deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Joey Caparas 2020-02-14 17:06:55 -08:00
parent 9a827f3a02
commit 7e065f62e6
8 changed files with 189 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
windows/security/threat-protection/TOC.md
View File

@ -10,23 +10,168 @@
### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md) ### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
## [Design]()
### [Design your Microsoft Defender ATP](microsoft-defender-atp/deployment-strategy.md)
## [Deployment guide]()
### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
### [Phase 1: Prepare Microsoft Defender ATP deployment](microsoft-defender-atp/prepare-deployment.md)
#### [Validate licensing and complete setup - NEED DATA IF CAN KILL](microsoft-defender-atp/licensing.md)
### [Phase 2: Setup the Microsoft Defender ATP service](microsoft-defender-atp/production-deployment.md)
### [Phase 3: Onboard](microsoft-defender-atp/configure.md)
## [Operations]()
### [Security operations]()
#### [Portal overview](microsoft-defender-atp/portal-overview.md)
#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
#### [Incidents queue]()
##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
#### [Alerts queue]()
##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
##### [Investigate files](microsoft-defender-atp/investigate-files.md)
##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
###### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
#### [Machines list]()
##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
#### [Take response actions]()
##### [Take response actions on a machine]()
###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
###### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
##### [Take response actions on a file]()
###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
#### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
##### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
#### [Investigate entities using Live response]()
##### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
##### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
#### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
#### [Advanced hunting]()
##### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
##### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
##### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
##### [Advanced hunting schema reference]()
###### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
###### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
###### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
###### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
###### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
###### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
###### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
###### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
###### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
###### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
###### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
###### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
###### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
###### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
###### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
###### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
##### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
#### [Reporting]()
##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
## [How-to guides]() #### [Custom detections]()
### [Deployment guide]() ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
#### [Deployment phases](microsoft-defender-atp/deployment-phases.md) ##### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
#### [Phase 1: Prepare Microsoft Defender ATP deployment](microsoft-defender-atp/prepare-deployment.md)
##### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
##### [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
##### [Security compass](microsoft-defender-atp/security-compass.md)
#### [Phase 2: Setup the Microsoft Defender ATP service](microsoft-defender-atp/production-deployment.md)
#### [Phase 3: Onboard](microsoft-defender-atp/configure.md) ### [Security administration]()
#### [Threat & Vulnerability Management]()
##### [Threat & Vulnerability Management overview](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
##### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
##### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
##### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
##### [Configuration score](microsoft-defender-atp/configuration-score.md)
##### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
##### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
##### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
##### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
#### [Manage machine configuration]()
##### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md)
##### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
##### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
##### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
## [How-to]()
### [Onboard devices to the service]()
#### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
#### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
#### [Onboard Windows 10 machines]()
##### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
##### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
##### [Onboard machines using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
##### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
##### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
#### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
#### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
#### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
#### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
#### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
#### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
#### [Create an onboarding or offboarding notification rule](microsoft-defender-atp/onboarding-notification.md)
#### [Troubleshoot onboarding issues]()
##### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
##### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
### [Manage capabilities]() ### [Manage capabilities]()
@ -211,143 +356,11 @@
#### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) #### [Configure Microsoft Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
### [Operations]()
#### [Security operations]()
##### [Portal overview](microsoft-defender-atp/portal-overview.md)
##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
##### [Incidents queue]()
###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
##### [Alerts queue]()
###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
###### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
###### [Investigate files](microsoft-defender-atp/investigate-files.md)
###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
####### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
##### [Machines list]()
###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
##### [Take response actions]()
###### [Take response actions on a machine]()
####### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
####### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
####### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
####### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
####### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
###### [Take response actions on a file]()
####### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
####### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
####### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
####### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
####### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
##### [Use the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
###### [Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
##### [Investigate entities using Live response]()
###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
###### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
##### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
##### [Advanced hunting]()
###### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
###### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
###### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
###### [Advanced hunting schema reference]()
####### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
####### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
####### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
####### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
####### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
####### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
####### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
####### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
####### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
####### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
####### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
####### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
####### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
####### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
####### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
####### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
###### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
##### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
##### [Reporting]()
###### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
###### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
##### [Custom detections]()
###### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
###### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
#### [Security administration]()
##### [Threat & Vulnerability Management]()
###### [Threat & Vulnerability Management overview](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
###### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
###### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
###### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
###### [Configuration score](microsoft-defender-atp/configuration-score.md)
###### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
###### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
###### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
###### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
###### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
##### [Manage machine configuration]()
###### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md)
###### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
###### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
###### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
## Reference ## Reference
### [Capabilities]() ### [Capabilities]()
#### [Threat & Vulnerability Management]() #### [Threat & Vulnerability Management]()
##### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) ##### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
##### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md) ##### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
##### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
##### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
##### [Configuration score](microsoft-defender-atp/configuration-score.md)
##### [Security recommendation](microsoft-defender-atp/tvm-security-recommendation.md)
##### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
##### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
##### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
#### [Attack surface reduction]() #### [Attack surface reduction]()
#####[Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) #####[Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
@ -386,28 +399,6 @@
#### [Secure score](microsoft-defender-atp/overview-secure-score.md) #### [Secure score](microsoft-defender-atp/overview-secure-score.md)
### [Onboard devices to the service]()
#### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
#### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
#### [Onboard Windows 10 machines]()
##### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
##### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
##### [Onboard machines using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
##### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
##### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
#### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
#### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
#### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
#### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
#### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
#### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
#### [Create an onboarding or offboarding notification rule](microsoft-defender-atp/onboarding-notification.md)
#### [Troubleshoot onboarding issues]()
##### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
##### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
### [Role-based access control]() ### [Role-based access control]()
#### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) #### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
@ -418,12 +409,6 @@
### [Management and APIs]() ### [Management and APIs]()
#### [Overview of management and APIs](microsoft-defender-atp/management-apis.md) #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)

20
windows/security/threat-protection/microsoft-defender-atp/configure.md
View File

@ -26,33 +26,23 @@ Deploying Microsoft Defender ATP is a three-phase process:
<tr style="text-align:center;"> <tr style="text-align:center;">
<td align="center" style="width:25%; border:0;" > <td align="center" style="width:25%; border:0;" >
<a href= "prepare-deployment"> <a href= "prepare-deployment">
<img src="images/plan.png" alt="Plan to deploy Microsoft Defender ATP" title="Plan" /> <img src="images/prepare.png" alt="Prepare to deploy Microsoft Defender ATP" title="Prepare" />
<br/>Plan </a><br> <br/>Plan </a><br>
</td> </td>
<td align="center"> <td align="center">
<a href="production-deployment"> <a href="production-deployment">
<img src="images/oboard.png" alt="Onboard to the Microsoft Defender ATP service" title="Onboard to Microsoft Defender ATP" /> <img src="images/setup.png" alt="Onboard to the Microsoft Defender ATP service" title="Setup" />
<br/> Onboard </a><br> <br/>Setup </a><br>
</td> </td>
<td align="center" bgcolor="#d5f5e3"> <td align="center" bgcolor="#d5f5e3">
<a href="configure"> <a href="configure">
<img src="images/configure.png" alt="Configure capabilities" title="Configure capabilities" /> <img src="images/onboard.png" alt="Onboard" title="Onboard" />
<br/>Configure </a><br> <br/>Onboard </a><br>
</td> </td>
</tr>
<tr>
<td style="width:25%; border:0;">
</td>
<td valign="top" style="width:25%; border:0;">
</td>
<td valign="top" style="width:25%; border:0;">
</td>
</tr> </tr>
</table> </table>
You are currently in the configuration phase. You are currently in the configuration phase.
## Onboarding using System Center Configuration Manager ## Onboarding using System Center Configuration Manager

24
windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
View File

@ -25,31 +25,31 @@ There are three phases in deploying Microsoft Defender ATP:
<table border="0" width="100%" align="center"> <table border="0" width="100%" align="center">
<tr style="text-align:center;"> <tr style="text-align:center;">
<td align="center" style="width:25%; border:0;"> <td align="center" style="width:25%; border:0;">
<a href= "windows/security/threat-protection/microsoft-defender-atp/prepare-deployment"> <a href= "prepare-deployment">
<img src="images/plan.png" alt="Plan to deploy Microsoft Defender ATP" title="Plan" /> <img src="images/prepare.png" alt="Prepare to deploy Microsoft Defender ATP" title="Prepare" />
<br/>Plan </a><br> <br/>Plan </a><br>
</td> </td>
<td align="center"> <td align="center">
<a href="windows/security/threat-protection/microsoft-defender-atp/production-deployment"> <a href="production-deployment">
<img src="images/oboard.png" alt="Onboard to the Microsoft Defender ATP service" title="Setup" /> <img src="images/setup.png" alt="Onboard to the Microsoft Defender ATP service" title="Setup" />
<br/>Setup </a><br> <br/>Setup </a><br>
</td> </td>
<td align="center"> <td align="center">
<a href="windows/security/threat-protection/microsoft-defender-atp/configure"> <a href="configure">
<img src="images/configure.png" alt="Onboard" title="Onboard" /> <img src="images/onboard.png" alt="Onboard" title="Onboard" />
<br/>Onboard </a><br> <br/>Onboard </a><br>
</td> </td>
</tr> </tr>
<tr> <tr>
<td style="width:25%; border:0;"> <td style="width:25%; border:0;">
The planning phase guides you through what you need to consider when deploying Microsoft Defender ATP: This phase guides you through what you need to consider when deploying Microsoft Defender ATP:
- Stakeholders and Sign-off - Stakeholders and sign-off
- Environment considerations - Environment considerations
- Access - Access
- Adoption order - Adoption order
You can use the security compass to better prepare you in the deployment journey.
</td> </td>
<td valign="top" style="width:25%; border:0;"> <td valign="top" style="width:25%; border:0;">
The setup phase covers the initial steps you'll take as you first access Microsoft Defender Security Center. You'll be guided on: The setup phase covers the initial steps you'll take as you first access Microsoft Defender Security Center. You'll be guided on:
@ -60,7 +60,11 @@ You can use the security compass to better prepare you in the deployment journey
</td> </td>
<td valign="top" style="width:25%; border:0;"> <td valign="top" style="width:25%; border:0;">
Maximize the Microsoft Defender ATP capabilities by configuring the components that make up the platform. Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them. You'll be guided on:
- Using Microsoft Endpoint Configuration Manager to onboard devices
- Configure capabilities
</td> </td>
</tr> </tr>
</table> </table>

6
windows/security/threat-protection/microsoft-defender-atp/security-compass.md → windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
View File

@ -1,5 +1,5 @@
--- ---
title: Security compass title: Deployment strategy
description: description:
keywords: keywords:
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -16,9 +16,9 @@ ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
--- ---
# Security compass # Deployment strategy
Use the security compass as a guide in Use the security
Put Chris Hatley's visios here Put Chris Hatley's visios here

BIN
windows/security/threat-protection/microsoft-defender-atp/images/onboard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.7 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/prepare.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.3 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/setup.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

19
windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
View File

@ -30,30 +30,21 @@ Deploying Microsoft Defender ATP is a three-phase process:
<tr style="text-align:center;"> <tr style="text-align:center;">
<td align="center" style="width:25%; border:0;" > <td align="center" style="width:25%; border:0;" >
<a href= "prepare-deployment"> <a href= "prepare-deployment">
<img src="images/plan.png" alt="Plan to deploy Microsoft Defender ATP" title="Plan" /> <img src="images/prepare.png" alt="Prepare to deploy Microsoft Defender ATP" title="Prepare" />
<br/>Plan </a><br> <br/>Plan </a><br>
</td> </td>
<td align="center"bgcolor="#d5f5e3"> <td align="center"bgcolor="#d5f5e3">
<a href="production-deployment"> <a href="production-deployment">
<img src="images/oboard.png" alt="Onboard to the Microsoft Defender ATP service" title="Onboard to Microsoft Defender ATP" /> <img src="images/setup.png" alt="Onboard to the Microsoft Defender ATP service" title="Setup" />
<br/> Onboard </a><br> <br/>Setup </a><br>
</td> </td>
<td align="center"> <td align="center">
<a href="configure"> <a href="configure">
<img src="images/configure.png" alt="Configure capabilities" title="Configure capabilities" /> <img src="images/onboard.png" alt="Onboard" title="Onboard" />
<br/>Configure </a><br> <br/>Onboard </a><br>
</td> </td>
</tr>
<tr>
<td style="width:25%; border:0;">
</td>
<td valign="top" style="width:25%; border:0;">
</td>
<td valign="top" style="width:25%; border:0;">
</td>
</tr> </tr>
</table> </table>