diff --git a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index 897187ce25..749d25c114 100644 --- a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -50,10 +50,10 @@ This status indicates that there's limited communication between the machine and The following suggested actions can help fix issues related to a misconfigured machine with impaired communication: -- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection) +- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service. -- Verify client connectivity to Windows Defender ATP service URLs
+- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409). @@ -62,16 +62,16 @@ If you took corrective actions and the machine status is still misconfigured, [o A misconfigured machine with status ‘No sensor data’ has communication with the service but can only report partial sensor data. Follow theses actions to correct known issues related to a misconfigured machine with status ‘Impaired communication’: -- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection) +- [Ensure the endpoint has Internet connection](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-endpoint-has-an-internet-connection)
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Windows Defender ATP service. -- Verify client connectivity to Windows Defender ATP service URLs
+- [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls)
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs. -- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled) +- [Ensure the telemetry and diagnostics service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-telemetry-and-diagnostics-service-is-enabled)
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. -- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy) +- [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy)
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. If you took corrective actions and the machine status is still misconfigured, [open a support ticket](http://go.microsoft.com/fwlink/?LinkID=761093&clcid=0x409). diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 69a0b102c6..640b0a524c 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ When you investigate a specific machine, you'll see: ![Image of machine details page](images/atp-machine-details-view.png) -The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health status, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). +The machine details, total logged on users and machine reporting sections display various attributes about the machine. You’ll see details such as machine name, health state, actions you can take on the machine. For more information on how to take action on a machine, see [Take response action on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md). You'll also see other information such as domain, operating system (OS), total logged on users and who frequently and less frequently logged on, IP address, and how long it's been reporting sensor data to the Windows Defender ATP service. diff --git a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md index a85f157968..e4a19d51d6 100644 --- a/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/preview-windows-defender-advanced-threat-protection.md @@ -34,18 +34,18 @@ For more information, see [Turn on the preview experience](preview-settings-wind ## Preview features The following features are included in the preview release: -- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) - Take action on machine related alerts to quickly respond to detected attacks by isolating machines or collecting an investigation package. +- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. - [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network) - [Undo machine isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#undo-machine-isolation) - [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) -- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) - Take action on file related alerts to quickly respond to detected attacks by stopping and quarantining files or blocking a file. +- [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. - [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network) - [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine) - [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network) -- [Check sensor status](check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix sensor issues if you identify problematic machines. +- [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) - Check an endpoint's ability to provide sensor data and communicate with the Windows Defender ATP service and fix known issues. - [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) >[!NOTE] -> All response features require machines to be on the latest Windows 10 Insider Preview build and above. +> All response actions require machines to be on the latest Windows 10 Insider Preview build. diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md index 4cd712c7a8..0d15caf8a1 100644 --- a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high [Some information relates to pre–released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can take action on file related alerts to quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center. +Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center. >[!NOTE] > These response actions are only available for machines on Windows 10, version 1703. diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md index e4ffc6abe9..7262eeac48 100644 --- a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -You can take action on machine related alerts to quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. +Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center. >[!NOTE] > These response actions are only available for machines on Windows 10, version 1703.