mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 06:17:22 +00:00
change machines view to machine list
This commit is contained in:
Joey Caparas
parent
8a65d0e3fd
commit
75f75b76f0
@ -112,8 +112,8 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -30,7 +30,7 @@ There are two status indicators on the tile that provide information on the numb
|
|||||||
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
|
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
|
||||||
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
|
- **Misconfigured** - These machines might partially be reporting sensor data to the Windows Defender ATP service and might have configuration errors that need to be corrected.
|
||||||
|
|
||||||
Clicking any of the groups directs you to Machines view, filtered according to your choice.
|
Clicking any of the groups directs you to Machines list, filtered according to your choice.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ You can view the machine details when you click on a misconfigured or inactive m
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
In the **Machines view**, you can download a full list of all the machines in your organization in a CSV format. To download, click the **Manage Alert** menu icon on the top corner of the page.
|
In the **Machines list**, you can download a full list of all the machines in your organization in a CSV format. To download, click the **Manage Alert** menu icon on the top corner of the page.
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Export the list in CSV format to display the unfiltered data. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is.
|
>Export the list in CSV format to display the unfiltered data. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself and can take a significant amount of time to download, depending on how large your organization is.
|
||||||
|
|||||||
@ -109,11 +109,11 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
|
|||||||
|
|
||||||
## Monitor endpoints using the portal
|
## Monitor endpoints using the portal
|
||||||
1. Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
|
1. Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
|
||||||
2. Click **Machines view**.
|
2. Click **Machines list**.
|
||||||
3. Verify that endpoints are appearing.
|
3. Verify that endpoints are appearing.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
|
> It can take several days for endpoints to start showing on the **Machines list**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
|
|||||||
@ -80,7 +80,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
When the policy is deployed and is propagated, endpoints will be shown in the **Machines view**.
|
When the policy is deployed and is propagated, endpoints will be shown in the **Machines list**.
|
||||||
|
|
||||||
You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
|
You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
|
||||||
- Onboarding
|
- Onboarding
|
||||||
|
|||||||
@ -107,7 +107,7 @@ Monitoring can also be done directly on the portal, or by using the different de
|
|||||||
### Monitor endpoints using the portal
|
### Monitor endpoints using the portal
|
||||||
1. Go to the Windows Defender ATP portal.
|
1. Go to the Windows Defender ATP portal.
|
||||||
|
|
||||||
2. Click **Machines view**.
|
2. Click **Machines list**.
|
||||||
|
|
||||||
3. Verify that endpoints are appearing.
|
3. Verify that endpoints are appearing.
|
||||||
|
|
||||||
|
|||||||
@ -51,9 +51,9 @@ This tile shows you a list of machines with the highest number of active alerts.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
|
Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
You can also click **Machines list** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
|
You can also click **Machines list** at the top of the tile to go directly to the **Machines list**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines list](investigate-machines-windows-defender-advanced-threat-protection.md).
|
||||||
|
|
||||||
## Users at risk
|
## Users at risk
|
||||||
The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
|
The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
|
||||||
@ -81,7 +81,7 @@ The chart is sorted into five categories:
|
|||||||
|
|
||||||
Threats are considered "active" if there is a very high probability that the malware was executing on your network, as opposed to statically located on-disk.
|
Threats are considered "active" if there is a very high probability that the malware was executing on your network, as opposed to statically located on-disk.
|
||||||
|
|
||||||
Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
|
Clicking on any of these categories will navigate to the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
|
> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
|
||||||
@ -115,8 +115,8 @@ The **Daily machines reporting** tile shows a bar graph that represents the numb
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP ](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -79,8 +79,8 @@ Selecting an alert detail brings up the **Details pane** where you'll be able to
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -49,8 +49,8 @@ The **Communication with URL in organization** section provides a chronological
|
|||||||
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -57,8 +57,8 @@ This allows for greater accuracy in defining entities to display such as if and
|
|||||||
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -57,8 +57,8 @@ Clicking any of the machine names will take you to that machine's view, where yo
|
|||||||
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
- [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Investigate machines in the Windows Defender ATP Machines view
|
title: Investigate machines in the Windows Defender ATP Machines list
|
||||||
description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view.
|
description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines list.
|
||||||
keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity
|
keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
@ -11,7 +11,7 @@ author: mjcaparas
|
|||||||
localizationpriority: high
|
localizationpriority: high
|
||||||
---
|
---
|
||||||
|
|
||||||
# Investigate machines in the Windows Defender ATP Machines view
|
# Investigate machines in the Windows Defender ATP Machines list
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
@ -26,7 +26,7 @@ Investigate the details of an alert raised on a specific machine to identify oth
|
|||||||
|
|
||||||
You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas:
|
You can click on affected machines whenever you see them in the portal to open a detailed report about that machine. Affected machines are identified in the following areas:
|
||||||
|
|
||||||
- The [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- The [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
|
- The [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
|
||||||
- The [Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
|
- The [Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
|
||||||
- Any individual alert
|
- Any individual alert
|
||||||
@ -97,7 +97,7 @@ You can also export detailed event data from the machine timeline to conduct off
|
|||||||
### Navigate between pages
|
### Navigate between pages
|
||||||
Use the events per page drop-down to choose the number of alerts you’d like to see on the page. You can choose to display 20, 50, or 100 events per page. You can also move between pages by clicking **Older** or **Newer**.
|
Use the events per page drop-down to choose the number of alerts you’d like to see on the page. You can choose to display 20, 50, or 100 events per page. You can also move between pages by clicking **Older** or **Newer**.
|
||||||
|
|
||||||
From the **Machines view**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line.
|
From the **Machines list**, you can also navigate to the file, IP, or URL view and the timeline associated with an alert is retained, helping you view the investigation from different angles and retain the context of the event time line.
|
||||||
|
|
||||||
From the list of events that are displayed in the timeline, you can examine the behaviors or events in to help identify indicators of interests such as files and IP addresses to help determine the scope of a breach. You can then use the information to respond to events and keep your system secure.
|
From the list of events that are displayed in the timeline, you can examine the behaviors or events in to help identify indicators of interests such as files and IP addresses to help determine the scope of a breach. You can then use the information to respond to events and keep your system secure.
|
||||||
|
|
||||||
@ -117,7 +117,7 @@ This enhances the ‘in-context’ information across investigation and explorat
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -69,7 +69,7 @@ You can filter the results by the following time periods:
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -23,14 +23,14 @@ localizationpriority: high
|
|||||||
|
|
||||||
The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
|
The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
|
||||||
|
|
||||||
Use the Machines view in these main scenarios:
|
Use the Machines list in these main scenarios:
|
||||||
|
|
||||||
- **During onboarding**</br>
|
- **During onboarding**</br>
|
||||||
During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
|
During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
|
||||||
- **Day-to-day work**
|
- **Day-to-day work**
|
||||||
The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
|
The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
|
||||||
|
|
||||||
## Sort, filter, and download the list of machines from the Machines view
|
## Sort, filter, and download the list of machines from the Machines list
|
||||||
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
|
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
|
||||||
|
|
||||||
Filter the **Machines list** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
|
Filter the **Machines list** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
|
||||||
@ -70,7 +70,7 @@ You can download a full list of all the machines in your organization, in CSV f
|
|||||||
**Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
|
**Note**: Exporting the list depends on the number of machines in your organization. It might take a significant amount of time to download, depending on how large your organization is.
|
||||||
Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
|
Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
|
||||||
|
|
||||||
## Sort the Machines view
|
## Sort the Machines list
|
||||||
You can sort the **Machines list** by the following columns:
|
You can sort the **Machines list** by the following columns:
|
||||||
|
|
||||||
- **Machine name** - Name or GUID of the machine
|
- **Machine name** - Name or GUID of the machine
|
||||||
@ -91,7 +91,7 @@ You can sort the **Machines list** by the following columns:
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -105,7 +105,7 @@ Each rule shows:
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -45,14 +45,14 @@ You can navigate through the portal using the menu options available in all sect
|
|||||||
Area | Description
|
Area | Description
|
||||||
:---|:---
|
:---|:---
|
||||||
(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
|
(1) Search bar, Feedback, Settings, Help and support | **Search** - Provides access to the search bar where you can search for file, IP, machine, URL, and user. Displays the Search box: the drop-down list allows you to select the entity type and then enter the search query text. </br> **Feedback** -Access the feedback button to provide comments about the portal. </br> **Settings** - Gives you access to the configuration settings where you can set time zones, alert suppression rules, and license information. </br> **Help and support** - Gives you access to the Windows Defender ATP guide, Microsoft support, and Premier support.
|
||||||
(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Service health**, **Preferences setup**, and **Enpoint Management**.
|
(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines list**, **Service health**, **Preferences setup**, and **Enpoint Management**.
|
||||||
**Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
|
**Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
|
||||||
**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
|
**Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
|
||||||
**Machines view** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
|
**Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
|
||||||
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues.
|
**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues.
|
||||||
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
|
**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features.
|
||||||
**Endpoint Management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
|
**Endpoint Management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding.
|
||||||
(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view.
|
(3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines list.
|
||||||
|
|
||||||
## Windows Defender ATP icons
|
## Windows Defender ATP icons
|
||||||
The following table provides information on the icons used all throughout the portal:
|
The following table provides information on the icons used all throughout the portal:
|
||||||
|
|||||||
@ -40,7 +40,7 @@ Topic | Description
|
|||||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -24,12 +24,12 @@ localizationpriority: high
|
|||||||
You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
|
You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
|
||||||
This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
|
This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
|
||||||
|
|
||||||
If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem.
|
If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem.
|
||||||
|
|
||||||
## Troubleshoot onboarding when deploying with Group Policy
|
## Troubleshoot onboarding when deploying with Group Policy
|
||||||
Deployment with Group Policy is done by running the onboarding script on the endpoints. The Group Policy console does not indicate if the deployment has succeeded or not.
|
Deployment with Group Policy is done by running the onboarding script on the endpoints. The Group Policy console does not indicate if the deployment has succeeded or not.
|
||||||
|
|
||||||
If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
|
If you have completed the endpoint onboarding process and don't see endpoints in the [Machines list](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
|
||||||
|
|
||||||
If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
|
If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
|
||||||
|
|
||||||
|
|||||||
@ -44,7 +44,7 @@ Topic | Description
|
|||||||
[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
|
[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
|
||||||
[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
|
[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
|
||||||
[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
|
[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
|
||||||
[View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list.
|
[View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list.
|
||||||
[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines list** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
|
[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines list** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
|
||||||
[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts.
|
[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts.
|
||||||
[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
|
[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user