deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'atp-phase2' of https://cpubwin.visualstudio.com/_git/it-client into atp-phase2

Browse Source
This commit is contained in:
Daniel Simpson
2018-08-16 09:01:29 -07:00
parent b60a251078 b2d6e8989e
commit 81dcf4a568
71 changed files with 2453 additions and 2198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -395,23 +395,6 @@ Add an app to the nonremovable app policy list
</SyncML>
```
Delete an app from the nonremovable app policy list
```
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Delete>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/NonRemovable</LocURI>
</Target>
</Item>
</Delete>
<Final/>
</SyncBody>
</SyncML>
```
Get the status for a particular app
```
<SyncML xmlns="SYNCML:SYNCML1.2">

BIN
windows/client-management/mdm/images/provisioning-csp-remotewipe-dmandcp.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.6 KiB

After

Width:  |  Height:  |  Size: 15 KiB

10
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/27/2018
ms.date: 08/14/2018
---
# What's new in MDM enrollment and management
@ -1469,6 +1469,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[TenantLockdown CSP](\tenantlockdown--csp.md)</td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, next major version.</p>
</td></tr>
</tbody>
</table>
@ -1754,6 +1758,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</thead>
<tbody>
<tr>
<td style="vertical-align:top">[TenantLockdown CSP](\tenantlockdown--csp.md)</td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>

6
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 08/08/2018
ms.date: 08/14/2018
---
# Policy CSP
@ -3034,6 +3034,9 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-start.md#start-allowpinnedfoldervideos" id="start-allowpinnedfoldervideos">Start/AllowPinnedFolderVideos</a>
</dd>
<dd>
<a href="./policy-csp-start.md#start-disablecontextmenus" id="start-disablecontextmenus">Start/DisableContextMenus</a>
</dd>
<dd>
<a href="./policy-csp-start.md#start-forcestartsize" id="start-forcestartsize">Start/ForceStartSize</a>
</dd>
@ -4828,6 +4831,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [SmartScreen/EnableSmartScreenInShell](./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell)
- [SmartScreen/PreventOverrideForFilesInShell](./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell)
- [Speech/AllowSpeechModelUpdate](./policy-csp-speech.md#speech-allowspeechmodelupdate)
- [Start/DisableContextMenus](./policy-csp-start.md#start-disablecontextmenus)
- [Start/HidePeopleBar](./policy-csp-start.md#start-hidepeoplebar)
- [Start/HideRecentlyAddedApps](./policy-csp-start.md#start-hiderecentlyaddedapps)
- [Start/StartLayout](./policy-csp-start.md#start-startlayout)

3637
windows/client-management/mdm/policy-csp-start.md
View File

File diff suppressed because it is too large Load Diff

25
windows/client-management/mdm/remotewipe-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 03/23/2018
ms.date: 08/13/2018
---
# RemoteWipe CSP
@ -44,7 +44,28 @@ Supported operation is Exec.
<a href="" id="doWipePersistUserData"></a>**doWipePersistUserData**
Added in Windows 10, version 1709. Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
 
<a href="" id="automaticredeployment"></a>**AutomaticRedeployment**
Added in Windows 10, next major update. Node for the Autopilot Reset operation.
<a href="" id="doautomaticredeployment"></a>**AutomaticRedeployment/doAutomaticRedeployment**
Added in Windows 10, next major update. Exec on this node triggers Autopilot Reset operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
<a href="" id="lasterror"></a>**AutomaticRedeployment/LastError**
Added in Windows 10, next major update. Error value, if any, associated with Autopilot Reset operation (typically an HRESULT).
<a href="" id="status"></a>**AutomaticRedeployment/Status**
Added in Windows 10, next major update. Status value indicating current state of an Autopilot Reset operation.
Supported values:
- 0: Never run (not started). The default state.
- 1: Complete.
- 10: Reset has been scheduled.
- 20: Reset is scheduled and waiting for a reboot.
- 30: Failed during CSP Execute ("Exec" in SyncML).
- 40: Failed: power requirements not met.
- 50: Failed: reset internals failed during reset attempt.
## Related topics

108
windows/client-management/mdm/remotewipe-ddf-file.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 03/23/2018
ms.date: 08/13/2018
---
# RemoteWipe DDF file
@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **RemoteW
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the DDF for Windows 10, version 1709.
The XML below is the DDF for Windows 10, next major version.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
@ -43,7 +43,7 @@ The XML below is the DDF for Windows 10, version 1709.
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
<MIME>com.microsoft/1.1/MDM/RemoteWipe</MIME>
</DFType>
<Description>The root node for remote wipe function.</Description>
</DFProperties>
@ -131,21 +131,91 @@ The XML below is the DDF for Windows 10, version 1709.
<Description>Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.</Description>
</DFProperties>
</Node>
<Node>
<NodeName>AutomaticRedeployment</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>doAutomaticRedeployment</NodeName>
<DFProperties>
<AccessType>
<Get />
<Exec />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>LastError</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```
## Related topics
[RemoteWipe configuration service provider](remotewipe-csp.md)
 
 
```

2
windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
View File

@ -420,7 +420,7 @@ In the **Advanced settings** blade you must specify where apps can access your c
### Choose where apps can access enterprise data
After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprises range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
Intune will add SharePoint sites that are discovered through the Graph API. You must add other network locations. This area applies to any network endpoint device that gets an IP address in your enterprises range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
>[!Important]
>Every WIP policy should include policy that defines your enterprise network locations.<br>Classless Inter-Domain Routing (CIDR) notation isnt supported for WIP configurations.

275
windows/security/threat-protection/TOC.md
View File

@ -13,11 +13,132 @@
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
#### [Endpoint detection and response](windows-defender-atp/overview-endpoint-detection-response.md)
##### Alerts queue
###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
##### Machines list
###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
##### [Security operations dashboard](windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md)
#### [Auto investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
#### [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)
##### [Threat analytics dashboard](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
#### [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)
##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
#### [Management and APIs](windows-defender-atp/management-apis.md)
##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
######Actor
####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
####### [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
######Alerts
####### [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
####### [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
####### [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
#######Domain
######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
######## [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
######File
####### [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
####### [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
####### [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
####### [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
####### [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
######IP
####### [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
####### [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
######Machines
####### [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
####### [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
####### [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
####### [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
####### [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
####### [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
####### [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
####### [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
####### [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
######User
####### [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
####### [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
####### [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
#### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)
##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
#### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md)
@ -64,12 +185,17 @@
#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md)
##### [Hardware-based isolation](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control-deployment-guide.md)
##### [Hardware-based isolation](windows-defender-application-guard/install-wd-app-guard.md)
###### [Group Policy settings](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
###### [Customize exploit protection](windows-defender-exploit-guard/customize-exploit-protection.md)
###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
###### [Customize controlled folder access](windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md)
##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
@ -139,59 +265,21 @@
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage endpoint detection and response capabilities](windows-defender-atp/manage-edr.md)
#####Alerts queue
###### [View and organize the Alerts queue](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
###### [Manage alerts](windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md)
###### [Investigate alerts](windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md)
###### [Investigate files](windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md)
###### [Investigate machines](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md)
###### [Investigate an IP address](windows-defender-atp/investigate-ip-windows-defender-advanced-threat-protection.md)
###### [Investigate a domain](windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md)
###### [Investigate a user account](windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md)
#####Machines list
###### [View and organize the Machines list](windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md)
###### [Manage machine group and tags](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
###### [Alerts related to this machine](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
###### [Machine timeline](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
####### [Search for specific events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
####### [Filter events from a specific date](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
####### [Export machine timeline events](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
####### [Navigate between pages](windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
##### [Take response actions](windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md)
###### [Take response actions on a machine](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md)
####### [Collect investigation package](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
####### [Run antivirus scan](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
####### [Restrict app execution](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
####### [Remove app restriction](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
####### [Isolate machines from the network](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
####### [Release machine from isolation](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
####### [Check activity details in Action center](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Take response actions on a file](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
####### [Remove file from quarantine](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
####### [Block files in your network](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
####### [Remove file from blocked list](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
####### [Check activity details in Action center](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
####### [Deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
####### [Submit files for analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
####### [View deep analysis reports](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
#### [Manage auto investigation and remediation](windows-defender-atp/manage-auto-investigation-windows-defender-advanced-threat-protection.md)
#### [Configure Security score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
#### [Configure Secure score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
#### [Management and APIs](windows-defender-atp/management-apis.md)
#### Management and API support
##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
@ -200,86 +288,23 @@
###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
###### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
#######Actor
######## [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
######## [Get actor related alerts](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
#######Alerts
######## [Get alerts](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md)
######## [Get alert information by ID](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
######## [Get alert related actor information](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related domain information](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related file information](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related IP information](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
########Domain
######### [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######### [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######### [Get domain statistics](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md)
######### [Is domain seen in organization](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
#######File
######## [Block file API](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md)
######## [Get file information](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md)
######## [Get file related alerts](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get file related machines](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get file statistics](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md)
######## [Get FileActions collection API](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md)
######## [Unblock file API](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md)
#######IP
######## [Get IP related alerts](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get IP related machines](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md)
######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md)
#######Machines
######## [Collect investigation package API](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md)
######## [Find machine information by IP](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
######## [Get FileMachineAction object API](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
######## [Get FileMachineActions collection API](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md)
######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get MachineAction object API](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md)
######## [Get MachineActions collection API](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md)
######## [Get machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md)
######## [Get package SAS URI API](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md)
######## [Isolate machine API](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md)
######## [Release machine from isolation API](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md)
######## [Remove app restriction API](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
######## [Request sample API](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md)
######## [Restrict app execution API](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md)
######## [Run antivirus scan API](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md)
######## [Stop and quarantine file API](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md)
#######User
######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
######## [Get user information](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md)
######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
##### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### API for custom alerts
###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md)
####### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
####### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md)
####### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md)
####### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md)
####### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md)
####### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
#####Reporting
##### Reporting
###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
#####General
##### General
###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md)
###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
@ -290,7 +315,7 @@
###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
###### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
#####APIs
##### APIs
###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
@ -309,14 +334,12 @@
### [Troubleshoot Windows Defender ATP](windows-defender-atp/troubleshoot-wdatp.md)
#### [Review AV/NEXT GEN event logs and error codes to troubleshoot issues - Amitai, etc](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
####Troubleshoot sensor state
##### [Check sensor state](windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md)
##### [Fix unhealthy sensors](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
##### [Inactive machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
##### [Misconfigured machines](windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
##### [Review events and errors on machines with Event Viewer](windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md)
##### [Review sensor events and errors on machines with Event Viewer](windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot Windows Defender ATP service issues](windows-defender-atp/troubleshoot-windows-defender-advanced-threat-protection.md)
##### [Check service health](windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md)

2
windows/security/threat-protection/index.md
View File

@ -61,7 +61,7 @@ To further reinforce the security perimeter of your network, Windows Defender AT
Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
- [Alerts queue](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)
- [Alerts](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection)
- [Historical endpoint data](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection#machine-timeline)
- [Realtime and historical threat hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
- [API and SIEM integration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)

2
windows/security/threat-protection/security-policy-settings/minimum-password-age.md
View File

@ -19,7 +19,7 @@ Describes the best practices, location, values, policy management, and security
## Reference
The **Minimum password age** policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If [Maximum password age](maximum-password-age.md) is between 1 and 999 days, the minimum password age must be less than the maximum password age. If Maximum password age is set to 0, **Minimum password age** can be any value between 0 and 998 days.
The **Minimum password age** policy setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum password age, unless the maximum password age is set to 0, indicating that passwords will never expire. If the maximum password age is set to 0, the minimum password age can be set to any value between 0 and 998.
### Possible values

343
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -12,11 +12,125 @@
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
### [Endpoint detection and response](overview-endpoint-detection-response.md)
#### Alerts queue
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
#### Machines list
##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Security operations dashboard](security-operations-dashboard-windows-defender-advanced-threat-protection.md)
### [Auto investigation](automated-investigations-windows-defender-advanced-threat-protection.md)
### [Auto investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)
### [Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)
#### [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
### [Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)
#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
### [Management and APIs](management-apis.md)
#### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
#####Actor
###### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
###### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
#####Alerts
###### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
###### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
###### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
###### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
###### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
###### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
###### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
######Domain
####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
#####File
###### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
###### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
###### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
###### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
###### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
###### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
###### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
#####IP
###### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
###### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
###### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
###### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
#####Machines
###### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
###### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
###### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
###### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
###### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
###### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
###### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
###### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
###### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
###### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
###### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
###### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
###### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
###### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
###### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
###### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
###### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
#####User
###### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
###### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
###### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
### [Microsoft threat protection](threat-protection-integration.md)
#### [Protect users, data, and devices with conditional access](conditional-access-windows-defender-advanced-threat-protection.md)
### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
@ -38,6 +152,7 @@
##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
##### [Attack surface reduction controls](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
#### [Next gen protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
@ -61,39 +176,6 @@
##### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
####General
##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
####Permissions
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
####APIs
##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
#### [Hardware-based isolation](../windows-defender-application-guard/install-wd-app-guard.md)
##### [Group Policy settings](../windows-defender-application-guard/configure-wd-app-guard.md)
@ -157,57 +239,39 @@
##### [Use PowerShell cmdlets to configure and manage Windows Defender AV](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
### [Manage endpoint detection and response capabilities](manage-edr.md)
####Alerts queue
##### [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
##### [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md)
##### [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md)
##### [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md)
##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
##### [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)
####Machines list
##### [View and organize the Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
##### [Manage machine group and tags](investigate-machines-windows-defender-advanced-threat-protection.md#manage-machine-group-and-tags)
##### [Alerts related to this machine](investigate-machines-windows-defender-advanced-threat-protection.md#alerts-related-to-this-machine)
##### [Machine timeline](investigate-machines-windows-defender-advanced-threat-protection.md#machine-timeline)
###### [Search for specific events](investigate-machines-windows-defender-advanced-threat-protection.md#search-for-specific-events)
###### [Filter events from a specific date](investigate-machines-windows-defender-advanced-threat-protection.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](investigate-machines-windows-defender-advanced-threat-protection.md#export-machine-timeline-events)
###### [Navigate between pages](investigate-machines-windows-defender-advanced-threat-protection.md#navigate-between-pages)
#### [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)
##### [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md)
###### [Collect investigation package](respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
###### [Remove app restriction](respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
###### [Isolate machines from the network](respond-machine-alerts-windows-defender-advanced-threat-protection.md#isolate-machines-from-the-network)
###### [Release machine from isolation](respond-machine-alerts-windows-defender-advanced-threat-protection.md#release-machine-from-isolation)
###### [Check activity details in Action center](respond-machine-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
##### [Take response actions on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md)
###### [Stop and quarantine files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
###### [Block files in your network](respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
###### [Remove file from blocked list](respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
###### [Deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
###### [Submit files for analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
###### [View deep analysis reports](respond-file-alerts-windows-defender-advanced-threat-protection.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#troubleshoot-deep-analysis)
#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
### [Manage automatic investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
### [Configure Security score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
### [Management and APIs](management-apis.md)
### [Manage auto investigation and remediation](manage-auto-investigation-windows-defender-advanced-threat-protection.md)
### [Configure Secure score dashboard security controls](secure-score-dashboard-windows-defender-advanced-threat-protection.md)
### Management and API support
#### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
@ -216,80 +280,57 @@
##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
#### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
##### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
######Actor
####### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
####### [Get actor related alerts](get-actor-related-alerts-windows-defender-advanced-threat-protection.md)
######Alerts
####### [Get alerts](get-alerts-windows-defender-advanced-threat-protection.md)
####### [Get alert information by ID](get-alert-info-by-id-windows-defender-advanced-threat-protection.md)
####### [Get alert related actor information](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related domain information](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related file information](get-alert-related-files-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related IP information](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md)
####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md)
#######Domain
######## [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection.md)
######## [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection.md)
######## [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection.md)
######## [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md)
######File
####### [Block file API](block-file-windows-defender-advanced-threat-protection.md)
####### [Get file information](get-file-information-windows-defender-advanced-threat-protection.md)
####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection.md)
####### [Get FileActions collection API](get-fileactions-collection-windows-defender-advanced-threat-protection.md)
####### [Unblock file API](unblock-file-windows-defender-advanced-threat-protection.md)
######IP
####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection.md)
####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection.md)
####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection.md)
######Machines
####### [Collect investigation package API](collect-investigation-package-windows-defender-advanced-threat-protection.md)
####### [Find machine information by IP](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md)
####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineAction object API](get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get FileMachineActions collection API](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection.md)
####### [Get machine log on users](get-machine-log-on-users-windows-defender-advanced-threat-protection.md)
####### [Get machine related alerts](get-machine-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get MachineAction object API](get-machineaction-object-windows-defender-advanced-threat-protection.md)
####### [Get MachineActions collection API](get-machineactions-collection-windows-defender-advanced-threat-protection.md)
####### [Get machines](get-machines-windows-defender-advanced-threat-protection.md)
####### [Get package SAS URI API](get-package-sas-uri-windows-defender-advanced-threat-protection.md)
####### [Isolate machine API](isolate-machine-windows-defender-advanced-threat-protection.md)
####### [Release machine from isolation API](unisolate-machine-windows-defender-advanced-threat-protection.md)
####### [Remove app restriction API](unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Request sample API](request-sample-windows-defender-advanced-threat-protection.md)
####### [Restrict app execution API](restrict-code-execution-windows-defender-advanced-threat-protection.md)
####### [Run antivirus scan API](run-av-scan-windows-defender-advanced-threat-protection.md)
####### [Stop and quarantine file API](stop-quarantine-file-windows-defender-advanced-threat-protection.md)
##### API for custom alerts
###### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
####### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
######## [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
######## [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
######## [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
######## [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
####### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
######User
####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection.md)
####### [Get user information](get-user-information-windows-defender-advanced-threat-protection.md)
####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection.md)
####### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
#### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md)
##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md)
##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md)
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
####Reporting
#### Reporting
##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
####General
##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
####Permissions
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
##### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
####APIs
##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
###Troubleshoot sensor state
@ -297,7 +338,7 @@
#### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)
#### [Inactive machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#inactive-machines)
#### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
### [Review events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
### [Review sensor events and errors on machines with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP service issues](troubleshoot-windows-defender-advanced-threat-protection.md)
#### [Check service health](service-status-windows-defender-advanced-threat-protection.md)

2
windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md
View File

@ -13,7 +13,7 @@ ms.localizationpriority: medium
ms.date: 05/21/2018
---
# Use Automated investigations to investigate and remediate threats
# Overview of Automated investigations
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink)

24
windows/security/threat-protection/windows-defender-atp/configure-attack-surface-reduction.md
View File

@ -13,4 +13,26 @@ ms.localizationpriority: high
ms.date: 07/01/2018
---
# To do: Amitai and Andrea and Justin
# Configure attack surface reduction
You can configure attack surface reduction with a number of tools, including:
- Microsoft Intune
- System Center Configuration Manager
- Group Policy
- PowerShell cmdlets
The topics in this section describe how to configure attack surface reduction. Each topic includes instructions for the applicable configuration tool (or tools).
## In this section
Topic | Description
:---|:---
[Enable hardware-based isolation for Microsoft Edge](../windows-defender-application-guard/install-wd-app-guard.md) | How to preprare for and install Application Guard, including hardware and softeware requirements
[Enable application control](../windows-defender-application-control/windows-defender-application-control.md)|How to control applications run by users and potect kernel mode processes
[Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)|How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps
[Network protection](../windows-defender-exploit-guard/enable-network-protection.md)|How to prevent users from using any apps to acces dangerous domains
[Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)|How to protect valuable data from malicious apps
[Attack surface reduction](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)|How to prevent actions and aopps that are typically used for by exploit-seeking malware
[Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)|How to protect devices and data across a network

BIN
windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 48 KiB

26
windows/security/threat-protection/windows-defender-atp/management-apis.md
View File

@ -1,5 +1,5 @@
---
title:
title: Overview of management and APIs
description:
keywords:
search.product: eADQiWindows 10XVcnh
@ -13,7 +13,27 @@ ms.localizationpriority: high
ms.date: 07/01/2018
---
# To do: Raviv
# Overview of management and APIs
TODO: Raviv
Integrate Windows Defender Advanced Threat Protection into your existing workflows.
- [Onboarding](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection)
- [Configuration](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection)
- [Operating system baseline compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection)
- [SIEM connectors](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection)
- [Exposed APIs](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection)
- [RBAC](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)
- [Reporting and trends](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection)
================
Scratch paper / thoughts:
Windows Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
There's a wide variety of supported management tools you can use to onboard machines to the service. The platform also supports various security information and events management (SIEM) tools that allows you to pull alerts to. The application programming interface (APIs) provides the flexibility of pulling or creating alerts programmatically.
Talk about all the tools that you can use with WDATP
@ -25,4 +45,4 @@ enable to manage and interact with the system
APIs, SIEM connectors, Reporting, powerbi, etc
## In this section
## In this section

5
windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -23,11 +23,16 @@ If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
## How to turn on HVCI in Windows 10
To enable HVCI on Windows 10 devices with supporting hardware throughout an enterprise, use any of these options:
- [Windows Security app](#windows-security-app)
- [Microsoft Intune (or another MDM provider)](#enable-hvci-using-intune)
- [Group Policy](#enable-hvci-using-group-policy)
- [System Center Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
- [Registry](#use-registry-keys-to-enable-virtualization-based-protection-of-code-integrity)
### Windows Security app
HVCI is labeled **Memory integrity** in the Windows Security app and it can be accessed via **Settings** > **Update & Security** > **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [KB4096339](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
### Enable HVCI using Intune
Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp).

1
windows/whats-new/whats-new-windows-10-version-1803.md
View File

@ -234,3 +234,4 @@ Support in [Windows Defender Application Guard](#windows-defender-application-gu
[What's New in Windows 10](https://docs.microsoft.com/windows/whats-new/): See whats new in other versions of Windows 10.<br>
[What's new in Windows 10, version 1709](https://docs.microsoft.com/windows-hardware/get-started/what-s-new-in-windows): See whats new in Windows 10 hardware.<br>
[Windows 10 Fall Creators Update Next Generation Security](https://www.youtube.com/watch?v=JDGMNFwyUg8): YouTube video about Windows Defender ATP in Windows 10, version 1709.
[How to take a screenshot on pc without any app](https://rahulit.com/how-to-take-a-screenshot-on-a-dell-laptop/)