deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into tvm-event-insights

Browse Source
This commit is contained in:
Beth Levin
2020-07-01 19:17:39 -07:00
parent 3f543e9ba4 1a6653227a
commit 739c11aad8
32 changed files with 429 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/TOC.md
View File

@ -33,7 +33,7 @@
#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
#### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md)
#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
#### [Configuration score](microsoft-defender-atp/configuration-score.md)
#### [Microsoft Secure Score for Devices](microsoft-defender-atp/tvm-microsoft-secure-score-devices.md)
#### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
#### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
#### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
@ -219,6 +219,7 @@
##### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
##### [Set preferences](microsoft-defender-atp/mac-preferences.md)
##### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
##### [Schedule scans](microsoft-defender-atp/mac-schedule-scan-atp.md)
#### [Troubleshoot]()
##### [Troubleshoot installation issues](microsoft-defender-atp/mac-support-install.md)

13
windows/security/threat-protection/index.md
View File

@ -1,7 +1,7 @@
---
title: Threat Protection (Windows 10)
description: Learn how Microsoft Defender ATP helps protect against threats.
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, configuration score, advanced hunting, cyber threat hunting, web threat protection
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -54,7 +54,7 @@ This built-in capability uses a game-changing risk-based approach to the discove
- [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
- [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
- [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
- [Configuration score](microsoft-defender-atp/configuration-score.md)
- [Microsoft Secure Score for Devices](microsoft-defender-atp/tvm-microsoft-secure-score-devices.md)
- [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
- [Remediation](microsoft-defender-atp/tvm-remediation.md)
- [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
@ -111,12 +111,11 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
<a name="ss"></a>
**[Configuration Score](microsoft-defender-atp/configuration-score.md)**<br>
>[!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) as [Configuration score](microsoft-defender-atp/configuration-score.md).
**[Microsoft Secure Score for Devices](microsoft-defender-atp/tvm-microsoft-secure-score-devices.md)**<br>
Microsoft Defender ATP includes a configuration score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- [Configuration score](microsoft-defender-atp/configuration-score.md)
Microsoft Defender ATP includes a Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- [Microsoft Secure Score for Devices](microsoft-defender-atp/tvm-microsoft-secure-score-devices.md)
- [Threat analytics](microsoft-defender-atp/threat-analytics.md)
<a name="mte"></a>

4
windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-defender-antivirus.md
View File

@ -32,8 +32,8 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender
| |Advantage |Why it matters |
|--|--|--|
|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
|2|Threat analytics and your configuration score |Microsoft Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Microsoft Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
|2|Threat analytics and your score for devices |Microsoft Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [Microsoft Secure Score for Devices](../microsoft-defender-atp/tvm-microsoft-secure-score-devices.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|3|Performance |Microsoft Defender ATP is designed to work with Microsoft Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Microsoft Defender Antivirus](evaluate-microsoft-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).|
|4|Details about blocked malware |More details and actions for blocked malware are available with Microsoft Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
|5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).|

1
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 11/12/2019
---
# DeviceTvmSecureConfigurationAssessment

1
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 11/12/2019
---
# DeviceTvmSecureConfigurationAssessmentKB

1
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 11/12/2019
---
# DeviceTvmSoftwareInventoryVulnerabilities

1
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 11/12/2019
---
# DeviceTvmSoftwareVulnerabilitiesKB

4
windows/security/threat-protection/microsoft-defender-atp/android-intune.md
View File

@ -136,7 +136,7 @@ Options](https://docs.microsoft.com/mem/intune/enrollment/android-enroll) .
As Microsoft Defender ATP for Android is deployed via managed Google Play,
updates to the app are automatic via Google Play.
Currently only Work Profile, Fully Managed devices are supported for deployment.
Currently only Work Profile enrolled devices are supported for deployment.
>[!NOTE]
@ -265,7 +265,7 @@ assignment.
## Complete onboarding and check status
1. Confirm the installation status of Microsoft Defender ATP for Android by
clicking on the **Device Install Status**. Verif that the device is
clicking on the **Device Install Status**. Verify that the device is
displayed here.
![Image of device installation status](images/900c0197aa59f9b7abd762ab2b32e80c.png)

14
windows/security/threat-protection/microsoft-defender-atp/configure-and-manage-tvm.md
View File

@ -39,7 +39,15 @@ Ensure that you have the right RBAC permissions to configure your Threat & Vulne
>- End-user alternative: For more information on joining an Azure AD domain, see [Set up Azure Active Directory joined devices](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup).
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Configuration score](configuration-score.md)
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)

BIN
windows/security/threat-protection/microsoft-defender-atp/images/ta.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 199 KiB

After

Width:  |  Height:  |  Size: 152 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/ta_dashboard.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 144 KiB

After

Width:  |  Height:  |  Size: 66 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-dashboard-devices.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 194 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/tvm-dashboard-nav.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 196 KiB

78
windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md Normal file
View File

@ -0,0 +1,78 @@
---
title: How to schedule scans with MDATP for macOS
description: Learn how to schedule an automatic scanning time for Microsoft Defender ATP in macOS to better protect your organization's assets.
keywords: microsoft, defender, atp, mac, scans, antivirus
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dansimp
author: dansimp
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Schedule scans with Microsoft Defender ATP for Mac
While you can start a threat scan at any time with Microsoft Defender ATP, your enterprise might benefit from scheduled or timed scans. For example, you can schedule a scan to run at the beginning of every workday or week. Create a scanning schedule using launchd on a macOS computer.
## Schedule a scan with launchd
1. Create a new .xml file. Use the following example to create your scanning schedule file.
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.microsoft.wdav.schedquickscan</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>-c<string>
<string>/usr/local/bin/mdatp --scan --quick<string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key><dict>
<key>Day</key>
<integer>3</integer>
<key>Hour</key>
<integer>2</integer>
<key>Minute</key>
<integer>0</integer>
<key>Weekday</key>
<integer>5</integer>
</dict>
<key>StartInterval</key>
<integer>604800</integer>
<key>WorkingDirectory</key>
<string>/usr/local/bin/</string>
</dict>
</plist>
```
2. Save the file as a program configuration file (.plist) with the name com.microsoft.wdav.schedquickscan.plist.
>[!NOTE]
>To change a quick scan to a full scan, use /usr/local/bin/mdatp --scan full in the array string and update your .plist filename.
3. Search for, and then open **Terminal**.
4. To load your file into **launchd**, enter the following commands:
```bash
`$ launchctl load /Library/LaunchDaemons/<your file name.plist>`
`$ launchctl start <your file name>`
```
5. Your scheduled scan runs at the date, time, and frequency you defined in your .plist file. In the example, the scan runs at 2:00 AM every 7 days on a Friday, with the StartInterval using 604800 seconds for one week.
> [!NOTE]
> Agents executed with launchd will not run at the scheduled time if the computer is asleep, but will run once the computer is awake. If the computer is off, the scan will not run until the computer is on at the next scheduled time.

6
windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md
View File

@ -102,11 +102,9 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
<a name="ss"></a>
**[Configuration score](configuration-score.md)**<br>
> [!NOTE]
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md).
**[Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)**<br>
Microsoft Defender ATP includes a configuration score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
Microsoft Defender ATP includes Microsoft Secure Score for Devices to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
<a name="mte"></a>

2
windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md
View File

@ -110,7 +110,7 @@ See the following topics for related APIs:
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)

2
windows/security/threat-protection/microsoft-defender-atp/portal-overview.md
View File

@ -57,7 +57,7 @@ Area | Description
**Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool.
**Reports** | View graphs detailing threat protection, device health and compliance, web protection, and vulnerability.
**Partners & APIs** | View supported partner connections, which enhance the detection, investigation, and threat intelligence capabilities of the platform. You can also view connected applications, the API explorer, API usage overview, and data export settings.
**Threat & Vulnerability management** | View your configuration score, exposure score, exposed devices, vulnerable software, and take action on top security recommendations.
**Threat & Vulnerability management** | View your Microsoft Secure Score for Devices, exposure score, exposed devices, vulnerable software, and take action on top security recommendations.
**Evaluation and tutorials** | Manage test devices, attack simulations, and reports. Learn and experience the Microsoft Defender ATP capabilities through a guided walk-through in a trial environment.
**Service health** | Provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues.
**Configuration management** | Displays on-boarded devices, your organizations' security baseline, predictive analysis, web protection coverage, and allows you to perform attack surface management on your devices.

12
windows/security/threat-protection/microsoft-defender-atp/recommendation.md
View File

@ -35,7 +35,7 @@ Method |Return Type |Description
## Properties
Property | Type | Description
Property | Type | Description
:---|:---|:---
id | String | Recommendation ID
productName | String | Related software name
@ -43,15 +43,15 @@ recommendationName | String | Recommendation name
Weaknesses | Long | Number of discovered vulnerabilities
Vendor | String | Related vendor name
recommendedVersion | String | Recommended version
recommendationCategory | String | Recommendation category. Possible values are: Accounts, Application, Network, OS, SecurityStack
recommendationCategory | String | Recommendation category. Possible values are: "Accounts", "Application", "Network", "OS", "SecurityStack
subCategory | String | Recommendation sub-category
severityScore | Double | Potential impact of the configuration to the organizations configuration score (1-10)
severityScore | Double | Potential impact of the configuration to the organization's Microsoft Secure Score for Devices (1-10)
publicExploit | Boolean | Public exploit is available
activeAlert | Boolean | Active alert is associated with this recommendation
associatedThreats | String collection | Threat analytics report is associated with this recommendation
remediationType | String | Remediation type. Possible values are: ConfigurationChange”,“Update”,“Upgrade”,”Uninstall
Status | Enum | Recommendation exception status. Possible values are: Active and Exception
configScoreImpact | Double | Configuration score impact
remediationType | String | Remediation type. Possible values are: "ConfigurationChange","Update","Upgrade","Uninstall"
Status | Enum | Recommendation exception status. Possible values are: "Active" and "Exception"
configScoreImpact | Double | Microsoft Secure Score for Devices impact
exposureImpacte | Double | Exposure score impact
totalMachineCount | Long | Number of installed devices
exposedMachinesCount | Long | Number of installed devices that are exposed to vulnerabilities

22
windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md
View File

@ -41,28 +41,30 @@ The threat analytics dashboard is a great jump off point for getting to the repo
![Image of a threat analytics dashboard](images/ta_dashboard.png)
Select a threat on any of the overviews or on the table to view the report for that threat.
Select a threat from any of the overviews or from the table to view the report for that threat.
## View a threat analytics report
Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides worldwide impact information, mitigation recommendations, and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides mitigation recommendations and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat.
![Image of a threat analytics report](images/ta.png)
### Organizational impact
Each report includes cards designed to provide information about the organizational impact of a threat:
- **Devices with alerts** — shows the current number of distinct devices in your organization that have been impacted by the threat. A device is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
- **Devices with alerts** — shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved.
- **Devices with alerts over time** — shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days.
### Organizational resilience
Each report also includes cards that provide an overview of how resilient your organization can be against a given threat:
- **Mitigation status** — shows the number of devices that have and have not applied mitigations for the threat. Devices are considered mitigated if they have all the measurable mitigations in place.
- **Security configuration status** — shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings.
- **Vulnerability patching status** — shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat.
- **Mitigation recommendations** — lists specific actionable recommendations to improve your visibility into the threat and increase your organizational resilience. This card lists only measurable mitigations along with the number of devices that don't have these mitigations in place.
- **Mitigation details** — lists specific actionable recommendations that can help you increase your organizational resilience. This card lists tracked mitigations, including recommended settings and vulnerability patches, along with the number of devices that don't have the mitigations in place.
>[!IMPORTANT]
>- Charts only reflect mitigations that are measurable, meaning an evaluation can be made on whether a device has applied the mitigations or not. Check the report overview for additional mitigations that are not reflected in the charts.
>- Even if all mitigations were measurable, they don't guarantee complete resilience. They reflect the best possible actions needed to improve resiliency.
### Additional report details and limitations
When using the reports, keep the following in mind:
>[!NOTE]
>Devices are counted as "unavailable" if they have been unable to transmit data to the service.
- Data is scoped based on your RBAC permissions. You will only see the status of devices that you have been granted access to on the RBAC.
- Charts reflect only mitigations that are tracked. Check the report overview for additional mitigations that are not reflected in the charts.
- Mitigations don't guarantee complete resilience. The provided mitigations reflect the best possible actions needed to improve resiliency.
- Devices are counted as "unavailable" if they have been unable to transmit data to the service.
- Antivirus related statistics are based on Microsoft Defender Antivirus settings. Devices with third-party antivirus solutions can appear as "exposed".

6
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
View File

@ -122,10 +122,14 @@ A full page will appear with all the details of a specific software, including a
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)
- [Event timeline](threat-and-vuln-mgt-event-timeline.md)
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
- [Advanced hunting overview](overview-hunting.md)
- [All advanced hunting tables](advanced-hunting-reference.md)

4
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -1,7 +1,7 @@
---
title: Threat & Vulnerability Management scenarios
description: Learn how Threat & Vulnerability Management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats.
keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase configuration score, increase threat & vulnerability configuration score, configuration score, exposure score, security controls
keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -56,7 +56,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)

22
windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md
View File

@ -1,7 +1,7 @@
---
title: Threat & Vulnerability Management dashboard insights
description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
search.appverid: met150
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -32,13 +32,13 @@ Threat & Vulnerability Management is a component of Microsoft Defender ATP, and
You can use the Threat & Vulnerability Management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
- View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices
- View exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices
- Correlate EDR insights with endpoint vulnerabilities and process them
- Select remediation options, triage and track the remediation tasks
- Select exception options and track active exceptions
> [!NOTE]
> Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and configuration score.
> Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and Microsoft Secure Score for Devices.
Watch this video for a quick overview of what is in the Threat & Vulnerability Management dashboard.
@ -46,15 +46,7 @@ Watch this video for a quick overview of what is in the Threat & Vulnerability M
## Threat & Vulnerability Management in Microsoft Defender Security Center
When you open the portal, you'll see the main areas of the capability:
- (1) Menu to open the navigation pane
- (2) Threat & Vulnerability Management navigation pane
- (3) Threat & Vulnerability Management dashboard
![Microsoft Defender Advanced Threat Protection portal](images/tvm_dashboard.png)
![Threat & Vulnerability Management menu](images/tvm-menu.png)
![Microsoft Defender Advanced Threat Protection portal](images/tvm-dashboard-devices.png)
You can navigate through the portal using the menu options available in all sections. Refer to the following tables for a description of each section.
@ -62,7 +54,7 @@ You can navigate through the portal using the menu options available in all sect
Area | Description
:---|:---
**Dashboard** | Get a high-level view of the organization exposure score, organization configuration score, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed devices data.
**Dashboard** | Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
[**Security recommendations**](tvm-remediation.md) | See the list of security recommendations, their related components, whether software or software versions in your network have reached end-of-support, insights, number or exposed devices, impact, and request for remediation. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your devices are joined through Azure Active Directory and you have enabled your Intune connections in Microsoft Defender ATP.
[**Remediation**](tvm-remediation.md) | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV, and active exceptions.
[**Software inventory**](tvm-software-inventory.md) | See the list of software, versions, weaknesses, whether there's an exploit found on the software, whether the software or software version has reached end-of-support, prevalence in the organization, how many were installed, how many exposed devices there are, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected device, version distribution details, and missing KBs or security updates.
@ -74,7 +66,7 @@ Area | Description
:---|:---
**Selected device groups (#/#)** | Filter the Threat & Vulnerability Management data you want to see in the dashboard and cards by device groups. What you select in the filter applies throughout the Threat & Vulnerability management pages.
[**Exposure score**](tvm-exposure-score.md) | See the current state of your organization's device exposure to threats and vulnerabilities. Several factors affect your organization's exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower the exposure score of your organization to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations.
[**Configuration score**](configuration-score.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your configuration score. Selecting the bars will take you to the **Security recommendation** page.
[**Microsoft Secure Score for Devices**](tvm-microsoft-secure-score-devices.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your score for devices. Selecting the bars will take you to the **Security recommendation** page.
**Device exposure distribution** | See how many devices are exposed based on their exposure level. Select a section in the doughnut chart to go to the **Devices list** page and view the affected device names, exposure level, risk level, and other details such as domain, operating system platform, its health state, when it was last seen, and its tags.
**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization's risk exposure and the urgency that it requires. Select **Show more** to see the rest of the security recommendations in the list or **Show exceptions** for the list of recommendations that have an exception.
**Top vulnerable software** | Get real-time visibility into your organization's software inventory with a stack-ranked list of vulnerable software installed on your network's devices and how they impact your organizational exposure score. Select an item for details or **Show more** to see the rest of the vulnerable software list in the **Software inventory** page.
@ -88,7 +80,7 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)

2
windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
View File

@ -62,7 +62,7 @@ Lower your threat and vulnerability exposure by remediating [security recommenda
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)

22
windows/security/threat-protection/microsoft-defender-atp/configuration-score.md → windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md
View File

@ -1,7 +1,7 @@
---
title: Overview of Configuration score in Microsoft Defender Security Center
description: Your configuration score shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls
keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
title: Overview of Microsoft Secure Score for Devices in Microsoft Defender Security Center
description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls
keywords: Microsoft Secure Score for Devices, mdatp Microsoft Secure Score for Devices, secure score, configuration score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -16,16 +16,16 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
---
# Configuration score
# Microsoft Secure Score for Devices
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>[!NOTE]
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
> Configuration score is now part of Threat & Vulnerability Management as Microsoft Secure Score for Devices.
Your Configuration score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories:
Your score for devices is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories:
- Application
- Operating system
@ -38,9 +38,9 @@ Select a category to go to the [**Security recommendations**](tvm-security-recom
## How it works
>[!NOTE]
> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
> Microsoft Secure Score for Devices currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
@ -49,9 +49,9 @@ The data in the configuration score card is the product of meticulous and ongoin
## Improve your security configuration
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
1. From the Configuration score card in the Threat & Vulnerability Management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
1. From the Microsoft Secure Score for Devices card in the Threat & Vulnerability Management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
@ -67,7 +67,7 @@ You can improve your security configuration when you remediate issues from the s
6. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
7. Review the **Configuration score** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
7. Review the **Microsoft Secure Score for Devices** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your Microsoft Secure Score for Devices should increase.
>[!IMPORTANT]
>To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:

10
windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
View File

@ -56,7 +56,7 @@ Once you are in the Remediation page, select the remediation activity that you w
## Exceptions
When you [file for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
When you [file for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md).
The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status.
@ -77,11 +77,11 @@ The following statuses will be a part of an exception:
### Exception impact on scores
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Configuration Score (for configurations) of your organization in the following manner:
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner:
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores.
- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Configuration Score results out of the exception option that you made
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made.
The exception impact shows on both the Security recommendations page column and in the flyout pane.
@ -99,7 +99,7 @@ Select **Show exceptions** at the bottom of the **Top security recommendations**
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)

8
windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
View File

@ -58,7 +58,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit
### Top security recommendations in the Threat & Vulnerability Management dashboard
In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png)
@ -66,7 +66,7 @@ The top security recommendations lists the improvement opportunities prioritized
## Security recommendations overview
View recommendations, the number of weaknesses found, related components, threat insights, number of exposed devices, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
View recommendations, the number of weaknesses found, related components, threat insights, number of exposed devices, status, remediation type, remediation activities, impact to your exposure score and Microsoft Secure Score for Devices, and associated tags.
The color of the **Exposed devices** graph changes as the trend changes. If the number of exposed devices is on the rise, the color changes into red. If there's a decrease in the number of exposed devices, the color of the graph will change into green.
@ -135,8 +135,6 @@ As an alternative to a remediation request, you can create exceptions for recomm
There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
Exceptions can be created for both Security update and Configuration change recommendations.
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
1. Select a security recommendation you would like create an exception for, and then **Exception options**.
@ -212,7 +210,7 @@ After you have identified which software and software versions are vulnerable du
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)
- [Weaknesses](tvm-weaknesses.md)

2
windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md
View File

@ -86,7 +86,7 @@ You can report a false positive when you see any vague, inaccurate version, inco
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Weaknesses](tvm-weaknesses.md)

4
windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
View File

@ -1,7 +1,7 @@
---
title: Threat & Vulnerability Management supported operating systems and platforms
description: Before you begin, ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your all devices are properly accounted for.
keywords: threat & vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
keywords: threat & vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
search.appverid: met150
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -46,7 +46,7 @@ Some of the above prerequisites might be different from the [Minimum requirement
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)

2
windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
View File

@ -127,7 +127,7 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
- [Supported operating systems and platforms](tvm-supported-os.md)
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [Exposure score](tvm-exposure-score.md)
- [Configuration score](configuration-score.md)
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
- [Security recommendations](tvm-security-recommendation.md)
- [Remediation and exception](tvm-remediation.md)
- [Software inventory](tvm-software-inventory.md)

4
windows/security/threat-protection/microsoft-defender-atp/use.md
View File

@ -39,5 +39,5 @@ Topic | Description
:---|:---
[Portal overview](portal-overview.md) | Understand the portal layout and area descriptions.
[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the devices on your network, investigate devices, files, and URLs, and see snapshots of threats seen on devices.
[View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) | The **Threat & Vulnerability Management dashboard** lets you view exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices.
[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify devices for the presence or absence of mitigations.
[View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) | The **Threat & Vulnerability Management dashboard** lets you view exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed devices.
[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify devices for the presence or absence of mitigations.