deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update threat-and-vuln-mgt-scenarios.md

Browse Source
This commit is contained in:
DulceMV 2019-04-15 14:32:06 -07:00 committed by GitHub
parent cd395e94ec
commit 8adea78546
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -9,7 +9,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: Dolcita Montemayor
author: DulceMVeluz
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
@ -72,62 +72,9 @@ To lower down your threat and vulnerability exposure:
>[!NOTE]
> Secure score is now part of Threat & Vulnerability Management as configuration score. Well keep the secure score page available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page .
## Request for remediation and monitor its progress
>[!NOTE]
> Microsoft Intune and Microsoft System Center Configuration Manager (SCCM) will be integrated with Threat & Vulnerability Management in the coming months. Upon inregration, this scenario requires that you are onboarded to Microsoft Intune or Microsoft System Center Configuration Manager (SCCM). If you are using SCCM, update your console to May version 1905.
The Threat & Vulnerability Management capability in Windows Defender ATP bridges the gap between Security and IT Administrators through the remediation request workflow.
This capability allows you, the Security Administrator, to request for the IT Administrator to remediate a vulnerability or misconfiguration via Intune and SCCM with a click of a button.
Once requested, all the recommendation context (name, affected machines, justification, threat information) will generate a new security task in Microsoft Intune.
To use this capability:
1. Enable your Microsoft Intune connections. Navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune** connection toggle on.
2. From the navigation menu, select the **Threat & Vulnerability Management** icon, then select **Security recommendations**. This opens up the **Security recommendations** page.
3. In the **Security recommendation** page, select what you need to remediate and then click **Remediation options** from the flyout page.
4. Select **Open a ticket in Intune**, a due date, and add optional notes for the IT Administrator. Then, click **Submit request**.
5. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment
6. View the status of the remediation request. Navigate to the **Remediation** page to view the activity progress.
## File for and manage exception
You can create exceptions for recommendations, as an alternative to requesting for remediation.
There are various reasons why organizations might want to create exceptions for a recommendation. For example, a business or production need that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides the same level of protection that the recommendation would, a false positive, among other reasons.
Exceptions can be created for both security update and configuration change recommendations.
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to Exception, and it no longer shows up in the security recommendations list
>[!NOTE]
> You will still see the recommendations under exception by applying appropriate filters.
1. Navigate to **Security recommendations** under the **Threat & Vulnerability Management** menu.
2. Click the top-most recommendation. A side panel will open with the recommendation details.
3. Click the **Create exception** button at the top of the side panel.
4. In the exception creation side panel, fill in the following details:
- **Justification** the reason for creating the exception, chosen from a drop-down list
- **Justification context** additional textual context related to the justification
- **Exception duration** the period of time during which this exception will be in effect. When the exception expires, the recommendation automatically becomes active again.
5. Click **Submit**. A confirmation message at the top of the page will indicate that the exception has been created.
6. View all your exceptions (current + past) by navigating to **Remediation** under the **Threat & Vulnerability Management** menu and clicking on the **Exceptions** tab.
7. Click the exception that you created to view the details.
8. Navigate to **Security recommendations** under the **Threat & Vulnerability Management** menu again and see that recommendation will not appear there anymore as it is currently under exception.
## Related topics
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
- [Configuration score](configuration-score.md)
- [Configure Threat & Vulnerability Management](configure-and-manage-tvm.md)