From c16414bd4d1b3e8f4f4b76fdfcb7b5d795f45ee8 Mon Sep 17 00:00:00 2001 From: Scott Brondel Date: Mon, 5 Oct 2020 15:59:34 -0500 Subject: [PATCH 01/24] Update tvm-software-inventory.md I've worked with customers who are expecting a full SCCM-style Software Inventory of all clients because of the sentence "The software inventory in threat and vulnerability management is a list of all the software in your organization". Edit adds on "with known vulnerabilities" to reflect the true scope of this inventory. --- .../microsoft-defender-atp/tvm-software-inventory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 215f2fc19c..2399841129 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -26,7 +26,7 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -The software inventory in threat and vulnerability management is a list of all the software in your organization. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. +The software inventory in threat and vulnerability management is a list of all the software in your organization with known vulnerabilities. It also includes details such as the name of the vendor, number of weaknesses, threats, and number of exposed devices. ## How it works From 0ea7fb8c9bb9c51d52b1f8408ca5adcc1f4a2daa Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Mon, 5 Oct 2020 14:40:33 -0700 Subject: [PATCH 02/24] Add link to Proxy document Add link to Proxy document --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 1def8466e7..6a93a63ec7 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -136,7 +136,7 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. -**What are the requirements if I use a proxy?**: You must allow Byte Range requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. +**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should setup the proxy via Windows Proxy Settings or the Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/en-us/windows/deployment/update/delivery-optimization-proxy). Most content downloaded via Delivery Optimization leverages Byte Range requests. Make sure your proxy allows Byte Range Requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. **What hostnames should I allow through my firewall to support Delivery Optimization?**: From 8dc8bfba9d8c669e59a910d475c5887ceabd06a3 Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Mon, 5 Oct 2020 17:50:28 -0700 Subject: [PATCH 03/24] update networkservice table NetworkService + netsh proxy - should be "yes" in the table instead of "no" --- windows/deployment/update/delivery-optimization-proxy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/delivery-optimization-proxy.md b/windows/deployment/update/delivery-optimization-proxy.md index 1c4a8224fc..21e355ea15 100644 --- a/windows/deployment/update/delivery-optimization-proxy.md +++ b/windows/deployment/update/delivery-optimization-proxy.md @@ -54,7 +54,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user): |---------|---------| |Internet Explorer proxy, current user | No | |Internet Explorer proxy, device-wide | Yes | -|netsh proxy | No | +|netsh proxy | Yes | |Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, netsh proxy is used | |Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, netsh proxy is used | @@ -76,4 +76,4 @@ However, you can set the Connected Cache server to use an unauthenticated proxy. - [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](https://docs.microsoft.com/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) - [How to use GPP Registry to uncheck automatically detect settings? ](https://docs.microsoft.com/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings) -- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) \ No newline at end of file +- [How to configure a proxy server URL and Port using GPP Registry?](https://docs.microsoft.com/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) From ea543764be181082e3efdea6db349bbee531e944 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 15:38:41 -0700 Subject: [PATCH 04/24] updating metadata for MDATP --- .../advanced-hunting-best-practices.md | 4 +- .../android-configure.md | 4 +- .../microsoft-defender-atp/android-intune.md | 4 +- .../android-support-signin.md | 4 +- .../auto-investigation-action-center.md | 4 +- .../automated-investigations.md | 4 +- .../behavioral-blocking-containment.md | 2 + .../client-behavioral-blocking.md | 2 + .../configure-microsoft-threat-experts.md | 4 +- .../edr-in-block-mode.md | 3 + ...endpoint-detection-response-mac-preview.md | 4 +- .../investigate-alerts.md | 4 +- .../investigate-behind-proxy.md | 4 +- .../investigate-domain.md | 4 +- .../investigate-files.md | 4 +- .../investigate-incidents.md | 4 +- .../microsoft-defender-atp/investigate-ip.md | 4 +- .../investigate-machines.md | 4 +- .../investigate-user.md | 4 +- .../microsoft-defender-atp/investigation.md | 4 +- .../ios-configure-features.md | 4 +- .../microsoft-defender-atp/ios-install.md | 4 +- .../ios-privacy-statement.md | 4 +- .../microsoft-defender-atp/ios-terms.md | 4 +- .../linux-exclusions.md | 4 +- .../linux-install-manually.md | 4 +- .../linux-install-with-ansible.md | 4 +- .../linux-install-with-puppet.md | 4 +- .../linux-preferences.md | 4 +- .../microsoft-defender-atp/linux-pua.md | 4 +- .../microsoft-defender-atp/linux-resources.md | 4 +- .../linux-static-proxy-configuration.md | 4 +- .../linux-support-connectivity.md | 4 +- .../linux-support-install.md | 4 +- .../linux-support-perf.md | 4 +- .../microsoft-defender-atp/linux-updates.md | 4 +- .../microsoft-defender-atp/linux-whatsnew.md | 4 +- .../microsoft-defender-atp/mac-exclusions.md | 4 +- .../mac-install-jamfpro-login.md | 4 +- .../mac-install-manually.md | 4 +- .../mac-install-with-intune.md | 4 +- .../mac-install-with-jamf.md | 4 +- .../mac-install-with-other-mdm.md | 4 +- .../mac-jamfpro-device-groups.md | 4 +- .../mac-jamfpro-enroll-devices.md | 4 +- .../mac-jamfpro-policies.md | 4 +- .../microsoft-defender-atp/mac-preferences.md | 4 +- .../microsoft-defender-atp/mac-privacy.md | 4 +- .../microsoft-defender-atp/mac-pua.md | 4 +- .../microsoft-defender-atp/mac-resources.md | 4 +- .../mac-schedule-scan-atp.md | 4 +- .../mac-support-install.md | 4 +- .../mac-support-kext.md | 4 +- .../mac-support-license.md | 4 +- .../mac-support-perf.md | 4 +- .../mac-sysext-policies.md | 4 +- .../mac-sysext-preview.md | 4 +- .../microsoft-defender-atp/mac-updates.md | 4 +- .../microsoft-defender-atp/mac-whatsnew.md | 4 +- .../manage-auto-investigation.md | 4 +- .../microsoft-defender-atp/manage-edr.md | 4 +- .../manage-incidents.md | 5 +- .../microsoft-defender-atp-android.md | 4 +- .../microsoft-defender-atp-ios.md | 4 +- .../microsoft-defender-atp-linux.md | 4 +- .../microsoft-defender-atp-mac.md | 4 +- .../microsoft-defender-security-center.md | 4 +- .../microsoft-threat-experts.md | 4 +- .../microsoft-defender-atp/review-alerts.md | 4 +- .../run-detection-test.md | 4 +- .../threat-analytics.md | 4 +- .../threat-and-vuln-mgt-event-timeline.md | 4 +- .../threat-and-vuln-mgt-scenarios.md | 4 +- .../tvm-dashboard-insights.md | 4 +- .../tvm-exposure-score.md | 4 +- .../tvm-microsoft-secure-score-devices.md | 4 +- .../microsoft-defender-atp/tvm-remediation.md | 4 +- .../tvm-security-recommendation.md | 4 +- .../tvm-software-inventory.md | 4 +- .../tvm-supported-os.md | 4 +- .../microsoft-defender-atp/tvm-weaknesses.md | 4 +- ...e-worm-targets-out-of-date-systems-wdsi.md | 254 ------------------ .../troubleshooting-uwp-firewall.md | 4 +- 83 files changed, 244 insertions(+), 334 deletions(-) delete mode 100644 windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index 55a5df13d1..f5897e5067 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -13,7 +13,9 @@ author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index e8bb4f8847..23418c880c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 079bb71234..3d0596a066 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index a989d91d73..4c894c657b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index bca632927a..b1ca5d6277 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -12,7 +12,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index d422058827..4d6b8f369b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -15,7 +15,9 @@ ms.date: 09/30/2020 ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.custom: AIR diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index e9516735d3..1dde7195b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -16,6 +16,8 @@ ms.custom: - next-gen - edr ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint --- # Behavioral blocking and containment diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index fee9bbd249..94b228841a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -16,6 +16,8 @@ ms.custom: - next-gen - edr ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint --- # Client behavioral blocking diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index 7503ffcee1..b6a1734953 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -14,7 +14,9 @@ author: DulceMontemayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index a92e2b43c4..e0044d7767 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -16,6 +16,9 @@ ms.custom: - next-gen - edr ms.date: 08/21/2020 +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint --- # Endpoint detection and response (EDR) in block mode diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index d8b5e85940..60fa3bbb66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 892f860dff..6d68413d04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 0738fd810b..79ea086abc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 65739231df..1a81d14c1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 0c25dc5114..3ea4a81ef3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index 2c7b5a46cc..9248b00bc1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 5bcdb3f2c1..6ad54fdad1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 6e97ffcfa7..0c27dfa596 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index dd1a9f6766..67e50c3db9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 6f499c34c0..74aab18e01 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -12,7 +12,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 95350170ab..3e1d3e88ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index d4f6077795..589ac8f728 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md index f775848c86..18efc534bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md @@ -14,7 +14,9 @@ author: sunasing ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index 6969f1c941..8b27316acf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -14,7 +14,9 @@ author: sunasing ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index baf41c376e..40e11bc1ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 9d3a0f6ab6..bb7ea0b659 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 4e622f504d..29d00b8682 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index a89c89272b..5329ff85b5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 22cebfbcda..4623b9404c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index 40ac81e1d0..f8a1528015 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index e79f91ce6c..0c0540d5fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index d2df9ea151..5b58e7360d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 81de10526e..cf4c908330 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 5453c8c205..14bdaf18cd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index e0c27b4a46..22da390046 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +mms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index adc018682b..75b74c04c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 302d9c6717..4ee52d6643 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 2399987032..7a94346bfa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index 49c40a09a3..6f531869c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index db852ca545..70327e5dbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index d7a00dd754..8a12f3b24a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index f0d4ab8a8a..9f1df1d2eb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index 1f4d373697..d889ac46d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -13,7 +13,9 @@ author: maximvelichko ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 0c869e76e4..2905fb1e88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index fd353eceb3..d043bfc33d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index 10411a985d..fb8ad38590 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md index a85c712b92..f0e31f2f99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md index 5bb254d10c..a721605327 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md index e13d95555f..d2c603c8a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 2aafa7220d..787970e267 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index 5fde32aab8..da8701705a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md index feb636fd2d..78aef5a5d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index f773e91875..fb981aa16e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md index 72cfd50ff0..090950a69c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index 04cfb43c25..edaed64d2b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index 24c22d7bd0..fc8f955180 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index 27ec242709..2f83c71bf8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index a356d8d895..c67b6de1e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 7748721340..c3c24ac819 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -13,7 +13,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index 116cc0e459..fe448008b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -13,7 +13,9 @@ author: denisebmsft ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ms.date: 09/15/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index 1755204179..d60924e1fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index 05f77e6b94..aefc151c14 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -13,9 +13,10 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article -ms.date: 10/08/2018 --- # Manage Microsoft Defender ATP incidents diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index a382a8463d..bcdc9ac3e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index ed5256954e..be494de5b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 1e0b400707..667e35238c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 7d4487ffaf..5a96df370a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -14,7 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md index ee826bd394..0e6a5a3770 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index 9831cb1cf8..fe2daca8e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -14,7 +14,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md index b956165700..3a52dc1d5f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md @@ -11,7 +11,9 @@ author: danihalfin ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual ms.date: 5/1/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index 257fb9494d..0aff954d23 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index caf55924e5..0af52385dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -14,7 +14,9 @@ author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 3ad5cff1e5..1be7e019e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Event timeline - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 85d599cd64..ad34d33afc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 00d85e1d60..087609d893 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Threat and vulnerability management dashboard insights diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 28da6b8c57..ddebda2984 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Exposure score - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index ad687089f9..7578763d5b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Microsoft Secure Score for Devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 3a45c885e5..847425a5c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Remediation activities and exceptions - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index a64042be50..7aa0b7c039 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Security recommendations - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 215f2fc19c..d87740df9c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Software inventory - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 0b2eca42e4..f142e959a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- # Supported operating systems and platforms - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 4f2cc260b4..27a8549bbe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -13,7 +13,9 @@ author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- # Weaknesses found by threat and vulnerability management diff --git a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md b/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md deleted file mode 100644 index 387aca9327..0000000000 --- a/windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md +++ /dev/null @@ -1,254 +0,0 @@ ---- -title: WannaCrypt ransomware worm targets out-of-date systems -description: This is an early analysis of the WannaCrypt ransomware attack. Microsoft antimalware diagnostic data immediately picked up signs of this campaign in May 2017. -keywords: wannacry, wannacrypt, wanna, ransomware -search.product: eADQiWindows 10XVcnh -ms.pagetype: security -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.localizationpriority: medium -author: dulcemontemayor -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp -ms.author: dansimp ---- - -# WannaCrypt ransomware worm targets out-of-date systems - - -On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as [WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt), appears to have affected computers that have not applied the patch for these vulnerabilities. While the attack is unfolding, we remind users to install [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx) if they have not already done so. - -Microsoft antimalware diagnostic data immediately picked up signs of this campaign. Our expert systems gave us visibility and context into this new attack as it happened, allowing [Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) to deliver real-time defense. Through automated analysis, machine learning, and predictive modeling, we were able to rapidly protect against this malware. - -In this blog, we provide an early analysis of the end-to-end ransomware attack. Please note this threat is still under investigation. The attack is still active, and there is a possibility that the attacker will attempt to react to our detection response. - -## Attack vector - -Ransomware threats do not typically spread rapidly. Threats like WannaCrypt (also known as WannaCry, WanaCrypt0r, WCrypt, or WCRY) usually leverage social engineering or email as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators used publicly available exploit code for the patched SMB 'EternalBlue' vulnerability, [CVE-2017-0145](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145), which can be triggered by sending a specially crafted packet to a targeted SMBv1 server. This vulnerability was fixed in security bulletin [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx), which was released on March 14, 2017. - -WannaCrypt's spreading mechanism is borrowed from [well-known](https://packetstormsecurity.com/files/142464/MS17-010-SMBv1-SrvOs2FeaToNt-OOB-Remote-Code-Execution.html) [public SMB exploits](https://github.com/RiskSense-Ops/MS17-010), which armed this regular ransomware with worm-like functionalities, creating an entry vector for machines still unpatched even after the fix had become available. - -The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack. - -We haven't found evidence of the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly possible explanations for the spread of this ransomware: - -- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit -- Infection through SMB exploit when an unpatched computer is addressable from other infected machines - -## Dropper - -The threat arrives as a dropper Trojan that has the following two components: - -1. A component that attempts to exploit the SMB CVE-2017-0145 vulnerability in other computers -2. The ransomware known as WannaCrypt - -The dropper tries to connect the following domains using the API `InternetOpenUrlA()`: - -- www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com -- www[.]ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com - -If connection to the domains is successful, the dropper does not infect the system further with ransomware or try to exploit other systems to spread; it simply stops execution. However, if the connection fails, the threat proceeds to drop the ransomware and creates a service on the system. - -In other words, unlike in most malware infections, **IT Administrators should NOT block these domains**. Note that the malware is not proxy-aware, so a local DNS record may be required. This does not need to point to the Internet, but can resolve to any accessible server which will accept connections on TCP 80. - -![Connection information from WannaCrypt code](images/wanna1.png) - -The threat creates a service named *mssecsvc2.0*, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system: -``` -Service Name: mssecsvc2.0 -Service Description: (Microsoft Security Center (2.0) Service) -Service Parameters: '-m security' -``` - - ![Mssecsvc2.0 process details](images/wanna2.png) - -## WannaCrypt ransomware - -The ransomware component is a dropper that contains a password-protected .zip archive in its resource section. The document encryption routine and the files in the .zip archive contain support tools, a decryption tool, and the ransom message. In the samples we analyzed, the password for the .zip archive is 'WNcry@2ol7'. - -When run, WannaCrypt creates the following registry keys: - -- *HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\\ = '\\tasksche.exe'* -- *HKLM\SOFTWARE\WanaCrypt0r\\wd = '\'* - -It changes the wallpaper to a ransom message by modifying the following registry key: - -- *HKCU\Control Panel\Desktop\Wallpaper: '\\\@WanaDecryptor@.bmp'* - -It creates the following files in the malware's working directory: - -- *00000000.eky* -- *00000000.pky* -- *00000000.res* -- *274901494632976.bat* -- @Please_Read_Me@.txt -- @WanaDecryptor@.bmp -- @WanaDecryptor@.exe -- *b.wnry* -- *c.wnry* -- *f.wnry* -- *m.vbs* -- *msg\m_bulgarian.wnry* -- *msg\m_chinese (simplified).wnry* -- *msg\m_chinese (traditional).wnry* -- *msg\m_croatian.wnry* -- *msg\m_czech.wnry* -- *msg\m_danish.wnry* -- *msg\m_dutch.wnry* -- *msg\m_english.wnry* -- *msg\m_filipino.wnry* -- *msg\m_finnish.wnry* -- *msg\m_french.wnry* -- *msg\m_german.wnry* -- *msg\m_greek.wnry* -- *msg\m_indonesian.wnry* -- *msg\m_italian.wnry* -- *msg\m_japanese.wnry* -- *msg\m_korean.wnry* -- *msg\m_latvian.wnry* -- *msg\m_norwegian.wnry* -- *msg\m_polish.wnry* -- *msg\m_portuguese.wnry* -- *msg\m_romanian.wnry* -- *msg\m_russian.wnry* -- *msg\m_slovak.wnry* -- *msg\m_spanish.wnry* -- *msg\m_swedish.wnry* -- *msg\m_turkish.wnry* -- *msg\m_vietnamese.wnry* -- *r.wnry* -- *s.wnry* -- *t.wnry* -- *TaskData\Tor\libeay32.dll* -- *TaskData\Tor\libevent-2-0-5.dll* -- *TaskData\Tor\libevent_core-2-0-5.dll* -- *TaskData\Tor\libevent_extra-2-0-5.dll* -- *TaskData\Tor\libgcc_s_sjlj-1.dll* -- *TaskData\Tor\libssp-0.dll* -- *TaskData\Tor\ssleay32.dll* -- *TaskData\Tor\taskhsvc.exe* -- *TaskData\Tor\tor.exe* -- *TaskData\Tor\zlib1.dll* -- *taskdl.exe* -- *taskse.exe* -- *u.wnry* - -WannaCrypt may also create the following files: - -- *%SystemRoot%\tasksche.exe* -- *%SystemDrive%\intel\\\\tasksche.exe* -- *%ProgramData%\\\\tasksche.exe* - -It may create a randomly named service that has the following associated ImagePath: `cmd.exe /c '\tasksche.exe'`. - -It then searches the whole computer for any file with any of the following file name extensions: *.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der' , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw.* - -WannaCrypt encrypts all files it finds and renames them by appending *.WNCRY* to the file name. For example, if a file is named *picture.jpg*, the ransomware encrypts and renames the file to *picture.jpg.WNCRY*. - -This ransomware also creates the file @Please_Read_Me@.txt in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image (see screenshot below). - -After completing the encryption process, the malware deletes the volume shadow copies by running the following command: -`cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet` - -It then replaces the desktop background image with the following message: - -![Example background image of WannaCrypt](images/wanna3.png) - -It also runs an executable showing a ransom note which indicates a $300 ransom in Bitcoins as well as a timer: - - ![Screenshot of WannaCrypt ransom notice](images/wanna4.png) - -The text is localized into the following languages: Bulgarian, Chinese (simplified), Chinese (traditional), Croatian, Czech, Danish, Dutch, English, Filipino, Finnish, French, German, Greek, Indonesian, Italian, Japanese, Korean, Latvian, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, Swedish, Turkish, and Vietnamese. - -The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. - - ![Screenshot of decryption window](images/wanna5.png) - -## Spreading capability - -The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infect other vulnerable computers. This activity results in large SMB traffic from the infected host, which can be observed by SecOps personnel, as shown below. - -![Spreading scanning activity](images/wanna6.png) - -The Internet scanning routine randomly generates octets to form the IPv4 address. The malware then targets that IP to attempt to exploit CVE-2017-0145. The threat avoids infecting the IPv4 address if the randomly generated value for first octet is 127 or if the value is equal to or greater than 224, in order to skip local loopback interfaces. Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. - -When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode that seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems. - - ![Kernel-level shellcode used by WannaCrypt](images/wanna7.png) - - ![Kernel-level shellcode used by WannaCrypt](images/wanna8.png) - -## Protection against the WannaCrypt attack - -To get the latest protection from Microsoft, upgrade to [Windows 10](https://www.microsoft.com/windows/windows-10-upgrade). Keeping your computers [up-to-date](https://www.microsoft.com/security/portal/mmpc/help/updatefaqs.aspx) gives you the benefits of the latest features and proactive mitigations built into the latest versions of Windows. - -We recommend customers that have not yet installed the security update [MS17-010](https://technet.microsoft.com/library/security/ms17-010.aspx) do so as soon as possible. Until you can apply the patch, we also recommend two possible workarounds to reduce the attack surface: - -- Disable SMBv1 with the steps documented at [Microsoft Knowledge Base Article 2696547](https://support.microsoft.com/kb/2696547) and as [recommended previously](https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/) -- Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445 - -[Microsoft Defender Antivirus](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) detects this threat as [Ransom:Win32/WannaCrypt](https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt) as of the *1.243.297.0* update. Microsoft Defender Antivirus uses cloud-based protection, helping to protect you from the latest threats. - -For enterprises, use [Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide) to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running. - -Use [Office 365 Advanced Threat Protection](https://blogs.office.com/2015/04/08/introducing-exchange-online-advanced-threat-protection/), which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware. - -Monitor networks with [Windows Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), which alerts security operations teams about suspicious activities. Download this playbook to see how you can leverage Windows Defender ATP to detect, investigate, and mitigate ransomware in networks: [Windows Defender Advanced Threat Protection - Ransomware response playbook](https://www.microsoft.com/download/details.aspx?id=55090). - -## Resources - -Download English language security updates: [Windows Server 2003 SP2 x64](http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe), [Windows Server 2003 SP2 x86,](http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe) [Windows XP SP2 x64](http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe), [Windows XP SP3 x86](http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe), [Windows XP Embedded SP3 x86](http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-embedded-custom-enu_8f2c266f83a7e1b100ddb9acd4a6a3ab5ecd4059.exe), [Windows 8 x86,](http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x86_a0f1c953a24dd042acc540c59b339f55fb18f594.msu) [Windows 8 x64](http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu) - -Download localized language security updates: [Windows Server 2003 SP2 x64](https://www.microsoft.com/downloads/details.aspx?FamilyId=d3cb7407-3339-452e-8371-79b9c301132e), [Windows Server 2003 SP2 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=350ec04d-a0ba-4a50-9be3-f900dafeddf9), [Windows XP SP2 x64](https://www.microsoft.com/downloads/details.aspx?FamilyId=5fbaa61b-15ce-49c7-9361-cb5494f9d6aa), [Windows XP SP3 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=7388c05d-9de6-4c6a-8b21-219df407754f), [Windows XP Embedded SP3 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=a1db143d-6ad2-4e7e-9e90-2a73316e1add), [Windows 8 x86](https://www.microsoft.com/downloads/details.aspx?FamilyId=6e2de6b7-9e43-4b42-aca2-267f24210340), [Windows 8 x64](https://www.microsoft.com/downloads/details.aspx?FamilyId=b08bb3f1-f156-4e61-8a68-077963bae8c0) - -MS17-010 Security Update: [https://technet.microsoft.com/library/security/ms17-010.aspx](https://technet.microsoft.com/library/security/ms17-010.aspx) - -Customer guidance for WannaCrypt attacks: [https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/](https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/) - -General information on ransomware: [https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx](https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx) - -## Indicators of compromise - -SHA1 of samples analyzed: - -- 51e4307093f8ca8854359c0ac882ddca427a813c -- e889544aff85ffaf8b0d0da705105dee7c97fe26 - -Files created: - -- %SystemRoot%\mssecsvc.exe -- %SystemRoot%\tasksche.exe -- %SystemRoot%\qeriuwjhrf -- b.wnry -- c.wnry -- f.wnry -- r.wnry -- s.wnry -- t.wnry -- u.wnry -- taskdl.exe -- taskse.exe -- 00000000.eky -- 00000000.res -- 00000000.pky -- @WanaDecryptor@.exe -- @Please_Read_Me@.txt -- m.vbs -- @WanaDecryptor@.exe.lnk -- @WanaDecryptor@.bmp -- 274901494632976.bat -- taskdl.exe -- Taskse.exe -- Files with '.wnry' extension -- Files with '.WNCRY' extension - -Registry keys created: - -- HKLM\SOFTWARE\WanaCrypt0r\wd - - - -*Karthik Selvaraj, Elia Florio, Andrea Lelli, and Tanmay Ganacharya*
*Microsoft Malware Protection Center* - diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md index 6071427eda..00bdfd5630 100644 --- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md +++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md @@ -10,7 +10,9 @@ ms.pagetype: security ms.localizationpriority: medium author: dansimp manager: dansimp -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-windows-security ms.topic: troubleshooting --- From 55eec2b02f715e8a19320275b596af48b24c68ab Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 16:06:17 -0700 Subject: [PATCH 05/24] few more --- .../microsoft-defender-atp/configure-proxy-internet.md | 4 +++- .../threat-protection/microsoft-defender-atp/preview.md | 4 +++- .../whats-new-in-microsoft-defender-atp.md | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index d115e3867d..8d3133a0cf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index e67120d349..e6bc0d25bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 2f6aaf198d..ef2b779d74 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -13,7 +13,9 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: +- m365-security-compliance +- m365-initiative-defender-endpoint ms.topic: conceptual --- From fc37a78541593f6ed25395208d5e61e3a970d5c4 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 16:10:56 -0700 Subject: [PATCH 06/24] one more --- .../advanced-hunting-best-practices.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index f5897e5067..fa0707db95 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -13,9 +13,8 @@ author: lomayor ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365-initiative-defender-endpoint +ms.collection: m365-security-compliance + ms.topic: article --- From 4c2187b6a8ad21e5c3a95c66e8ce78a64e132198 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 9 Oct 2020 16:14:48 -0700 Subject: [PATCH 07/24] Update advanced-hunting-best-practices.md --- .../microsoft-defender-atp/advanced-hunting-best-practices.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md index fa0707db95..439322a448 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md @@ -14,7 +14,6 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: m365-security-compliance - ms.topic: article --- From e66287b049fd4af97f7996239941a8fb513383f9 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Fri, 9 Oct 2020 16:27:20 -0700 Subject: [PATCH 08/24] Update advanced-hunting-query-language.md --- .../advanced-hunting-query-language.md | 40 +++++++++---------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index 7003a2670e..f392fb5bbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -21,13 +21,12 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) -Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto syntax and operators to construct queries that locate information in the [schema](advanced-hunting-schema-reference.md) specifically structured for advanced hunting. To understand these concepts better, run your first query. +Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-reference.md). To understand these concepts better, run your first query. ## Try your first query @@ -52,26 +51,21 @@ union DeviceProcessEvents, DeviceNetworkEvents FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType | top 100 by Timestamp ``` - -This is how it will look like in advanced hunting. - -![Image of Microsoft Defender ATP advanced hunting query](images/advanced-hunting-query-example-2.png) - +**[Run this query in advanced hunting](https://securitycenter.windows.com/hunting?query=H4sIAAAAAAAEAI2TT0vDQBDF5yz4HUJPFcTqyZsXqyCIBFvxKNGWtpo_NVlbC8XP7m8mado0K5Zls8nkzdu3b2Z70pNAbmUmqYyk4D2UTJYyllwGMmWNGQHrN_NNvsSBzUBrbMFMiWieAx3xDEBl4GL4AuNd8B0bNgARENcdUmIZ3yM5liPwac3bN-YZPGPU5ET1rWDc7Ox4uod8YDp4MzI-GkjlX4Ne2nly0zEkKzFWh4ZE5sSuTN8Ehq5couvEMnvmUAhez-HsRBMipVa_W_OG6vEfGtT12JRHpqV064e1Kx04NsxFzXxW1aFjp_djXmDRPbfY3XMMcLogTz2bWZ2KqmIJI6q6wKe2WYnrRsa9KVeU9kCBBo2v7BzPxF_Bx2DKiqh63SGoRoc6Njti48z_yL71XHQAcgAur6rXRpcqH3l-4knZF23Utsbq2MircEqmw-G__xR1TdZ1r7zb7XLezmx3etkvGr-ze6NdGdW92azUfpcdluWvr-aqbh_nofnqcWI3aYyOsBV7giduRUO7187LMKTT5rxvHHX80_t8IeeMgLquvL7-Ak3q-kz8BAAA&runQuery=true&timeRangeId=week)** ### Describe the query and specify the tables to search -A short comment has been added to the beginning of the query to describe what it is for. This helps if you later decide to save the query and share it with others in your organization. +A short comment has been added to the beginning of the query to describe what it is for. This comment helps if you later decide to save the query and share it with others in your organization. ```kusto // Finds PowerShell execution events that could involve a download ``` - -The query itself will typically start with a table name followed by a series of elements started by a pipe (`|`). In this example, we start by creating a union of two tables, `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed. +The query itself will typically start with a table name followed by several elements that start with a pipe (`|`). In this example, we start by creating a union of two tables, `DeviceProcessEvents` and `DeviceNetworkEvents`, and add piped elements as needed. ```kusto union DeviceProcessEvents, DeviceNetworkEvents ``` ### Set the time range -The first piped element is a time filter scoped to the previous seven days. Keeping the time range as narrow as possible ensures that queries perform well, return manageable results, and don't time out. +The first piped element is a time filter scoped to the previous seven days. Limiting the time range helps ensure that queries perform well, return manageable results, and don't time out. ```kusto | where Timestamp > ago(7d) @@ -101,7 +95,7 @@ Afterwards, the query looks for strings in command lines that are typically used ``` ### Customize result columns and length -Now that your query clearly identifies the data you want to locate, you can add elements that define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process. +Now that your query clearly identifies the data you want to locate, you can define what the results look like. `project` returns specific columns, and `top` limits the number of results. These operators help ensure the results are well-formatted and reasonably large and easy to process. ```kusto | project Timestamp, DeviceName, InitiatingProcessFileName, InitiatingProcessCommandLine, @@ -109,7 +103,7 @@ FileName, ProcessCommandLine, RemoteIP, RemoteUrl, RemotePort, RemoteIPType | top 100 by Timestamp ``` -Click **Run query** to see the results. Select the expand icon at the top right of the query editor to focus on your hunting query and the results. +Select **Run query** to see the results. Use the expand icon at the top right of the query editor to focus on your hunting query and the results. ![Image of the Expand control in the advanced hunting query editor](images/advanced-hunting-expand.png) @@ -118,7 +112,7 @@ Click **Run query** to see the results. Select the expand icon at the top right ## Learn common query operators for advanced hunting -Now that you've run your first query and have a general idea of its components, it's time to backtrack a little bit and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones. +You've just run your first query and have a general idea of its components. It's time to backtrack slightly and learn some basics. The Kusto query language used by advanced hunting supports a range of operators, including the following common ones. | Operator | Description and usage | |--|--| @@ -137,15 +131,17 @@ To see a live example of these operators, run them from the **Get started** sect ## Understand data types -Data in advanced hunting tables are generally classified into the following data types. +Advanced hunting supports Kusto data types, including the following common types: | Data type | Description and query implications | |--|--| -| `datetime` | Data and time information typically representing event timestamps | -| `string` | Character string | -| `bool` | True or false | -| `int` | 32-bit numeric value | -| `long` | 64-bit numeric value | +| `datetime` | Data and time information typically representing event timestamps. [See supported datetime formats](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/datetime) | +| `string` | Character string in UTF-8 enclosed in single quotes (`'`) or double quotes (`"`). [Read more about strings](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/string) | +| `bool` | This data type supports `true` or `false` states. [See supported literals and operators](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/bool) | +| `int` | 32-bit integer | +| `long` | 64-bit integer | + +To learn more about these data types, [read about Kusto scalar data types](https://docs.microsoft.com/azure/data-explorer/kusto/query/scalar-data-types/). ## Get help as you write queries Take advantage of the following functionality to write queries faster: @@ -155,7 +151,7 @@ Take advantage of the following functionality to write queries faster: - **[Schema reference](advanced-hunting-schema-reference.md#get-schema-information-in-the-security-center)**—in-portal reference with table and column descriptions as well as supported event types (`ActionType` values) and sample queries ## Work with multiple queries in the editor -The query editor can serve as your scratch pad for experimenting with multiple queries. To use multiple queries: +You can use the query editor to experiment with multiple queries. To use multiple queries: - Separate each query with an empty line. - Place the cursor on any part of a query to select that query before running it. This will run only the selected query. To run another query, move the cursor accordingly and select **Run query**. @@ -171,7 +167,7 @@ The **Get started** section provides a few simple queries using commonly used op ![Image of the advanced hunting get started tab](images/atp-advanced-hunting.png) > [!NOTE] -> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the GitHub query repository. +> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the [GitHub query repository](https://aka.ms/hunting-queries). ## Access comprehensive query language reference From 0f08bfb9860b4a8606163024b22817d136854859 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Fri, 9 Oct 2020 16:34:46 -0700 Subject: [PATCH 09/24] Update advanced-hunting-query-language.md --- .../microsoft-defender-atp/advanced-hunting-query-language.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md index f392fb5bbc..e115475712 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md @@ -74,7 +74,7 @@ The first piped element is a time filter scoped to the previous seven days. Limi ### Check specific processes The time range is immediately followed by a search for process file names representing the PowerShell application. -``` +```kusto // Pivoting on PowerShell processes | where FileName in~ ("powershell.exe", "powershell_ise.exe") ``` From 37d71890cd2049a5474e96efcf1b0c068d508acd Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 9 Oct 2020 17:14:48 -0700 Subject: [PATCH 10/24] Update preview.md --- .../threat-protection/microsoft-defender-atp/preview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index e67120d349..b59b351315 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -21,6 +21,8 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +>[!IMPORTANT] +>The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From 9e401054bba93feb1d41bf0d1c18e8efb4d5e39d Mon Sep 17 00:00:00 2001 From: Keith McCammon Date: Sat, 10 Oct 2020 09:51:41 -0600 Subject: [PATCH 11/24] Clarify language re: firmware-based threats --- .../security/threat-protection/intelligence/fileless-threats.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/fileless-threats.md b/windows/security/threat-protection/intelligence/fileless-threats.md index 6ae2dcfe4c..a5f4583231 100644 --- a/windows/security/threat-protection/intelligence/fileless-threats.md +++ b/windows/security/threat-protection/intelligence/fileless-threats.md @@ -43,7 +43,7 @@ A fully fileless malware can be considered one that never requires writing a fil A compromised device may also have malicious code hiding in device firmware (such as a BIOS), a USB peripheral (like the BadUSB attack), or in the firmware of a network card. All these examples don't require a file on the disk to run, and can theoretically live only in memory. The malicious code would survive reboots, disk reformats, and OS reinstalls. -Infections of this type can be extra difficult deal with because antivirus products usually don’t have the capability to inspect firmware. Even if they did, it would be extremely challenging to detect and remediate threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. +Infections of this type can be particularly difficult to detect because most antivirus products don’t have the capability to inspect firmware. In cases where a product does have the ability to inspect and detect malicious firmware, there are still significant challenges associated with remediation of threats at this level. This type of fileless malware requires high levels of sophistication and often depends on particular hardware or software configuration. It’s not an attack vector that can be exploited easily and reliably. While dangerous, threats of this type are uncommon and not practical for most attacks. ## Type II: Indirect file activity From 04cba9086d6a8dea6d437b3ec39203bb2087593d Mon Sep 17 00:00:00 2001 From: Ryan Steele Date: Sat, 10 Oct 2020 18:22:57 -0700 Subject: [PATCH 12/24] Fix broken link --- .../microsoft-defender-atp/configure-endpoints-non-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index 82e701c6e9..2f52d63533 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -40,7 +40,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib You'll need to take the following steps to onboard non-Windows devices: 1. Select your preferred method of onboarding: - - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-atp-mac). + - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**. 1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed. From 9775f9ca518c20aaf16787cb19bee4a9a4377e79 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 11 Oct 2020 08:32:54 +0500 Subject: [PATCH 13/24] Update waas-delivery-optimization.md --- .../deployment/update/waas-delivery-optimization.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 77c469b79d..9e420e620d 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -193,6 +193,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol - Clients aren’t able to reach the Delivery Optimization cloud services. - The cloud service doesn’t see other peers on the network. - Clients aren’t able to connect to peers that are offered back from the cloud service. +- None of the computers on the network are peering. ### Clients aren't able to reach the Delivery Optimization cloud services. @@ -204,7 +205,6 @@ If you suspect this is the problem, try these steps: 3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. - ### The cloud service doesn't see other peers on the network. If you suspect this is the problem, try these steps: @@ -223,6 +223,15 @@ If you suspect this is the problem, try a Telnet test between two devices on the 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. +### None of the computers on the network are peering + +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check following settings in assigned group policies, local group policies and MDM policies, whether they are too restrictive: + +- Minimum RAM (inclusive) allowed to use Peer Caching +- Minimum disk size allowed to use Peer Caching +- Enable Peer Caching while the device connects via VPN +- Allow uploads while the device is on battery while under set Battery level + From 8034fda3ed2a47056f605cb7f316e3b8e4d0ed48 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 09:40:03 +0500 Subject: [PATCH 14/24] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 9e420e620d..9051fde57c 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -225,7 +225,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the ### None of the computers on the network are peering -If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check following settings in assigned group policies, local group policies and MDM policies, whether they are too restrictive: +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: - Minimum RAM (inclusive) allowed to use Peer Caching - Minimum disk size allowed to use Peer Caching From 4655fb01438d225a84e82da1b3bdde4bbc6624f6 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 09:59:59 +0500 Subject: [PATCH 15/24] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 9051fde57c..2176e4545b 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -227,7 +227,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: -- Minimum RAM (inclusive) allowed to use Peer Caching +- Minimum RAM (inclusive) allowed to use Peer Caching. - Minimum disk size allowed to use Peer Caching - Enable Peer Caching while the device connects via VPN - Allow uploads while the device is on battery while under set Battery level From e2c92ed14b5e7d9a4e40147bfdb49e6d8293ef8c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:00:07 +0500 Subject: [PATCH 16/24] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2176e4545b..0b72208001 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -228,7 +228,7 @@ If you suspect this is the problem, try a Telnet test between two devices on the If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: - Minimum RAM (inclusive) allowed to use Peer Caching. -- Minimum disk size allowed to use Peer Caching +- Minimum disk size allowed to use Peer Caching. - Enable Peer Caching while the device connects via VPN - Allow uploads while the device is on battery while under set Battery level From b8711edafd7b10950a355c4ad946c84c271512d1 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:00:14 +0500 Subject: [PATCH 17/24] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 0b72208001..58dffde87b 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -230,7 +230,7 @@ If you suspect this is the problem, check Delivery Optimization settings that co - Minimum RAM (inclusive) allowed to use Peer Caching. - Minimum disk size allowed to use Peer Caching. - Enable Peer Caching while the device connects via VPN -- Allow uploads while the device is on battery while under set Battery level +- Allow uploads when the device is on battery while under the set battery level. From 4c9deba8d979f29cd454f8ef34d499fde7df3538 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:00:23 +0500 Subject: [PATCH 18/24] Update windows/deployment/update/waas-delivery-optimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 58dffde87b..f54ac455eb 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -229,7 +229,7 @@ If you suspect this is the problem, check Delivery Optimization settings that co - Minimum RAM (inclusive) allowed to use Peer Caching. - Minimum disk size allowed to use Peer Caching. -- Enable Peer Caching while the device connects via VPN +- Enable Peer Caching while the device connects via VPN. - Allow uploads when the device is on battery while under the set battery level. From 3ca0598fab79ce05369f9a9c5d5fb54a1d9ab2bc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 12 Oct 2020 10:53:30 +0530 Subject: [PATCH 19/24] replaced broken link with correct link as per user report #8445, so I replaced the correct link. --- .../microsoft-defender-atp/minimum-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index 0fab8add04..3e712cd6f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -61,7 +61,7 @@ For detailed licensing information, see the [Product Terms site](https://www.mic For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare). -For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559). +For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://wfbdevicemanagementprod.blob.core.windows.net/windowsforbusiness/Windows10_CommercialEdition_Comparison.pdf). ## Browser requirements Access to Microsoft Defender ATP is done through a browser, supporting the following browsers: From a82cfa3e8315f91f82cea608709a7ce320094b80 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 12 Oct 2020 10:01:57 -0700 Subject: [PATCH 20/24] edit --- windows/deployment/upgrade/quick-fixes.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md index f1d655d44b..445b6d5c18 100644 --- a/windows/deployment/upgrade/quick-fixes.md +++ b/windows/deployment/upgrade/quick-fixes.md @@ -158,11 +158,11 @@ To check and repair system files: ### Repair unsigned drivers -Drivers that are not properly signed can block the upgrade process. Drivers might not be properly signed if you: +[Drivers](https://docs.microsoft.com/windows-hardware/drivers/gettingstarted/what-is-a-driver-) are files ending in *.dll or *.sys that are used to communicate with hardware components. Because drivers are so important, they are cryptographically signed to ensure they are genuine. Drivers with a *.sys extension that are not properly signed frequently block the upgrade process. Drivers might not be properly signed if you: - Disabled driver signature verification (highly not recommended). - A catalog file used to sign a driver is corrupt or missing. -Catalog files are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. This can cause the upgrade process to fail. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. + Catalog files (files with a *.cat extension) are used to sign drivers. If a catalog file is corrupt or missing, the driver will appear to be unsigned, even though it should be signed. To restore the catalog file, reinstall the driver or copy the catalog file from another device. You might need to analyze another device to determine the catalog file that is associated with the unsigned driver. All drivers should be signed to ensure the upgrade process works. To check your system for unsigned drivers: @@ -178,7 +178,7 @@ To check your system for unsigned drivers: 7. After the scanning process is complete, if you see **Your files have been scanned and verified as digitally signed** then you have no unsigned drivers. Otherwise, you will see **The following files have not been digitally signed** and a list will be provided with name, location, and version of all unsigned drivers. 8. To view and save a log file, click **Advanced**, and then click **View Log**. Save the log file if desired. 9. Locate drivers in the log file that are unsigned, write down the location and file names. Also write down the catalog that is associated to the driver if it is provided. If the name of a catalog file is not provided you might need to analyze another device that has the same driver with sigverif and sigcheck (described below). -10. Download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. +10. The next step is to check that the driver reported as unsigned by sigverif.exe has a problem. In some cases, sigverif.exe might not be successful at locating the catalog file used to sign a driver, even though the catalog file exists. To perform a detailed driver check, download [sigcheck.zip](https://download.sysinternals.com/files/Sigcheck.zip) and extract the tool to a directory on your computer, for example: **C:\sigcheck**. [Sigcheck](https://docs.microsoft.com/sysinternals/downloads/sigcheck) is a tool that you can download and use to review digital signature details of a file. To use sigcheck: @@ -208,6 +208,8 @@ To check your system for unsigned drivers: Valid to: 11:46 AM 5/9/2018 (output truncated) ``` + In the example above, the afd.sys driver is properly signed by the catalog file Package_163_for_KB4054518~31bf3856ad364e35~x86~~6.1.1.2.cat. + 13. Optionally, you can generate a list of drivers using driverquery.exe, which is included with Windows. To save a list of signed and unsigned drivers with driverquery, type **driverquery /si > c:\drivers.txt** and press ENTER. See the following example: From e6e5bd607217be3b61e1cf516f7db6f9b249c47c Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 12 Oct 2020 10:20:15 -0700 Subject: [PATCH 21/24] Update waas-delivery-optimization.md Correcting language. Do not use "peer" as a verb--that means "to look at closely." --- .../update/waas-delivery-optimization.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index f54ac455eb..359a306462 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -193,7 +193,7 @@ If you don’t see any bytes coming from peers the cause might be one of the fol - Clients aren’t able to reach the Delivery Optimization cloud services. - The cloud service doesn’t see other peers on the network. - Clients aren’t able to connect to peers that are offered back from the cloud service. -- None of the computers on the network are peering. +- None of the computers on the network are getting updates from peers. ### Clients aren't able to reach the Delivery Optimization cloud services. @@ -223,14 +223,14 @@ If you suspect this is the problem, try a Telnet test between two devices on the 2. Run the test. For example, if you are on device with IP 192.168.8.12 and you are trying to test the connection to 192.168.9.17 run **telnet 192.168.9.17 7680** (the syntax is *telnet [destination IP] [port]*. You will either see a connection error or a blinking cursor like this /_. The blinking cursor means success. -### None of the computers on the network are peering +### None of the computers on the network are getting updates from peers -If you suspect this is the problem, check Delivery Optimization settings that could limit participation in Peer Caching. Check whether the following settings in assigned group policies, local group policies, and MDM policies are too restrictive: +If you suspect this is the problem, check Delivery Optimization settings that could limit participation in peer caching. Check whether the following settings in assigned group policies, local group policies, are MDM policies are too restrictive: -- Minimum RAM (inclusive) allowed to use Peer Caching. -- Minimum disk size allowed to use Peer Caching. -- Enable Peer Caching while the device connects via VPN. -- Allow uploads when the device is on battery while under the set battery level. +- Minimum RAM (inclusive) allowed to use peer caching +- Minimum disk size allowed to use peer caching +- Enable peer caching while the device connects using VPN. +- Allow uploads when the device is on battery while under the set battery level From a8c234a42b59b0d9c600832d8e1429fadf7aa026 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Mon, 12 Oct 2020 10:24:46 -0700 Subject: [PATCH 22/24] Update waas-delivery-optimization.md De-localizing links. --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 6a93a63ec7..232279701e 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -136,7 +136,7 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. -**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should setup the proxy via Windows Proxy Settings or the Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/en-us/windows/deployment/update/delivery-optimization-proxy). Most content downloaded via Delivery Optimization leverages Byte Range requests. Make sure your proxy allows Byte Range Requests. See [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update) for details. +**What are the requirements if I use a proxy?**: For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](https://docs.microsoft.com/windows/deployment/update/delivery-optimization-proxy). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](https://support.microsoft.com/help/3175743/proxy-requirements-for-windows-update). **What hostnames should I allow through my firewall to support Delivery Optimization?**: From 40ef166bc2ef7df36b84e1a1d883bd51079b57c3 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 12 Oct 2020 11:40:59 -0700 Subject: [PATCH 23/24] updating tag --- windows/deployment/update/waas-configure-wufb.md | 2 +- windows/deployment/update/waas-delivery-optimization.md | 2 +- windows/deployment/update/waas-integrate-wufb.md | 2 +- .../update/waas-servicing-strategy-windows-10-updates.md | 2 +- windows/deployment/update/waas-wufb-group-policy.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md index 727ec90959..68b9bc63f3 100644 --- a/windows/deployment/update/waas-configure-wufb.md +++ b/windows/deployment/update/waas-configure-wufb.md @@ -5,7 +5,7 @@ manager: laurawi description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. ms.prod: w10 ms.mktglfcycl: deploy -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy audience: itpro author: jaimeo ms.localizationpriority: medium diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 77c469b79d..5c622d9fe5 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -11,7 +11,7 @@ ms.localizationpriority: medium ms.author: jaimeo ms.collection: - M365-modern-desktop -- M365initiative-coredeploy +- m365initiative-coredeploy ms.topic: article --- diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 2dc3cc3ff3..f473a704b2 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy manager: laurawi ms.topic: article --- diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index 1ee1fa50de..737657aea5 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -9,7 +9,7 @@ ms.author: jaimeo ms.reviewer: manager: laurawi ms.topic: article -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy --- # Prepare servicing strategy for Windows 10 updates diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 6f780e8656..5c22b5cd47 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage author: jaimeo ms.localizationpriority: medium ms.author: jaimeo -ms.collection: M365initiative-coredeploy +ms.collection: m365initiative-coredeploy manager: laurawi ms.topic: article --- From 5267e5d4a3ba8e807f493fda1e1c976fddeddf13 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 12 Oct 2020 11:52:02 -0700 Subject: [PATCH 24/24] revising metadata --- .../microsoft-defender-atp/android-configure.md | 2 +- .../threat-protection/microsoft-defender-atp/android-intune.md | 2 +- .../microsoft-defender-atp/android-support-signin.md | 2 +- .../microsoft-defender-atp/auto-investigation-action-center.md | 2 +- .../microsoft-defender-atp/automated-investigations.md | 2 +- .../microsoft-defender-atp/behavioral-blocking-containment.md | 2 +- .../microsoft-defender-atp/client-behavioral-blocking.md | 2 +- .../configure-microsoft-threat-experts.md | 2 +- .../microsoft-defender-atp/configure-proxy-internet.md | 2 +- .../microsoft-defender-atp/edr-in-block-mode.md | 2 +- .../endpoint-detection-response-mac-preview.md | 2 +- .../microsoft-defender-atp/investigate-alerts.md | 2 +- .../microsoft-defender-atp/investigate-behind-proxy.md | 2 +- .../microsoft-defender-atp/investigate-domain.md | 2 +- .../microsoft-defender-atp/investigate-files.md | 2 +- .../microsoft-defender-atp/investigate-incidents.md | 2 +- .../threat-protection/microsoft-defender-atp/investigate-ip.md | 2 +- .../microsoft-defender-atp/investigate-machines.md | 2 +- .../microsoft-defender-atp/investigate-user.md | 2 +- .../threat-protection/microsoft-defender-atp/investigation.md | 2 +- .../microsoft-defender-atp/ios-configure-features.md | 2 +- .../threat-protection/microsoft-defender-atp/ios-install.md | 2 +- .../microsoft-defender-atp/ios-privacy-statement.md | 2 +- .../threat-protection/microsoft-defender-atp/ios-terms.md | 2 +- .../microsoft-defender-atp/linux-exclusions.md | 2 +- .../microsoft-defender-atp/linux-install-manually.md | 2 +- .../microsoft-defender-atp/linux-install-with-ansible.md | 2 +- .../microsoft-defender-atp/linux-install-with-puppet.md | 2 +- .../microsoft-defender-atp/linux-preferences.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-pua.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-resources.md | 2 +- .../microsoft-defender-atp/linux-static-proxy-configuration.md | 2 +- .../microsoft-defender-atp/linux-support-connectivity.md | 2 +- .../microsoft-defender-atp/linux-support-install.md | 2 +- .../microsoft-defender-atp/linux-support-perf.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-updates.md | 2 +- .../threat-protection/microsoft-defender-atp/linux-whatsnew.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-exclusions.md | 2 +- .../microsoft-defender-atp/mac-install-jamfpro-login.md | 2 +- .../microsoft-defender-atp/mac-install-manually.md | 2 +- .../microsoft-defender-atp/mac-install-with-intune.md | 2 +- .../microsoft-defender-atp/mac-install-with-jamf.md | 2 +- .../microsoft-defender-atp/mac-install-with-other-mdm.md | 2 +- .../microsoft-defender-atp/mac-jamfpro-device-groups.md | 2 +- .../microsoft-defender-atp/mac-jamfpro-enroll-devices.md | 2 +- .../microsoft-defender-atp/mac-jamfpro-policies.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-preferences.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-privacy.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-pua.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-resources.md | 2 +- .../microsoft-defender-atp/mac-schedule-scan-atp.md | 2 +- .../microsoft-defender-atp/mac-support-install.md | 2 +- .../microsoft-defender-atp/mac-support-kext.md | 2 +- .../microsoft-defender-atp/mac-support-license.md | 2 +- .../microsoft-defender-atp/mac-support-perf.md | 2 +- .../microsoft-defender-atp/mac-sysext-policies.md | 2 +- .../microsoft-defender-atp/mac-sysext-preview.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-updates.md | 2 +- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- .../microsoft-defender-atp/manage-auto-investigation.md | 2 +- .../threat-protection/microsoft-defender-atp/manage-edr.md | 2 +- .../microsoft-defender-atp/manage-incidents.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-android.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-ios.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- .../microsoft-defender-security-center.md | 2 +- .../microsoft-defender-atp/microsoft-threat-experts.md | 2 +- .../threat-protection/microsoft-defender-atp/preview.md | 2 +- .../threat-protection/microsoft-defender-atp/review-alerts.md | 2 +- .../microsoft-defender-atp/run-detection-test.md | 2 +- .../microsoft-defender-atp/threat-analytics.md | 2 +- .../threat-and-vuln-mgt-event-timeline.md | 2 +- .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 2 +- .../microsoft-defender-atp/tvm-dashboard-insights.md | 2 +- .../microsoft-defender-atp/tvm-exposure-score.md | 2 +- .../tvm-microsoft-secure-score-devices.md | 2 +- .../threat-protection/microsoft-defender-atp/tvm-remediation.md | 2 +- .../microsoft-defender-atp/tvm-security-recommendation.md | 2 +- .../microsoft-defender-atp/tvm-software-inventory.md | 2 +- .../microsoft-defender-atp/tvm-supported-os.md | 2 +- .../threat-protection/microsoft-defender-atp/tvm-weaknesses.md | 2 +- .../whats-new-in-microsoft-defender-atp.md | 2 +- 83 files changed, 83 insertions(+), 83 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index 23418c880c..6edfd475aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 3d0596a066..b70734bf7c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index 4c894c657b..d2d946c3fb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index b1ca5d6277..0a77813dd2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.date: 09/24/2020 diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 4d6b8f369b..ef999e9cca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -17,7 +17,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.custom: AIR diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index 1dde7195b9..8d29204276 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -17,7 +17,7 @@ ms.custom: - edr ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Behavioral blocking and containment diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index 94b228841a..52e97e1b70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -17,7 +17,7 @@ ms.custom: - edr ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Client behavioral blocking diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index b6a1734953..23f1b28355 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 8d3133a0cf..12c3637695 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md index e0044d7767..b5679d1756 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md +++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md @@ -18,7 +18,7 @@ ms.custom: ms.date: 08/21/2020 ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint --- # Endpoint detection and response (EDR) in block mode diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md index 60fa3bbb66..4d724bc3ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index 6d68413d04..1b20360ecd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 79ea086abc..37ca52cd85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 1a81d14c1a..7bd899fd9b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 3ea4a81ef3..f5c2fcb4ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index 9248b00bc1..419b64c153 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 6ad54fdad1..fb1109d764 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 0c27dfa596..5419c76996 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index 67e50c3db9..7593f22e63 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article ms.date: 04/24/2018 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index 74aab18e01..87bac34185 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -14,7 +14,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 3e1d3e88ec..abb45e662b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index 589ac8f728..be3fe61fbf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md index 18efc534bd..04c810e52c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index 8b27316acf..39f57d1213 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual hideEdit: true --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index 40e11bc1ae..8bee109c6f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index bb7ea0b659..3012e87c2c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 29d00b8682..2cc5610a4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 5329ff85b5..68fe2b6926 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 4623b9404c..e2944beb87 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index f8a1528015..58b9c14323 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 0c0540d5fd..7c779b7d9d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index 5b58e7360d..d3b7796378 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index cf4c908330..3406767afa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index 14bdaf18cd..15d0e69c78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 22da390046..8390f37105 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro mms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index 75b74c04c6..dd01c882b0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 4ee52d6643..8e290c8ff5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 7a94346bfa..3eeb408c4d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index 6f531869c4..59d65172e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index 70327e5dbc..3f720e90e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index 8a12f3b24a..91a5ea6044 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 9f1df1d2eb..b02fdd72d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index d889ac46d6..1e43a13d07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 2905fb1e88..04cb07cd04 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index d043bfc33d..ffd3980a4a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md index fb8ad38590..a56afd0ef7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md index f0e31f2f99..ec94cef29a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md index a721605327..42d1a1e3fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-privacy.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md index d2c603c8a2..266a05a30f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-pua.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index 787970e267..21653f6dc7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md index da8701705a..fdad212625 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md index 78aef5a5d7..f4a32380f3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-install.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index fb981aa16e..d369e94d36 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md index 090950a69c..a05f815303 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-license.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md index edaed64d2b..385a3fddb2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-perf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md index fc8f955180..461973a0a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md index 2f83c71bf8..86a435cc65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ROBOTS: noindex,nofollow --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md index c67b6de1e3..740aaacb77 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-updates.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index c3c24ac819..43115e4395 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md index fe448008b1..ab130cb910 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.date: 09/15/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index d60924e1fc..458c0798ce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md index aefc151c14..04dc76e4e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-incidents.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md index bcdc9ac3e3..4b4a872950 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index be494de5b9..118ea48672 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 667e35238c..ea21452763 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 5a96df370a..06899fd04e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md index 0e6a5a3770..e04a02313b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-security-center.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index fe2daca8e4..4aed901842 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index 6ec6e5ba57..4443433ac4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md index 3a52dc1d5f..55fe2974c7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md @@ -13,7 +13,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ms.date: 5/1/2020 --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md index 0aff954d23..a40530476f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-detection-test.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 0af52385dc..bdb20dff52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 1be7e019e4..86dbfb50a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Event timeline - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index ad34d33afc..77b4642f92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index 087609d893..eca2eff41e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Threat and vulnerability management dashboard insights diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index ddebda2984..1773f17654 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Exposure score - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md index 7578763d5b..59c5598a86 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Microsoft Secure Score for Devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 847425a5c6..96e22571c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Remediation activities and exceptions - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 7aa0b7c039..723a90bded 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Security recommendations - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index e3220fbd89..13d0634456 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Software inventory - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index f142e959a4..4de1a79a1e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: article --- # Supported operating systems and platforms - threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 27a8549bbe..523a9d850b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual --- # Weaknesses found by threat and vulnerability management diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index ef2b779d74..38c6bd4b37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365-initiative-defender-endpoint +- m365initiative-defender-endpoint ms.topic: conceptual ---