mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 05:13:40 +00:00
Merge remote-tracking branch 'origin/master' into atp-ip
This commit is contained in:
Joey Caparas
@ -98,7 +98,7 @@ It requires direct ethernet connectivity to an enterprise Windows Deployment Ser
|
||||
|
||||
There are a few different options to protect DMA ports, such as Thunderbolt™3.
|
||||
Beginning with Windows 10 version 1803, new Intel-based devices have kernel protection against DMA attacks via Thunderbolt™ 3 ports enabled by default.
|
||||
This kernel DMA protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.
|
||||
This Kernel DMA Protection is available only for new systems beginning with Windows 10 version 1803, as it requires changes in the system firmware and/or BIOS.
|
||||
|
||||
You can use the System Information desktop app (MSINFO32) to check if a device has kernel DMA protection enabled:
|
||||
|
||||
@ -107,7 +107,7 @@ You can use the System Information desktop app (MSINFO32) to check if a device h
|
||||
If kernel DMA protection *not* enabled, follow these steps to protect Thunderbolt™ 3 enabled ports:
|
||||
|
||||
1. Require a password for BIOS changes
|
||||
2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings
|
||||
2. Intel Thunderbolt Security must be set to User Authorization in BIOS settings. Please refer to [Intel Thunderbolt™ 3 and Security on Microsoft Windows® 10 Operating System documentation](https://thunderbolttechnology.net/security/Thunderbolt%203%20and%20Security.pdf)
|
||||
3. Additional DMA security may be added by deploying policy (beginning with Windows 10 version 1607):
|
||||
|
||||
- MDM: [DataProtection/AllowDirectMemoryAccess](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess) policy
|
||||
@ -188,4 +188,4 @@ For secure administrative workstations, Microsoft recommends TPM with PIN protec
|
||||
|
||||
- [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d)
|
||||
- [BitLocker Group Policy settings](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings)
|
||||
- [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp)
|
||||
- [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp)
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure advanced features in Windows Defender ATP
|
||||
description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
|
||||
keywords: advanced features, settings, block file, automated investigation, auto-resolve, skype, azure atp, office 365, azure information protection, intune
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Advanced hunting best practices in Windows Defender ATP
|
||||
description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
|
||||
keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Advanced hunting reference in Windows Defender ATP
|
||||
description: Learn about Advanced hunting table reference such as column name, data type, and description
|
||||
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Query data using Advanced hunting in Windows Defender ATP
|
||||
description: Learn about Advanced hunting in Windows Defender ATP and how to query ATP data.
|
||||
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Alerts queue in Windows Defender Security Center
|
||||
description: View and manage the alerts surfaced in Windows Defender Security Center
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: View and organize the Windows Defender ATP Alerts queue
|
||||
description: Learn about how the Windows Defender ATP alerts queues work, and how to sort and filter lists of alerts.
|
||||
keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Windows Defender ATP alert API fields
|
||||
description: Understand how the alert API fields map to the values in Windows Defender Security Center
|
||||
keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Assign user access to Windows Defender Security Center
|
||||
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
|
||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Experience Windows Defender ATP through simulated attacks
|
||||
description: Run the provided attack scenario simulations to experience how Windows Defender ATP can detect, investigate, and respond to breaches.
|
||||
keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Use Automated investigations to investigate and remediate threats
|
||||
description: View the list of automated investigations, its status, detection source and other details.
|
||||
keywords: automated, investigation, detection, source, threat types, id, tags, machines, duration, filter export
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Use basic permissions to access Windows Defender Security Center
|
||||
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
|
||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Block file API
|
||||
description: Use this API to blocking files from being running in the organization.
|
||||
keywords: apis, graph api, supported apis, block file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Check the health state of the sensor in Windows Defender ATP
|
||||
description: Check the sensor health on machines to identify which ones are misconfigured, inactive, or are not reporting sensor data.
|
||||
keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Collect investigation package API
|
||||
description: Use this API to create calls related to the collecting an investigation package from a machine.
|
||||
keywords: apis, graph api, supported apis, collect investigation package
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Access the Windows Defender ATP Community Center
|
||||
description: Access the Windows Defender ATP Community Center to share experiences, engange, and learn about the product.
|
||||
keywords: community, community center, tech community, conversation, announcements
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable conditional access to better protect users, devices, and data
|
||||
description: Enable conditional access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant.
|
||||
keywords: conditional access, block applications, security level, intune,
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure HP ArcSight to pull Windows Defender ATP alerts
|
||||
description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center
|
||||
keywords: configure hp arcsight, security information and events management tools, arcsight
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title:
|
||||
description:
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
@ -33,6 +34,6 @@ Topic | Description
|
||||
[Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)|How to automatically apply exploit mitigation techniques on both operating system processes and on individual apps
|
||||
[Network protection](../windows-defender-exploit-guard/enable-network-protection.md)|How to prevent users from using any apps to acces dangerous domains
|
||||
[Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)|How to protect valuable data from malicious apps
|
||||
[Attack surface reduction](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)|How to prevent actions and aopps that are typically used for by exploit-seeking malware
|
||||
[Attack surface reduction](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)|How to prevent actions and apps that are typically used for by exploit-seeking malware
|
||||
[Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)|How to protect devices and data across a network
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure conditional access in Windows Defender ATP
|
||||
description:
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure alert notifications in Windows Defender ATP
|
||||
description: Send email notifications to specified recipients to receive new alerts based on severity with Windows Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
|
||||
keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using Group Policy to Windows Defender ATP
|
||||
description: Use Group Policy to deploy the configuration package on Windows 10 machines so that they are onboarded to the service.
|
||||
keywords: configure machines using group policy, machine management, configure Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, group policy
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using Mobile Device Management tools
|
||||
description: Use Mobile Device Management tools to deploy the configuration package on machines so that they are onboarded to the service.
|
||||
keywords: onboard machines using mdm, machine management, onboard Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, mdm
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard non-Windows machines to the Windows Defender ATP service
|
||||
description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service.
|
||||
keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using System Center Configuration Manager
|
||||
description: Use System Center Configuration Manager to deploy the configuration package on machines so that they are onboarded to the service.
|
||||
keywords: onboard machines using sccm, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines, sccm
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using a local script
|
||||
description: Use a local script to deploy the configuration package on machines so that they are onboarded to the service.
|
||||
keywords: configure machines using a local script, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard non-persistent virtual desktop infrastructure (VDI) machines
|
||||
description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
|
||||
keywords: configure virtual desktop infrastructure (VDI) machine, vdi, machine management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines on Windows Defender ATP
|
||||
description: Onboard Windows 10 machines so that they can send sensor data to the Windows Defender ATP sensor
|
||||
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure managed security service provider support
|
||||
description: Take the necessary steps to configure the MSSP integration with Windows Defender ATP
|
||||
keywords: managed security service provider, mssp, configure, integration
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure machine proxy and Internet connection settings
|
||||
description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
|
||||
keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard servers to the Windows Defender ATP service
|
||||
description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
|
||||
keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Pull alerts to your SIEM tools from Windows Defender Advanced Threat Prot
|
||||
description: Learn how to use REST API and configure supported security information and events management tools to receive and pull alerts.
|
||||
keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure Splunk to pull Windows Defender ATP alerts
|
||||
description: Configure Splunk to receive and pull alerts from Windows Defender Security Center.
|
||||
keywords: configure splunk, security information and events management tools, splunk
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Create custom detection rules in Windows Defender ATP
|
||||
description: Learn how to create custom detections rules based on advanced hunting queries
|
||||
keywords: create custom detections, detections, advanced hunting, hunt, detect, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Create custom alerts using the threat intelligence API
|
||||
description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
|
||||
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Update data retention settings for Windows Defender Advanced Threat Prote
|
||||
description: Update data retention settings by selecting between 30 days to 180 days.
|
||||
keywords: data, storage, settings, retention, update
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Windows Defender ATP data storage and privacy
|
||||
description: Learn about how Windows Defender ATP handles privacy and data that it collects.
|
||||
keywords: Windows Defender ATP data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Windows Defender Antivirus compatibility with Windows Defender ATP
|
||||
description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used.
|
||||
keywords: windows defender compatibility, defender, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable the custom threat intelligence API in Windows Defender ATP
|
||||
description: Learn how to setup the custom threat intelligence application in Windows Defender ATP to create custom threat intelligence (TI).
|
||||
keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable Secure Score in Windows Defender ATP
|
||||
description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard.
|
||||
keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable SIEM integration in Windows Defender ATP
|
||||
description: Enable SIEM integration to receive alerts in your security information and event management (SIEM) solution.
|
||||
keywords: enable siem connector, siem, connector, security information and events
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Evaluate Windows Defender Advanced Threat Protection
|
||||
description:
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Review events and errors using Event Viewer
|
||||
description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
|
||||
keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Experiment with custom threat intelligence alerts
|
||||
description: Use this end-to-end guide to start using the Windows Defender ATP threat intelligence API.
|
||||
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Use the Windows Defender Advanced Threat Protection exposed APIs
|
||||
description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
|
||||
keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Find machine information by internal IP API
|
||||
description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP.
|
||||
keywords: ip, apis, graph api, supported apis, find machine, machine information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Fix unhealthy sensors in Windows Defender ATP
|
||||
description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine.
|
||||
keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communications, communication
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get actor information API
|
||||
description: Retrieves an actor information report.
|
||||
keywords: apis, graph api, supported apis, get, actor, information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get actor related alerts API
|
||||
description: Retrieves all alerts related to a given actor.
|
||||
keywords: apis, graph api, supported apis, get, actor, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert information by ID API
|
||||
description: Retrieves an alert by its ID.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related actor information API
|
||||
description: Retrieves the actor information related to the specific alert.
|
||||
keywords: apis, graph api, supported apis, get, alert, actor, information, related
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related domain information
|
||||
description: Retrieves all domains related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related domain
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related files information
|
||||
description: Retrieves all files related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related files
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related IP information
|
||||
description: Retrieves all IPs related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related ip
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related machine information
|
||||
description: Retrieves all machines related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related machine
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related user information
|
||||
description: Retrieves the user associated to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, related, user
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alerts API
|
||||
description: Retrieves top recent alerts.
|
||||
keywords: apis, graph api, supported apis, get, alerts, recent
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get CVE-KB map API
|
||||
description: Retrieves a map of CVE's to KB's.
|
||||
keywords: apis, graph api, supported apis, get, cve, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get domain related alerts API
|
||||
description: Retrieves a collection of alerts related to a given domain address.
|
||||
keywords: apis, graph api, supported apis, get, domain, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get domain related machines API
|
||||
description: Retrieves a collection of machines related to a given domain address.
|
||||
keywords: apis, graph api, supported apis, get, domain, related, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get domain statistics API
|
||||
description: Retrieves the prevalence for the given domain.
|
||||
keywords: apis, graph api, supported apis, get, domain, domain related machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file information API
|
||||
description: Retrieves a file by identifier Sha1, Sha256, or MD5.
|
||||
keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file related alerts API
|
||||
description: Retrieves a collection of alerts related to a given file hash.
|
||||
keywords: apis, graph api, supported apis, get, file, hash
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file related machines API
|
||||
description: Retrieves a collection of machines related to a given file hash.
|
||||
keywords: apis, graph api, supported apis, get, machines, hash
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file statistics API
|
||||
description: Retrieves the prevalence for the given file.
|
||||
keywords: apis, graph api, supported apis, get, file, statistics
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get FileActions collection API
|
||||
description: Use this API to create calls related to get fileactions collection
|
||||
keywords: apis, graph api, supported apis, get, file, information, fileactions collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get FileMachineAction object API
|
||||
description: Use this API to create calls related to get machineaction object
|
||||
keywords: apis, graph api, supported apis, filemachineaction object
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get FileMachineActions collection API
|
||||
description: Use this API to create calls related to get filemachineactions collection
|
||||
keywords: apis, graph api, supported apis, filemachineactions collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get IP related alerts API
|
||||
description: Retrieves a collection of alerts related to a given IP address.
|
||||
keywords: apis, graph api, supported apis, get, ip, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get IP related machines API
|
||||
description: Retrieves a collection of machines related to a given IP address.
|
||||
keywords: apis, graph api, supported apis, get, ip, related, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get IP statistics API
|
||||
description: Retrieves the prevalence for the given IP.
|
||||
keywords: apis, graph api, supported apis, get, ip, statistics, prevalence
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get KB collection API
|
||||
description: Retrieves a collection of KB's.
|
||||
keywords: apis, graph api, supported apis, get, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machine by ID API
|
||||
description: Retrieves a machine entity by ID.
|
||||
keywords: apis, graph api, supported apis, get, machines, entity, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machine log on users API
|
||||
description: Retrieves a collection of logged on users.
|
||||
keywords: apis, graph api, supported apis, get, machine, log on, users
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machine related alerts API
|
||||
description: Retrieves a collection of alerts related to a given machine ID.
|
||||
keywords: apis, graph api, supported apis, get, machines, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get MachineAction object API
|
||||
description: Use this API to create calls related to get machineaction object
|
||||
keywords: apis, graph api, supported apis, machineaction object
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get MachineActions collection API
|
||||
description: Use this API to create calls related to get machineactions collection
|
||||
keywords: apis, graph api, supported apis, machineaction collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get RBAC machine groups collection API
|
||||
description: Retrieves a collection of RBAC machine groups.
|
||||
keywords: apis, graph api, supported apis, get, RBAC, group
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machines API
|
||||
description: Retrieves a collection of recently seen machines.
|
||||
keywords: apis, graph api, supported apis, get, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machines security states collection API
|
||||
description: Retrieves a collection of machines security states.
|
||||
keywords: apis, graph api, supported apis, get, machine, security, state
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get package SAS URI API
|
||||
description: Use this API to get a URI that allows downloading an investigation package.
|
||||
keywords: apis, graph api, supported apis, get package, sas, uri
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get started with Windows Defender Advanced Threat Protection
|
||||
description: Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
|
||||
keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get user information API
|
||||
description: Retrieve a User entity by key such as user name or domain.
|
||||
keywords: apis, graph api, supported apis, get, user, user information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get user related alerts API
|
||||
description: Retrieves a collection of alerts related to a given user ID.
|
||||
keywords: apis, graph api, supported apis, get, user, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get user related machines API
|
||||
description: Retrieves a collection of machines related to a given user ID.
|
||||
keywords: apis, graph api, supported apis, get, user, user related alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
title: How hardware-based containers help protect Windows 10 (Windows 10)
|
||||
description: Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
|
||||
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Incidents queue in Windows Defender ATP
|
||||
description:
|
||||
keywords: incidents, aggregate, investigations, queue, ttp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate Windows Defender Advanced Threat Protection alerts
|
||||
description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
|
||||
keywords: investigate, investigation, machines, machine, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate Windows Defender Advanced Threat Protection domains
|
||||
description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
|
||||
keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate Windows Defender Advanced Threat Protection files
|
||||
description: Use the investigation options to get details on files associated with alerts, behaviours, or events.
|
||||
keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate incidents in Windows Defender ATP
|
||||
description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
|
||||
keywords: investigate, incident, alerts, metadata, risk, detection source, affected machines, patterns, correlation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate an IP address associated with an alert
|
||||
description: Use the investigation options to examine possible communication between machines and external IP addresses.
|
||||
keywords: investigate, investigation, IP address, alert, windows defender atp, external IP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate machines in the Windows Defender ATP Machines list
|
||||
description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health.
|
||||
keywords: machines, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate a user account in Windows Defender ATP
|
||||
description: Investigate a user account for potential compromised credentials or pivot on the associated user account during an investigation.
|
||||
keywords: investigate, account, user, user entity, alert, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Is domain seen in org API
|
||||
description: Use this API to create calls related to checking whether a domain was seen in the organization.
|
||||
keywords: apis, graph api, supported apis, domain, domain seen
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Is IP seen in org API
|
||||
description: Answers whether an IP was seen in the organization.
|
||||
keywords: apis, graph api, supported apis, is, ip, seen, org, organization
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Isolate machine API
|
||||
description: Use this API to create calls related isolating a machine.
|
||||
keywords: apis, graph api, supported apis, isolate machine
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Validate licensing provisioning and complete Windows Defender ATP set up
|
||||
description: Validating licensing provisioning, setting up initial preferences, and completing the user set up for Windows Defender Advanced Threat Protection portal.
|
||||
keywords: license, licensing, account, set up, validating licensing, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Create and manage machine groups in Windows Defender ATP
|
||||
description: Create machine groups and set automated remediation levels on them by confiring the rules that apply on the group
|
||||
keywords: machine groups, groups, remediation, level, rules, aad group, role, assign, rank
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Create and manage machine tags
|
||||
description: Use machine tags to group machines to capture context and enable dynamic list creation as part of an incident
|
||||
keywords: tags, machine tags, machine groups, groups, remediation, level, rules, aad group, role, assign, rank
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user