deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Updated threat-and-vuln-mgt-scenarios.md

Browse Source
This commit is contained in:
Dolcita Montemayor 2019-04-11 12:57:10 +00:00
parent 13824d5da2
commit 619a93295d
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -52,10 +52,12 @@ To lower down your threat and vulnerability exposure through remediation via Mic
1. Review the **Top security recommendations** list from your Threat & Vulnerability Management dashboard, and select the first item on the list. This opens the **Security recommendation** page.
2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It will also show you the vulnerability details, such as the associated exploits affecting what machines and its business impact. Select **Request remediation**..
Note: There are two types of recommendations:
>[!NOTE]
> There are two types of recommendations:
- Security update which refers to recommendations that require a package installation
- Configuration change which refers to recommendations that require a registry or GPO modification
- Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the [insert bug image here] icon.
3. Select **Open a ticket in Intune** and indicate the remediation due date.
4. Add a note for the IT administrator who will pick up the remediation task for more context.
@ -64,7 +66,7 @@ Note: There are two types of recommendations:
6. <Add Intune portal workflow here>
7. 5. Review the machine **Security recommendation** tab again. The recommendation should now disappear, and the exposure score should decrease.
7. Review the machine **Security recommendation** tab again. The recommendation should now disappear, and the exposure score should decrease.
## Improve your security configuration
@ -79,14 +81,18 @@ To use this capability:
1. Enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune** connection toggle on.
2. Click on a security recommendation you would like to request remediation for, and then click **Request remediation**.
2. Click on a security recommendation you would like to request remediation for. For example, a third-party tool that you can easily update, or a registry value that can be easily modified using RegEdit.
>[!NOTE]
>- Security update which refers to recommendations that require a package installation
>- Configuration change which refers to recommendations that require a registry or GPO modification
3. Select **Open a ticket in Intune**, select a due date, and optional notes for the IT Administrator. Then, click **Submit request**.
Note: You also have the option to export all the data from the recommendation in the CSV format by selecting **Export all remediation activity data to CSV**.
3. Connect to the machine and apply the selected recommendation.
>[!NOTE]
> Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the [insert bug icon here] icon.
4. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment
4. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment
5. View the status of the remediation request. Navigate to the **Remediation** page to view the activity progress.
5. View the status of the remediation request. Navigate to the **Remediation** page to view the activity progress.
## File for and manage exception
@ -98,7 +104,9 @@ Exceptions can be created for both security update and configuration change reco
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to Exception, and it no longer shows up in the security recommendations list
Note: You will still see the recommendations under exception by applying appropriate filters.
>[!NOTE]
> You will still see the recommendations under exception by applying appropriate filters.
1. Navigate to **Security recommendations** under the **Threat & Vulnerability Management** menu.
2. Click the top-most recommendation. A side panel will open with the recommendation details.
@ -114,9 +122,9 @@ Note: You will still see the recommendations under exception by applying appropr
6. View all your exceptions (current + past) by navigating to **Remediation** under the **Threat & Vulnerability Management** menu and clicking on the **Exceptions** tab.
7. Click the exception that you created to view the details.
7. Click the exception that you created to view the details.
8. Navigate to **Security recommendations** under the **Threat & Vulnerability Management** menu again and see that recommendation will not appear there anymore as it is currently under exception.
8. Navigate to **Security recommendations** under the **Threat & Vulnerability Management** menu again and see that recommendation will not appear there anymore as it is currently under exception.
## Related topics
- [Next-generation Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)