deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Joey Caparas
2017-08-28 17:19:35 -07:00
parent 9eba7c7e6d
commit 82ac5d4556
13 changed files with 20 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
windows/threat-protection/TOC.md
View File

@ -70,21 +70,6 @@
#### [Python code examples](windows-defender-atp\python-example-code-windows-defender-advanced-threat-protection.md)
#### [Experiment with custom threat intelligence alerts](windows-defender-atp\experiment-custom-ti-windows-defender-advanced-threat-protection.md)
#### [Troubleshoot custom threat intelligence issues](windows-defender-atp\troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md)
### [Use the Windows Defender ATP exposed APIs](windows-defender-atp\exposed-apis-windows-defender-advanced-threat-protection.md)
#### [Supported Windows Defender ATP APIs](windows-defender-atp\supported-apis-windows-defender-advanced-threat-protection.md)
##### [Collect investigation package](windows-defender-atp\collect-investigation-package-windows-defender-advanced-threat-protection.md)
##### [Isolate machine](windows-defender-atp\isolate-machine-windows-defender-advanced-threat-protection.md)
##### [Unisolate machine](windows-defender-atp\unisolate-machine-windows-defender-advanced-threat-protection.md)
##### [Restrict code execution](windows-defender-atp\restrict-code-execution-windows-defender-advanced-threat-protection.md)
##### [Unrestrict code execution](windows-defender-atp\unrestrict-code-execution-windows-defender-advanced-threat-protection.md)
##### [Run antivirus scan](windows-defender-atp\run-av-scan-windows-defender-advanced-threat-protection.md)
##### [Stop and quarantine files](windows-defender-atp\stop-quarantine-file-windows-defender-advanced-threat-protection.md)
##### [Request sample](windows-defender-atp\request-sample-windows-defender-advanced-threat-protection.md)
##### [Block file](windows-defender-atp\block-file-windows-defender-advanced-threat-protection.md)
##### [Unblock file](windows-defender-atp\unblock-file-windows-defender-advanced-threat-protection.md)
##### [Get package SAS URI](windows-defender-atp\get-package-sas-uri-windows-defender-advanced-threat-protection.md)
##### [Get MachineAction object](windows-defender-atp\get-machineaction-object-windows-defender-advanced-threat-protection.md)
##### [Get FileMachineAction object](windows-defender-atp\get-filemachineaction-object-windows-defender-advanced-threat-protection.md)
### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
### [Check sensor state](windows-defender-atp\check-sensor-status-windows-defender-advanced-threat-protection.md)
#### [Fix unhealthy sensors](windows-defender-atp\fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md)

2
windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,7 @@ ms.date: 09/01.2017
---
# Block file
Prevent a file from being executed in the organization using Windows Defender.
Prevent a file from being executed in the organization using Windows Defender Antivirus.
## Permissions
Users need to have Security administrator or Global admin directory roles.

1
windows/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md
View File

@ -60,6 +60,7 @@ You can onboard VDI machines using a single entry or multiple entries for each m
Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`.
6. Test your solution:
a. Create a pool with one machine.
b. Logon to machine.
c. Logoff from machine.

4
windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,7 @@ ms.date: 09/01.2017
---
# Get FileMachineAction object
Get MachineAction object
Get MachineAction object.
## Permissions
Users need to have Security administrator or Global admin directory roles.
@ -59,7 +59,7 @@ Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity",
"id": " 7327b54fd718525cbca07dacde913b5ac3c85673",
"sha1": <EFBFBD>1163788484e3258ab9fcf692f7db7938f72ddfc2<EFBFBD>,
"sha1": "1163788484e3258ab9fcf692f7db7938f72ddfc2",
"type": "StopAndQuarantineFile",
"status": "Succeeded",
"machineId": "970a58d5f61786bb7799dfdb5395ec364ffceace",

2
windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,7 @@ ms.date: 09/01.2017
---
# Get package SAS URI
Get a Uri that allows downloading an investigation package.
Get a URI that allows downloading an investigation package.
## Permissions
Users need to have Security administrator or Global admin directory roles.

2
windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md
View File

@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/isolate
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body

3
windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
View File

@ -65,9 +65,6 @@ Machine group and tags support proper mapping of the network, enabling you to at
- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)<br>
Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph.
- [Use the Windows Defender ATP exposed APIs](configure-server-endpoints-windows-defender-advanced-threat-protection.md)<br>
Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.

2
windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md
View File

@ -37,7 +37,7 @@ In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
SHA1 | String | Sha1 of the file to upload to the secure storage. **Required**.
Sha1 | String | Sha1 of the file to upload to the secure storage. **Required**.
## Response
If successful, this method returns 201, Created response code and *FileMachineAction* object in the response body.

2
windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md
View File

@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/restrictCodeExecution
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body

2
windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md
View File

@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/runAntiVirusScan
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body

4
windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md
View File

@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/stopAndQuarantineFile
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body
@ -37,7 +37,7 @@ In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
Comment | String | Comment to associate with the action. **Required**.
SHA1 | String | Sha1 of the file to stop and quarantine on the machine. **Required**.
Sha1 | String | Sha1 of the file to stop and quarantine on the machine. **Required**.
## Response
If successful, this method returns 201, Created response code and _FileMachineAction_ object in the response body.

4
windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,7 @@ ms.date: 09/01.2017
---
# Unisolate machine
Remove machine from isolation.
Undo isolation of a machine.
## Permissions
Users need to have Security administrator or Global admin directory roles.
@ -28,7 +28,7 @@ POST /testwdatppreview/machines/{id}/unisolate
Header | Value
:---|:---
Authorization | Bearer {token}. Required.
Authorization | Bearer {token}. **Required**.
Content-Type | application/json
## Request body

2
windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,7 @@ ms.date: 09/01.2017
---
# Unrestrict code execution
Remove code execution restriction.
Unrestrict execution of set of predefined applications.
## Permissions
Users need to have Security administrator or Global admin directory roles.