### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
|
||||
###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
###### [Get package SAS URI](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
|
||||
###### [Isolate machine](isolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
###### [Release machine from isolation](unisolate-machine-windows-defender-advanced-threat-protection.md)
|
||||
###### [Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
###### [Request sample](request-sample-windows-defender-advanced-threat-protection.md)
|
||||
###### [Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection.md)
|
||||
###### [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection.md)
|
||||
###### [Stop and quarantine file](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ If successful, this method returns 200, Ok response code with empty body, which
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -66,7 +66,7 @@ Content-type: application/json
|
||||
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -63,7 +63,7 @@ Content-type: application/json
|
||||
}
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Find machine information by internal IP API
|
||||
description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or internal IP.
|
||||
keywords: apis, graph api, supported apis, find machine, machine information, IP
|
||||
description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP.
|
||||
keywords: ip, apis, graph api, supported apis, find machine, machine information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -9,8 +9,8 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 12/08/2017
|
||||
ms.localizationpriority: high
|
||||
ms.date: 07/25/2018
|
||||
---
|
||||
|
||||
# Find machine information by internal IP API
|
||||
@ -20,15 +20,17 @@ ms.date: 12/08/2017
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
Find a machine entity around a specific timestamp by internal IP.
|
||||
|
||||
Find a machine entity around a specific timestamp by FQDN or internal IP.
|
||||
>[!NOTE]
|
||||
>The timestamp must be within the last 30 days.
|
||||
|
||||
## Permissions
|
||||
User needs read permissions.
|
||||
|
||||
## HTTP request
|
||||
```
|
||||
GET /testwdatppreview/machines/find(timestamp={time},key={IP/FQDN})
|
||||
GET /testwdatppreview/machines/find(timestamp={time},key={IP})
|
||||
```
|
||||
|
||||
## Request headers
|
||||
@ -49,19 +51,20 @@ If no machine found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
```
|
||||
GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp={time},key={IP/FQDN})
|
||||
GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61')
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp.
|
||||
|
||||
```
|
||||
HTTP/1.1 200 OK
|
||||
|
||||
@ -50,7 +50,7 @@ If actor does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/actors/zinc
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If actor does not exist or no related alerts - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If alert not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If alert not found or actor not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -59,7 +59,7 @@ Content-type: application/json
|
||||
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If alert not found or domain not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If alert not found or files not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If alert not found or IPs not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ If alert not found or machine not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -57,7 +57,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If alert not found or user not found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ If no recent alerts found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If domain or alert does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If domain or machines do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If domain does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ If file does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If file or alerts do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If file or machines do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If file do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ If successful, this method returns 200, Ok response code with a collection of Fi
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request on an organization that has three FileActions.
|
||||
|
||||
@ -59,7 +59,7 @@ Here is an example of the request on an organization that has three FileActions.
|
||||
GET https://graph.microsoft.com/testwdatppreview/fileactions
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with the *FileMachineAc
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -55,7 +55,7 @@ Here is an example of the request.
|
||||
GET https://graph.microsoft.com/testwdatppreview/filemachineactions/3dc88ce3-dd0c-40f7-93fc-8bd14317aab6
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with a collection of Fi
|
||||
|
||||
## Example 1
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request on an organization that has three FileMachineActions.
|
||||
|
||||
@ -55,7 +55,7 @@ Here is an example of the request on an organization that has three FileMachineA
|
||||
GET https://graph.microsoft.com/testwdatppreview/filemachineactions
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
@ -113,7 +113,7 @@ Content-type: application/json
|
||||
|
||||
##Example 2
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of a request that filters the FileMachineActions by machine ID and shows the latest two FileMachineActions.
|
||||
|
||||
@ -121,7 +121,7 @@ Here is an example of a request that filters the FileMachineActions by machine I
|
||||
GET https://graph.microsoft.com/testwdatppreview/filemachineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
```
|
||||
HTTP/1.1 200 Ok
|
||||
|
||||
@ -49,7 +49,7 @@ If IP and alerts do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ If IP or machines do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -51,7 +51,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If domain does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If no machine found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines/{id}
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ If no machine found or no users found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -59,7 +59,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If no machine or no alerts found - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with the *MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -55,7 +55,7 @@ Here is an example of the request.
|
||||
GET https://graph.microsoft.com/testwdatppreview/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ If successful, this method returns 200, Ok response code with a collection of Ma
|
||||
|
||||
## Example 1
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request on an organization that has three MachineActions.
|
||||
|
||||
@ -55,7 +55,7 @@ Here is an example of the request on an organization that has three MachineActio
|
||||
GET https://graph.microsoft.com/testwdatppreview/machineactions
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
@ -107,7 +107,7 @@ Content-type: application/json
|
||||
|
||||
## Example 2
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions.
|
||||
|
||||
@ -117,7 +117,7 @@ GET https://graph.microsoft.com/testwdatppreview/machineactions?$filter=machineI
|
||||
|
||||
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If no recent machines - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ If successful, this method returns 200, Ok response code with object that holds
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -57,7 +57,7 @@ GET https://graph.microsoft.com/testwdatppreview/machineactions/7327b54fd718525c
|
||||
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If user does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/users/{id}
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If user does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If user or machine does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ If domain does not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -51,7 +51,7 @@ GET https://graph.microsoft.com/testwdatppreview/domains/{id}
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ If IP do not exist - 404 Not Found.
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -58,7 +58,7 @@ GET https://graph.microsoft.com/testwdatppreview/ips/{id}
|
||||
Content-type: application/json
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -57,7 +57,7 @@ If successful, this method returns 201, Created response code and _MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -70,7 +70,7 @@ Content-type: application/json
|
||||
}
|
||||
|
||||
```
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ If successful, this method returns 201, Created response code and *FileMachineAc
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -66,7 +66,7 @@ Content-type: application/json
|
||||
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -63,7 +63,7 @@ Content-type: application/json
|
||||
}
|
||||
|
||||
```
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -59,7 +59,7 @@ If successful, this method returns 201, Created response code and _MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -72,7 +72,7 @@ Content-type: application/json
|
||||
}
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ If successful, this method returns 201, Created response code and _FileMachineAc
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -65,7 +65,7 @@ Content-type: application/json
|
||||
}
|
||||
|
||||
```
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -52,7 +52,7 @@ If successful, this method returns 200, Ok response code with empty body, which
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -64,7 +64,7 @@ Content-type: application/json
|
||||
}
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -63,7 +63,7 @@ Content-type: application/json
|
||||
}
|
||||
|
||||
```
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ If successful, this method returns 201, Created response code and _MachineAction
|
||||
|
||||
## Example
|
||||
|
||||
Request
|
||||
**Request**
|
||||
|
||||
Here is an example of the request.
|
||||
|
||||
@ -64,7 +64,7 @@ Content-type: application/json
|
||||
|
||||
```
|
||||
|
||||
Response
|
||||
**Response**
|
||||
|
||||
Here is an example of the response.
|
||||
|
||||
|
||||
@ -53,10 +53,9 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th
|
||||
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work.
|
||||
|
||||
Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes:
|
||||
- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md)
|
||||
- [Windows Defender Security Center](../windows-defender-atp/windows-defender-security-center-atp.md)
|
||||
- [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
- [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md)
|
||||
- Windows Defender Device Guard
|
||||
- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control.md)
|
||||
- [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
|
||||
You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
|
||||
@ -76,7 +75,7 @@ This section covers requirements for each feature in Windows Defender EG.
|
||||
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
|
||||
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
|
||||
| Exploit protection |  |  |  |  |
|
||||
| Attack surface reduction |  |  |  |  |
|
||||
| Attack surface reduction |  |  |  |  |
|
||||
| Network protection |  |  |  |  |
|
||||
| Controlled folder access |  |  |  |  |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user