deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-25 23:33:35 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'ConfigRebrand-Four' of https://github.com/LauraKellerGitHub/windows-docs-pr into ConfigRebrand-Four

Browse Source
This commit is contained in:
LauraKellerGitHub
2020-01-31 14:16:56 -08:00
parent cf41115849 3415504f5b
commit 6851760c8d
325 changed files with 7936 additions and 2957 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -36,18 +36,6 @@ Windows Hello addresses the following problems with passwords:
## Prerequisites
> [!Important]
> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>.
> **Requirements:**</br>
> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
>
> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
> **Requirements:**</br>
> Reset from settings - Windows 10, version 1703, Professional</br>
> Reset above lock screen - Windows 10, version 1709, Professional</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
### Cloud Only Deployment
* Windows 10, version 1511 or later
@ -75,6 +63,18 @@ The table shows the minimum requirements for each deployment. For key trust in a
| Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect |
| Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment |
> [!Important]
> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. </br>
> **Requirements:**</br>
> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
>
> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
> **Requirements:**</br>
> Reset from settings - Windows 10, version 1703, Professional</br>
> Reset above lock screen - Windows 10, version 1709, Professional</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
### On-premises Deployments
The table shows the minimum requirements for each deployment.

58
windows/security/threat-protection/TOC.md
View File

@ -34,8 +34,11 @@
#### [Web protection]()
##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
##### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
##### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
##### [Web threat protection]()
###### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
#### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
#### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
@ -114,7 +117,7 @@
#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
#### [Advanced hunting schema reference]()
##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
##### [AlertEvents](microsoft-defender-atp/advanced-hunting-alertevents-table.md)
##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
@ -153,6 +156,15 @@
### [Portal overview](microsoft-defender-atp/portal-overview.md)
### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
## [Deployment guide]()
### [Product brief](microsoft-defender-atp/product-brief.md)
### [Prepare deployment](microsoft-defender-atp/prepare-deployment.md)
### [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
### [Production deployment](microsoft-defender-atp/production-deployment.md)
### [Helpful resources](microsoft-defender-atp/helpful-resources.md)
## [Get started]()
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
@ -391,6 +403,9 @@
####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
####### [Get installed software](microsoft-defender-atp/get-installed-software.md)
####### [Get discovered vulnerabilities](microsoft-defender-atp/get-discovered-vulnerabilities.md)
####### [Get security recommendation](microsoft-defender-atp/get-security-recommendations.md)
####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
@ -441,6 +456,34 @@
####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
###### [Score]()
####### [Score methods and properties](microsoft-defender-atp/score.md)
####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md)
####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md)
####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md)
###### [Software]()
####### [Software methods and properties](microsoft-defender-atp/software.md)
####### [List software](microsoft-defender-atp/get-software.md)
####### [Get software by Id](microsoft-defender-atp/get-software-by-id.md)
####### [List software version distribution](microsoft-defender-atp/get-software-ver-distribution.md)
####### [List machines by software](microsoft-defender-atp/get-machines-by-software.md)
####### [List vulnerabilities by software](microsoft-defender-atp/get-vuln-by-software.md)
###### [Vulnerability]()
####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md)
####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md)
####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md)
####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md)
###### [Recommendation]()
####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md)
####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md)
####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md)
####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md)
####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md)
####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md)
##### [How to use APIs - Samples]()
###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md)
###### [Power BI](microsoft-defender-atp/api-power-bi.md)
@ -448,11 +491,18 @@
###### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
#### [Windows updates (KB) info]()
##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
#### [Pull detections to your SIEM tools]()
#### [Raw data streaming API]()
##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md)
##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md)
##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md)
#### [SIEM integration]()
##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)

12
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-alertevents-table.md → windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
View File

@ -1,7 +1,7 @@
---
title: AlertEvents table in the advanced hunting schema
description: Learn about alert generation events in the AlertEvents table of the advanced hunting schema
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, alertevents, alert, severity, category
title: DeviceAlertEvents table in the advanced hunting schema
description: Learn about alert generation events in the DeviceAlertEvents table of the advanced hunting schema
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, windows defender atp, wdatp search, query, telemetry, schema reference, kusto, table, column, data type, description, DeviceAlertEvents, alert, severity, category
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -15,10 +15,10 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 10/08/2019
ms.date: 01/22/2020
---
# AlertEvents
# DeviceAlertEvents
**Applies to:**
@ -26,7 +26,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `AlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).

35
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md
View File

@ -34,23 +34,24 @@ For information on other tables in the advanced hunting schema, see [the advance
| Column name | Data type | Description |
|-------------|-----------|-------------|
| `Timestamp` | datetime | Date and time when the event was recorded
| `DeviceId` | string | Unique identifier for the machine in the service
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to
| `IsSigned` | boolean | Indicates whether the file is signed
| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file
| `Signer` | string | Information about the signer of the file
| `SignerHash` | string | Unique hash value identifying the signer
| `Issuer` | string | Information about the issuing certificate authority (CA)
| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA)
| `CrlDistributionPointUrls` | string | URL of the network share that contains certificates and the certificate revocation list (CRL)
| `CertificateCreationTime` | datetime | Date and time the certificate was created
| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire
| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned
| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes
| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns.
| `Timestamp` | datetime | Date and time when the event was recorded |
| `DeviceId` | string | Unique identifier for the machine in the service |
| `DeviceName` | string | Fully qualified domain name (FQDN) of the machine |
| `SHA1` | string | SHA-1 of the file that the recorded action was applied to |
| `IsSigned` | boolean | Indicates whether the file is signed |
| `SignatureType` | string | Indicates whether signature information was read as embedded content in the file itself or read from an external catalog file |
| `Signer` | string | Information about the signer of the file |
| `SignerHash` | string | Unique hash value identifying the signer |
| `Issuer` | string | Information about the issuing certificate authority (CA) |
| `IssuerHash` | string | Unique hash value identifying issuing certificate authority (CA) |
| `CertificateSerialNumber` | string | Identifier for the certificate that is unique to the issuing certificate authority (CA) |
| `CrlDistributionPointUrls` | string | JSON array listing the URLs of network shares that contain certificates and certificate revocation lists (CRLs) |
| `CertificateCreationTime` | datetime | Date and time the certificate was created |
| `CertificateExpirationTime` | datetime | Date and time the certificate is set to expire |
| `CertificateCountersignatureTime` | datetime | Date and time the certificate was countersigned |
| `IsTrusted` | boolean | Indicates whether the file is trusted based on the results of the WinVerifyTrust function, which checks for unknown root certificate information, invalid signatures, revoked certificates, and other questionable attributes |
| `IsRootSignerMicrosoft` | boolean | Indicates whether the signer of the root certificate is Microsoft |
| `ReportId` | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the DeviceName and Timestamp columns. |
## Related topics

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
View File

@ -26,7 +26,7 @@ ms.date: 10/08/2019
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
The `DeviceImageLoadEvents table` in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting schema reference](advanced-hunting-schema-reference.md).

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -37,7 +37,7 @@ Table and column names are also listed within the Microsoft Defender Security Ce
| Table name | Description |
|------------|-------------|
| **[AlertEvents](advanced-hunting-alertevents-table.md)** | Alerts on Microsoft Defender Security Center |
| **[DeviceAlertEvents](advanced-hunting-devicealertevents-table.md)** | Alerts on Microsoft Defender Security Center |
| **[DeviceInfo](advanced-hunting-deviceinfo-table.md)** | Machine information, including OS information |
| **[DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md)** | Network properties of machines, including adapters, IP and MAC addresses, as well as connected networks and domains |
| **[DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md)** | Process creation and related events |

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md
View File

@ -28,7 +28,7 @@ ms.date: 11/12/2019
[!include[Prerelease information](../../includes/prerelease.md)]
The `DeviceTvmSoftwareInventoryVulnerabilities` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) assesses devices for. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-reference.md).

5
windows/security/threat-protection/microsoft-defender-atp/configuration-score.md
View File

@ -74,3 +74,8 @@ See how you can [improve your security configuration](https://docs.microsoft.com
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
- [Score APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/score)
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)

6
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
View File

@ -1,7 +1,7 @@
---
title: Onboarding tools and methods for Windows 10 machines
description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
keywords: Onboard Windows 10 machines, group policy, endpoint configuration manager, mobile device management, local script, gp, sccm, mdm, intune
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -31,7 +31,7 @@ Machines in your organization must be configured so that the Microsoft Defender
The following deployment tools and methods are supported:
- Group Policy
- System Center Configuration Manager
- Microsoft Endpoint Configuration Manager
- Mobile Device Management (including Microsoft Intune)
- Local script
@ -39,7 +39,7 @@ The following deployment tools and methods are supported:
Topic | Description
:---|:---
[Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md) | Use Group Policy to deploy the configuration package on machines.
[Onboard Windows 10 machines using System Center Configuration Manager](configure-endpoints-sccm.md) | You can use either use System Center Configuration Manager (current branch) version 1606 or System Center Configuration Manager(current branch) version 1602 or earlier to deploy the configuration package on machines.
[Onboard Windows machines using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) | You can use either use Microsoft Endpoint Configuration Manager (current branch) version 1606 or Microsoft Endpoint Configuration Manager (current branch) version 1602 or earlier to deploy the configuration package on machines.
[Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on machine.
[Onboard Windows 10 machines using a local script](configure-endpoints-script.md) | Learn how to use the local script to deploy the configuration package on endpoints.
[Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI machines.

2
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -118,7 +118,7 @@ If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP
## Microsoft Defender ATP service backend IP range
If you network devices don't support the URLs white-listed in the prior section, you can use the following information.
If your network devices don't support the URLs white-listed in the prior section, you can use the following information.
Microsoft Defender ATP is built on Azure cloud, deployed in the following regions:

2
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -129,7 +129,7 @@ Once completed, you should see onboarded servers in the portal within an hour.
To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below.
> [!NOTE]
> The Onboarding package for Windows Server 2019 through System Center Configuration Manager currently ships a script. For more information on how to deploy scripts in System Center Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
> The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Microsoft Endpoint Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs).
Supported tools include:
- Local script

4
windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
View File

@ -25,13 +25,13 @@ ms.custom: asr
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the System Center Configuration Manager (SCCM) and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. It protects your data by checking against a list of known, trusted apps. Controlled folder access is supported on Windows Server 2019 as well as Windows 10 clients. It can be turned on via the Windows Security App, or from the Microsoft Endpoint Configuration Manager and Intune, for managed devices. Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
Controlled folder access works by only allowing apps to access protected folders if the app is included on a list of trusted software. If an app isn't on the list, Controlled folder access will block it from making changes to files inside protected folders.
Apps are added to the trusted list based upon their prevalence and reputation. Apps that are highly prevalent throughout your organization, and that have never displayed any malicious behavior, are deemed trustworthy and automatically added to the list.
Apps can also be manually added to the trusted list via SCCM and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console.
Apps can also be manually added to the trusted list via Configuration Manager and Intune. Additional actions, such as [adding a file indicator](../microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) for the app, can be performed from the Security Center Console.
Controlled folder access is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage.

12
windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
View File

@ -33,11 +33,11 @@ You can enable attack surface reduction rules by using any of these methods:
* [Microsoft Intune](#intune)
* [Mobile Device Management (MDM)](#mdm)
* [System Center Configuration Manager (SCCM)](#sccm)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
* [PowerShell](#powershell)
Enterprise-level management such as Intune or SCCM is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup.
Enterprise-level management such as Intune or Microsoft Endpoint Configuration Manager is recommended. Enterprise-level management will overwrite any conflicting Group Policy or PowerShell settings on startup.
## Exclude files and folders from ASR rules
@ -99,9 +99,9 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
> [!NOTE]
> Be sure to enter OMA-URI values without spaces.
## SCCM
## Microsoft Endpoint Configuration Manager
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. Click **Home** > **Create Exploit Guard Policy**.
1. Enter a name and a description, click **Attack Surface Reduction**, and click **Next**.
1. Choose which rules will block or audit actions and click **Next**.
@ -111,7 +111,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
## Group Policy
> [!WARNING]
> If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy settings on startup.
> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting Group Policy settings on startup.
1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -134,7 +134,7 @@ Value: c:\path|e:\path|c:\Whitelisted.exe
## PowerShell
>[!WARNING]
>If you manage your computers and devices with Intune, SCCM, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
>If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup.
1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**.

6
windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
View File

@ -30,7 +30,7 @@ You can enable controlled folder access by using any of these methods:
* [Windows Security app](#windows-security-app)
* [Microsoft Intune](#intune)
* [Mobile Device Management (MDM)](#mdm)
* [System Center Configuration Manager (SCCM)](#sccm)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
* [PowerShell](#powershell)
@ -78,9 +78,9 @@ For more information about disabling local list merging, see [Prevent or allow u
Use the [./Vendor/MSFT/Policy/Config/ControlledFolderAccessProtectedFolders](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-controlledfolderaccessprotectedfolders) configuration service provider (CSP) to allow apps to make changes to protected folders.
## SCCM
## Microsoft Endpoint Configuration Manager
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
2. Click **Home** > **Create Exploit Guard Policy**.
3. Enter a name and a description, click **Controlled folder access**, and click **Next**.
4. Choose whether block or audit changes, allow other apps, or add other folders, and click **Next**.

26
windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
View File

@ -32,12 +32,12 @@ Many features from the Enhanced Mitigation Experience Toolkit (EMET) are include
You can enable each mitigation separately by using any of these methods:
- [Windows Security app](#windows-security-app)
- [Microsoft Intune](#intune)
- [Mobile Device Management (MDM)](#mdm)
- [System Center Configuration Manager (SCCM)](#sccm)
- [Group Policy](#group-policy)
- [PowerShell](#powershell)
* [Windows Security app](#windows-security-app)
* [Microsoft Intune](#intune)
* [Mobile Device Management (MDM)](#mdm)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
* [PowerShell](#powershell)
Exploit protection is configured by default in Windows 10. You can set each mitigation to on, off, or to its default value. Some mitigations have additional options.
@ -121,14 +121,14 @@ The result will be that DEP will be enabled for *test.exe*. DEP will not be enab
Use the [./Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-exploitguard) configuration service provider (CSP) to enable or disable exploit protection mitigations or to use audit mode.
## SCCM
## Microsoft Endpoint Configuration Manager
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
2. Click **Home** > **Create Exploit Guard Policy**.
3. Enter a name and a description, click **Exploit protection**, and click **Next**.
4. Browse to the location of the exploit protection XML file and click **Next**.
5. Review the settings and click **Next** to create the policy.
6. After the policy is created, click **Close**.
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. Click **Home** > **Create Exploit Guard Policy**.
1. Enter a name and a description, click **Exploit protection**, and click **Next**.
1. Browse to the location of the exploit protection XML file and click **Next**.
1. Review the settings and click **Next** to create the policy.
1. After the policy is created, click **Close**.
## Group Policy

6
windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
View File

@ -30,7 +30,7 @@ You can enable network protection by using any of these methods:
* [Microsoft Intune](#intune)
* [Mobile Device Management (MDM)](#mdm)
* [System Center Configuration Manager (SCCM)](#sccm)
* [Microsoft Endpoint Configuration Manager](#microsoft-endpoint-configuration-manager)
* [Group Policy](#group-policy)
* [PowerShell](#powershell)
@ -49,9 +49,9 @@ You can enable network protection by using any of these methods:
Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable or disable network protection or enable audit mode.
## SCCM
## Microsoft Endpoint Configuration Manager
1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. In Microsoft Endpoint Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **Windows Defender Exploit Guard**.
1. Click **Home** > **Create Exploit Guard Policy**.
1. Enter a name and a description, click **Network protection**, and click **Next**.
1. Choose whether to block or audit access to suspicious domains and click **Next**.

2
windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md
View File

@ -46,7 +46,7 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
> [!TIP]
> If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
You can also use Group Policy, Intune, MDM, or Microsoft Endpoint Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders.md).
## Review controlled folder access events in Windows Event Viewer

4
windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md
View File

@ -57,6 +57,10 @@ Machines | Run API calls such as get machines, get machines by ID, information a
Machine Actions | Run API call such as Isolation, Run anti-virus scan and more.
Indicators | Run API call such as create Indicator, get Indicators and delete Indicators.
Users | Run API calls such as get user related alerts and user related machines.
Score | Run API calls such as get exposure score or get device secure score.
Software | Run API calls such as list vulnerabilities by software.
Vulnerability | Run API calls such as list machines by vulnerability.
Recommendation | Run API calls such as Get recommendation by Id.
## Related topic
- [Microsoft Defender ATP APIs](apis-intro.md)

108
windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md Normal file
View File

@ -0,0 +1,108 @@
---
title: List all recommendations
description: Retrieves a list of all security recommendations affecting the organization.
keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List all recommendations
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of all security recommendations affecting the organization.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
## HTTP request
```
GET /api/recommendations
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the list of security recommendations in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/recommendations
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
"value": [
{
"id": "va-_-microsoft-_-windows_10",
"productName": "windows_10",
"recommendationName": "Update Windows 10",
"weaknesses": 397,
"vendor": "microsoft",
"recommendedVersion": "",
"recommendationCategory": "Application",
"subCategory": "",
"severityScore": 0,
"publicExploit": true,
"activeAlert": false,
"associatedThreats": [
"3098b8ef-23b1-46b3-aed4-499e1928f9ed",
"40c189d5-0330-4654-a816-e48c2b7f9c4b",
"4b0c9702-9b6c-4ca2-9d02-1556869f56f8",
"e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d",
"94b6e94b-0c1d-4817-ac06-c3b8639be3ab"
],
"remediationType": "Update",
"status": "Active",
"configScoreImpact": 0,
"exposureImpact": 7.674418604651163,
"totalMachineCount": 37,
"exposedMachinesCount": 7,
"nonProductivityImpactedAssets": 0,
"relatedComponent": "Windows 10"
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

96
windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md Normal file
View File

@ -0,0 +1,96 @@
---
title: Get all vulnerabilities
description: Retrieves a list of all the vulnerabilities affecting the organization
keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get all vulnerabilities
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of all the vulnerabilities affecting the organization.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
## HTTP request
```
GET /api/vulnerabilities
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the list of vulnerabilities in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Vulnerabilities
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities",
"value": [
{
"id": "CVE-2019-0608",
"name": "CVE-2019-0608",
"description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
"severity": "Medium",
"cvssV3": 4.3,
"exposedMachines": 4,
"publishedOn": "2019-10-08T00:00:00Z",
"updatedOn": "2019-12-16T16:20:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
]
{
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

84
windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md Normal file
View File

@ -0,0 +1,84 @@
---
title: Get Device Secure score
description: Retrieves the organizational device secure score.
keywords: apis, graph api, supported apis, get, alerts, recent
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get Device Secure score
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves the organizational device secure score.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Score.Read.Alll | 'Read Threat and Vulnerability Management score'
Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
## HTTP request
```
GET /api/configurationScore
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK, with the with device secure score data in the response body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/configurationScore
```
**Response**
Here is an example of the response.
>[!NOTE]
>The response list shown here may be truncated for brevity.
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity",
"time": "2019-12-03T09:15:58.1665846Z",
"score": 340,
"rbacGroupId": null
}
```
## Related topics
- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)

93
windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md Normal file
View File

@ -0,0 +1,93 @@
---
title: Get discovered vulnerabilities
description: Retrieves a collection of discovered vulnerabilities related to a given machine ID.
keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get discovered vulnerabilities
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a collection of discovered vulnerabilities related to a given machine ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
## HTTP request
```
GET /api/machines/{machineId}/vulnerabilities
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the discovered vulnerability information in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities
```
**Response**
Here is an example of the response.
```
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [
{
"id": "CVE-2019-1348",
"name": "CVE-2019-1348",
"description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.",
"severity": "Medium",
"cvssV3": 4.3,
"exposedMachines": 1,
"publishedOn": "2019-12-13T00:00:00Z",
"updatedOn": "2019-12-13T00:00:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

89
windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md Normal file
View File

@ -0,0 +1,89 @@
---
title: Get exposure score
description: Retrieves the organizational exposure score.
keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get exposure score
**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves the organizational exposure score.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
## HTTP request
```
GET /api/exposureScore
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK, with the exposure data in the response body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/exposureScore
```
**Response**
Here is an example of the response.
>[!NOTE]
>The response list shown here may be truncated for brevity.
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity",
"time": "2019-12-03T07:23:53.280499Z",
"score": 33.491554051195706,
"rbacGroupId": null
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)

89
windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md Normal file
View File

@ -0,0 +1,89 @@
---
title: Get installed software
description: Retrieves a collection of installed software related to a given machine ID.
keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per machine, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get installed software
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a collection of installed software related to a given machine ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information'
Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
## HTTP request
```
GET /api/machines/{machineId}/software
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the installed software information in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software
```
**Response**
Here is an example of the response.
```
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software",
"value": [
{
"id": "microsoft-_-internet_explorer",
"name": "internet_explorer",
"vendor": "microsoft",
"weaknesses": 67,
"publicExploit": true,
"activeAlert": false,
"exposedMachines": 42115,
"impactScore": 46.2037163
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

100
windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md Normal file
View File

@ -0,0 +1,100 @@
---
title: List exposure score by machine group
description: Retrieves a list of exposure scores by machine group.
keywords: apis, graph api, supported apis, get, exposure score, machine group, machine group exposure score
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List exposure score by machine group
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a collection of alerts related to a given domain address.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Score.Read.All | 'Read Threat and Vulnerability Management score'
Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score'
## HTTP request
```
GET /api/exposureScore/ByMachineGroups
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK, with a list of exposure score per machine group data in the response body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups
```
**Response**
Here is an example of the response.
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore",
"value": [
{
"time": "2019-12-03T09:51:28.214338Z",
"score": 41.38041766305988,
"rbacGroupId": 10
},
{
"time": "2019-12-03T09:51:28.2143399Z",
"score": 37.403726933165366,
"rbacGroupId": 11
},
{
"time": "2019-12-03T09:51:28.2143407Z",
"score": 26.390921344426033,
"rbacGroupId": 9
},
{
"time": "2019-12-03T09:51:28.2143414Z",
"score": 23.58823563070858,
"rbacGroupId": 5
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score)

92
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md Normal file
View File

@ -0,0 +1,92 @@
---
title: List machines by software
description: Retrieve a list of machines that has this software installed.
keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List machines by software
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieve a list of machines that has this software installed.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
## HTTP request
```
GET /api/Software/{Id}/machineReferences
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK and a list of machines with the software installed in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences
```
**Response**
Here is an example of the response.
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences",
"value": [
{
"id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762",
"computerDnsName": "dave_desktop",
"osPlatform": "Windows10",
"rbacGroupId": 9
},
{
"id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d",
"computerDnsName": "jane_PC",
"osPlatform": "Windows10",
"rbacGroupId": 9
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

92
windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md Normal file
View File

@ -0,0 +1,92 @@
---
title: List machines by vulnerability
description: Retrieves a list of machines affected by a vulnerability.
keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List machines by vulnerability
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of machines affected by a vulnerability.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
## HTTP request
```
GET /api/vulnerabilities/{cveId}/machineReferences
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the vulnerability information in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
"value": [
{
"id": "235a2e6278c63fcf85bab9c370396972c58843de",
"computerDnsName": "h1mkn_PC",
"osPlatform": "Windows10",
"rbacGroupId": 1268
},
{
"id": "afb3f807d1a185ac66668f493af028385bfca184",
"computerDnsName": "chat_Desk ",
"osPlatform": "Windows10",
"rbacGroupId": 410
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

97
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md Normal file
View File

@ -0,0 +1,97 @@
---
title: Get recommendation by Id
description: Retrieves a security recommendation by its ID.
keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get recommendation by ID
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a security recommendation by its ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
## HTTP request
```
GET /api/recommendations/{id}
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the security recommendations in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity",
"id": "va-_-google-_-chrome",
"productName": "chrome",
"recommendationName": "Update Chrome",
"weaknesses": 38,
"vendor": "google",
"recommendedVersion": "",
"recommendationCategory": "Application",
"subCategory": "",
"severityScore": 0,
"publicExploit": false,
"activeAlert": false,
"associatedThreats": [],
"remediationType": "Update",
"status": "Active",
"configScoreImpact": 0,
"exposureImpact": 3.9441860465116285,
"totalMachineCount": 6,
"exposedMachinesCount": 5,
"nonProductivityImpactedAssets": 0,
"relatedComponent": "Chrome"
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

84
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md Normal file
View File

@ -0,0 +1,84 @@
---
title: Get recommendation by machines
description: Retrieves a list of machines associated with the security recommendation.
keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get recommendation by machines
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of machines associated with the security recommendation.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
## HTTP request
```
GET /api/recommendations/{id}/machineReferences
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the list of machines associated with the security recommendation.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences
```
**Response**
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences",
"value": [
{
"id": "e058770379bc199a9c179ce52a23e16fd44fd2ee",
"computerDnsName": "niw_pc",
"osPlatform": "Windows10",
"rbacGroupId": 2154
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

85
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md Normal file
View File

@ -0,0 +1,85 @@
---
title: Get recommendation by software
description: Retrieves a security recommendation related to a specific software.
keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get recommendation by software
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a security recommendation related to a specific software.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
## HTTP request
```
GET /api/recommendations/{id}/software
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the software associated with the security recommendations in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto",
"id": "google-_-chrome",
"name": "chrome",
"vendor": "google",
"weaknesses": 38,
"publicExploit": false,
"activeAlert": false,
"exposedMachines": 5,
"impactScore": 3.94418621
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

94
windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md Normal file
View File

@ -0,0 +1,94 @@
---
title: Get recommendation by vulnerabilities
description: Retrieves a list of vulnerabilities associated with the security recommendation.
keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get recommendation by vulnerabilities
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of vulnerabilities associated with the security recommendation.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
## HTTP request
```
GET /api/recommendations/{id}/vulnerabilities
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [
{
"id": "CVE-2019-13748",
"name": "CVE-2019-13748",
"description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.",
"severity": "Medium",
"cvssV3": 6.5,
"exposedMachines": 0,
"publishedOn": "2019-12-10T00:00:00Z",
"updatedOn": "2019-12-16T12:15:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

101
windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md Normal file
View File

@ -0,0 +1,101 @@
---
title: Get security recommendations
description: Retrieves a collection of security recommendations related to a given machine ID.
keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per machine, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get security recommendations
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a collection of security recommendations related to a given machine ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information'
Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information'
## HTTP request
```
GET /api/machines/{machineId}/recommendations
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the security recommendations in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations
```
**Response**
Here is an example of the response.
```
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations",
"value": [
{
"id": "va-_-git-scm-_-git",
"productName": "git",
"recommendationName": "Update Git to version 2.24.1.2",
"weaknesses": 3,
"vendor": "git-scm",
"recommendedVersion": "2.24.1.2",
"recommendationCategory": "Application",
"subCategory": "",
"severityScore": 0,
"publicExploit": false,
"activeAlert": false,
"associatedThreats": [],
"remediationType": "Update",
"status": "Active",
"configScoreImpact": 0,
"exposureImpact": 0,
"totalMachineCount": 0,
"exposedMachinesCount": 1,
"nonProductivityImpactedAssets": 0,
"relatedComponent": "Git"
},
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation)

86
windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md Normal file
View File

@ -0,0 +1,86 @@
---
title: Get software by Id
description: Retrieves a list of exposure scores by machine group.
keywords: apis, graph api, supported apis, get, software, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get software by Id
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves software details by ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
## HTTP request
```
GET /api/Software/{Id}
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the specified software data in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge
```
**Response**
Here is an example of the response.
```json
{
"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity",
"id": "microsoft-_-edge",
"name": "edge",
"vendor": "microsoft",
"weaknesses": 467,
"publicExploit": true,
"activeAlert": false,
"exposedMachines": 172,
"impactScore": 2.39947438
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

90
windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md Normal file
View File

@ -0,0 +1,90 @@
---
title: List software version distribution
description: Retrieves a list of your organization's software version distribution
keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List software version distribution
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves a list of your organization's software version distribution.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
## HTTP request
```
GET /api/Software/{Id}/distributions
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with a list of software distributions data in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions
```
**Response**
Here is an example of the response.
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions",
"value": [
{
"version": "11.0.17134.1039",
"installations": 1,
"vulnerabilities": 11
},
{
"version": "11.0.18363.535",
"installations": 750,
"vulnerabilities": 0
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

89
windows/security/threat-protection/microsoft-defender-atp/get-software.md Normal file
View File

@ -0,0 +1,89 @@
---
title: List software
description: Retrieves a list of software inventory
keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List software inventory API
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves the organization software inventory.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information'
Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
## HTTP request
```
GET /api/Software
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the software inventory in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Software
```
**Response**
Here is an example of the response.
```
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software",
"value": [
{
"id": "microsoft-_-edge",
"name": "edge",
"vendor": "microsoft",
"weaknesses": 467,
"publicExploit": true,
"activeAlert": false,
"exposedMachines": 172,
"impactScore": 2.39947438
}
]
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory)

92
windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md Normal file
View File

@ -0,0 +1,92 @@
---
title: List vulnerabilities by software
description: Retrieve a list of vulnerabilities in the installed software.
keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# List vulnerabilities by software
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieve a list of vulnerabilities in the installed software.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information'
## HTTP request
```
GET /api/Software/{Id}/vulnerabilities
```
## Request headers
| Name | Type | Description
|:--------------|:-------|:--------------|
| Authorization | String | Bearer {token}.**Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities
```
**Response**
Here is an example of the response.
```json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)",
"value": [
{
"id": "CVE-2017-0140",
"name": "CVE-2017-0140",
"description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.",
"severity": "Medium",
"cvssV3": 4.2,
"exposedMachines": 1,
"publishedOn": "2017-03-14T00:00:00Z",
"updatedOn": "2019-10-03T00:03:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
]
}
```

89
windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md Normal file
View File

@ -0,0 +1,89 @@
---
title: Get vulnerability by Id
description: Retrieves vulnerability information by its ID.
keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Get vulnerability by ID
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](../../includes/prerelease.md)]
Retrieves vulnerability information by its ID.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details.
Permission type | Permission | Permission display name
:---|:---|:---
Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information'
Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information'
## HTTP request
```
GET /api/vulnerabilities/{cveId}
```
## Request headers
Name | Type | Description
:---|:---|:---
Authorization | String | Bearer {token}. **Required**.
## Request body
Empty
## Response
If successful, this method returns 200 OK with the vulnerability information in the body.
## Example
**Request**
Here is an example of the request.
```
GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608
```
**Response**
Here is an example of the response.
```
Content-type: json
{
"@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity",
"id": "CVE-2019-0608",
"name": "CVE-2019-0608",
"description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.",
"severity": "Medium",
"cvssV3": 4.3,
"exposedMachines": 4,
"publishedOn": "2019-10-08T00:00:00Z",
"updatedOn": "2019-12-16T16:20:00Z",
"publicExploit": false,
"exploitVerified": false,
"exploitInKit": false,
"exploitTypes": [],
"exploitUris": []
}
```
## Related topics
- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)

60
windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md Normal file
View File

@ -0,0 +1,60 @@
---
title: Helpful Microsoft Defender Advanced Threat Protection resources
description: Access helpful resources such as links to blogs and other resources related to Microsoft Defender Advanced Threat Protection
keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Helpful Microsoft Defender Advanced Threat Protection resources
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Access helpful resources such as links to blogs and other resources related to Microsoft Defender Advanced Threat Protection.
## Endpoint protection platform
- [Top scoring in industry
tests](https://docs.microsoft.com/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests)
- [Inside out: Get to know the advanced technologies at the core of Microsoft
Defender ATP next generation
protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/)
- [Protecting disconnected devices with Microsoft Defender
ATP](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Protecting-disconnected-devices-with-Microsoft-Defender-ATP/ba-p/500341)
- [Tamper protection in Microsoft Defender
ATP](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-in-Microsoft-Defender-ATP/ba-p/389571)
## Endpoint Detection Response
- [Incident response at your fingertips with Microsoft Defender ATP live
response](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Incident-response-at-your-fingertips-with-Microsoft-Defender-ATP/ba-p/614894)
## Threat Vulnerability Management
- [Microsoft Defender ATP Threat & Vulnerability Management now publicly
available!](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/MDATP-Threat-amp-Vulnerability-Management-now-publicly-available/ba-p/460977)
## Operational
- [The Golden Hour remake - Defining metrics for a successful security
operations](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/The-Golden-Hour-remake-Defining-metrics-for-a-successful/ba-p/782014)
- [Microsoft Defender ATP Evaluation lab is now available in public preview
](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-Evaluation-lab-is-now-available-in-public/ba-p/770271)
- [How automation brings value to your security
teams](https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/How-automation-brings-value-to-your-security-teams/ba-p/729297)

BIN
windows/security/threat-protection/microsoft-defender-atp/images/09833d16df7f37eda97ea1d5009b651a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.3 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/0a6536f2c4024c08709cac8fcf800060.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 90 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/0ccfe3e803be4b56c668b220b51da7f7.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/112a19b825f4e7b60795ffbd1be52fa9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/13201b477bc9a9ae0020814915fe80cc.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/1566ad81bae3d714cc9e0d47575a8cbd.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 373 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/1b9f85316170cfe24b46330afa8517d5.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/1c3795a91872940f0850bcd1619d6d17.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/1e439168370e6821083f2c0e91cfabef.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/2177e2b9b72a444243acd770e7017457.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 365 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/227f249bcb6e7f29c4d43aa1ffaccd20.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/24bfb16ed561cbb468bd8ce51130ca9d.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/262a41839704d6da2bbd72ed6b4a826a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/26efa2711bca78f6b6d73712f86b5bd9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 121 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/2c7f9d05a2ebd19607cc76b6933b945b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/33f08a38f2f4dd12a364f8eac95e8c6b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 464 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/36c7c2ed737f2f4b54918a4f20791d4b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 289 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/3876ca687391bfc0ce215d221c683970.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 483 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/3a01c7970ce3ec977a35883c0a01f0a2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/3c1cf2e3df19509b198c084f264b410d.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/41b9a023bc96364062c2041a8f5c344e.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 263 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/4a37f3687e6ff53a593d3670b1dad3aa.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/5420a8790c550f39f189830775a6d4c9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 261 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/653db482c7ccaf31d06f29fb2aa24b7a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/6d325a2f9a638337823e03ad5ca08651.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/728c10ef26042bbdbcd270b6343f1a8a.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 588 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/80db725cdf6502f4579b7513e5e8ecd4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 205 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/8999dd697e3b495c04eb911f8b68a1ef.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 376 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/91b738e4b97c4272fd6d438d8c2d5269.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/945c9c5d66797037c3caeaa5c19f135c.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 343 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/95d23a07c2c8bc79176788f28cef7557.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 266 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/9736e0358e86bc778ce1bd4c516adb8b.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 297 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/a22081b675da83e8f62a046ae6922b0d.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.3 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/a28afc02c1940d5220b233640364970c.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 374 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/a8b934dab2dbba289cf64fe30e0e8aa4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 303 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/a9d3cd78aa5ca90d3c2fbd2e57618faf.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/adc17988b0984ca2aa3ff8f41ddacaf9.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/c039b2e05dba1ade6fb4512456380c9f.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 102 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/cd7daeb392ad5a36f2d3a15d650f1e96.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 307 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/cf5f3aa9ab4dafc99cac2571e9fba84e.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 127 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/d18e40c9e60aecf1f9a93065cb7567bd.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 433 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/e156a7ef87ea6472d57a3dc594bf08c2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.3 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/f5508317cd8c7870627cb4726acd5f3d.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 463 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/f91f406e6e0aae197a947d3b0e8b2d0d.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/mdatp-platform.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/remediationtype-swupdatefilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/remediationtype_swupdatefilter.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 69 KiB

After

Width:  |  Height:  |  Size: 72 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-addrule.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-confirm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-device-collection.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-create-policy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 51 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-criteria.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-device-collections.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-direct-membership.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-limiting-collection.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-membership-rules.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-policy-name.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-query-rule.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/sccm-simple-value.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/secrec-flyouteolsw.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

Some files were not shown because too many files have changed in this diff Show More