deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

put in Windows Defender Advanced Threat Protection (Windows Defender ATP) in Applies to

Browse Source
This commit is contained in:
Joey Caparas
2016-05-11 14:10:42 +10:00
parent 31f8151991
commit 8ae23a3694
18 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
View File

@ -14,6 +14,7 @@ author: mjcaparas
**Applies to**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>

3
windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
View File

@ -14,10 +14,11 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
As a security operations team member, you can manage Windows Defender Advanced Threat Protection alerts as part of your routine activities. Alerts will appear in the respective queues according to their current status.
As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in the respective queues according to their current status.
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.

1
windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
View File

@ -15,6 +15,7 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>

3
windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
View File

@ -13,6 +13,7 @@ ms.sitesec: library
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -21,7 +22,7 @@ The **Dashboard** displays a snapshot of:
- The latest active alerts on your network
- Machines reporting
- Top machines with active alerts
- The overall status of Windows Defender Advanced Threat Protection for the past 30 days
- The overall status of Windows Defender ATP for the past 30 days
- Machines with active malware detections
You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.

2
windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
View File

@ -13,7 +13,7 @@ ms.sitesec: library
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>

3
windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
View File

@ -13,10 +13,11 @@ ms.sitesec: library
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Alerts in Windows Defender Advanced Threat Protection indicate possible security breaches on endpoints in your organization.
Alerts in Windows Defender ATP indicate possible security breaches on endpoints in your organization.
There are three alert severity levels, described in the following table.

15
windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
View File

@ -1,8 +1,8 @@
---
title: Investigate Windows Defender Advanced Threat Protection domains
description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
keywords: investigate domain, domain, malicious domain, windows defender atp, alert
search.product: eADQiWindows 10XVcnh
keywords: investigate domain, domain, malicious domain, windows defender atp, alert
search.product: eADQiWindows 10XVcnh
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
@ -13,10 +13,11 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
You can see information from the following sections in the URL view:
@ -27,14 +28,14 @@ You can see information from the following sections in the URL view:
The URL address details section shows attributes of the URL such as its contacts and nameservers.
The **URL in organization** section provides details on the prevalence of the URL in the organization.
The **URL in organization** section provides details on the prevalence of the URL in the organization.
The **Communication with URL in organization** section provides a chronological view on the events and associated alerts that were observed on the URL.
**Investigate a domain:**
1. Select **URL** from the **Search bar** drop-down menu.
2. Enter the URL in the **Search** field.
1. Select **URL** from the **Search bar** drop-down menu.
2. Enter the URL in the **Search** field.
3. Click the search icon or press **Enter**. Details about the URL are displayed. Note: search results will only be returned for URLs observed in communications from machines in the organization.
4. Use the search filters to define the search criteria. You can also use the timeline search box to filter the displayed results of all machines in the organization observed communicating with the URL, the file associated with the communication and the last date observed.
5. Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
@ -46,4 +47,4 @@ The **Communication with URL in organization** section provides a chronological
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)

3
windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
View File

@ -13,6 +13,7 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -58,7 +59,7 @@ Results of deep analysis are matched against threat intelligence and any matches
Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender Advanced Threat Protection backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
> **Note**&nbsp;&nbsp;Only files from Windows 10 can be automatically collected.

17
windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
View File

@ -2,7 +2,7 @@
title: Investigate Windows Defender Advanced Threat Protection IP address
description: Use the investigation options to examine possible communication between machines and external IP addresses.
keywords: investigate, investigation, IP address, alert, windows defender atp
search.product: eADQiWindows 10XVcnh
search.product: eADQiWindows 10XVcnh
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
@ -13,6 +13,7 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -29,23 +30,23 @@ You can information from the following sections in the IP address view:
The IP address details section shows attributes of the IP address such as its ASN and its reverse IPs.
The **IP in organization** section provides details on the prevalence of the IP address in the organization.
The **IP in organization** section provides details on the prevalence of the IP address in the organization.
The **Communication with IP in organization** section provides a chronological view on the events and associated alerts that were observed on the IP address.
The **Communication with IP in organization** section provides a chronological view on the events and associated alerts that were observed on the IP address.
**Investigate an external IP:**
1. Select **IP** from the **Search bar** drop-down menu.
2. Enter the IP address in the **Search** field.
3. Click the search icon or press **Enter**.
2. Enter the IP address in the **Search** field.
3. Click the search icon or press **Enter**.
Details about the IP address are displayed, including: registration details (if available), reverse IPs (for example, domains), prevalence of machines in the organization that communicated with this IP Address (during selectable time period), and the machines in the organization that were observed communicating with this IP address.
Details about the IP address are displayed, including: registration details (if available), reverse IPs (for example, domains), prevalence of machines in the organization that communicated with this IP Address (during selectable time period), and the machines in the organization that were observed communicating with this IP address.
> **Note**&nbsp;&nbsp;Search results will only be returned for IP addresses observed in communication with machines in the organization.
Use the search filters to define the search criteria. You can also use the timeline search box to filter the displayed results of all machines in the organization observed communicating with the IP address, the file associated with the communication and the last date observed.
Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
Clicking any of the machine names will take you to that machine's view, where you can continue investigate reported alerts, behaviors, and events.
## Related topics
- [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
@ -54,4 +55,4 @@ Clicking any of the machine names will take you to that machine's view, where yo
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)

3
windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
View File

@ -14,6 +14,7 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -88,7 +89,7 @@ When you investigate a specific machine, you'll see:
- **Alerts related to this machine**
- **Machine timeline**
The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender Advanced Threat Protection service.
The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender ATP service.
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date that the alert was detected, a short description of the alert, the alert's severity, the alert's threat category, and the alert's status in the queue.

3
windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
View File

@ -13,10 +13,11 @@ ms.sitesec: library
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Windows Defender Advanced Threat Protection notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
Windows Defender ATP notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts) topic for more details on how to investigate alerts.

3
windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -14,10 +14,11 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You can monitor the onboarding of the Windows Defender Advanced Threat Protection service to ensure your endpoints are correctly configured and are sending telemetry reports.
You can monitor the onboarding of the Windows Defender ATP service to ensure your endpoints are correctly configured and are sending telemetry reports.
You might need to monitor the onboarding if the package did not configure the registry correctly, or the reporting client did not start or execute correctly.

5
windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
View File

@ -14,10 +14,11 @@ author: iaanw
**Applies to:**
- Windows 10 TAP program
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You need to onboard to Windows Defender Advanced Threat Protection before you can use the service.
You need to onboard to Windows Defender ATP before you can use the service.
<!--There are two stages to onboarding:
@ -30,7 +31,7 @@ You need to onboard to Windows Defender Advanced Threat Protection before you ca
<!--[Service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md) | Learn about managing user access to the Windows Defender ATP portal by assigning users to the Windows Defender ATP service application in Azure Active Directory (AAD).-->
## In this section
Topic | Description
Topic | Description
:---|:---
[Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn how you can use the configuration package to configure endpoints in your enterprise.
[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.

3
windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
View File

@ -14,11 +14,12 @@ author: DulceMV
**Applies to:**
- Windows 10 Insider Preview
Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
Enterprise security teams can use the Windows Defender Advanced Threat Protection portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
- View, sort, and triage alerts from your endpoints

3
windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -15,10 +15,11 @@ author: mjcaparas
- Windows 10 Insider Preview
- Azure Active Directory
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You have to assign users to the Windows Defender Advanced Threat Protection Service application in Azure Active Directory (AAD) before they can access the portal.
You have to assign users to the Windows Defender ATP Service application in Azure Active Directory (AAD) before they can access the portal.
**Manage user access to the Windows Defender ATP portal**:

3
windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
View File

@ -14,6 +14,7 @@ author: DulceMV
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -24,7 +25,7 @@ The aspect of time is important in the assessment and analysis of perceived and
Cyberforensic investigations often rely on time stamps to piece together the sequence of events. Its important that your system reflects the correct time zone settings.
Windows Defender Advanced Threat Protection can display either Coordinated Universal Time (UTC) or local time.
Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time.
Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Settings** menu ![Settings icon](images/settings.png).

1
windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
View File

@ -13,6 +13,7 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>

3
windows/keep-secure/use-windows-defender-advanced-threat-protection.md
View File

@ -14,6 +14,7 @@ author: mjcaparas
**Applies to:**
- Windows 10 Insider Preview
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
@ -26,7 +27,7 @@ A typical security breach investigation requires a member of a security operatio
![Flowchart describing the four stages of investigation](images/overview.png)
Security operation teams can use Windows Defender Advanced Threat Protection portal to carry out this end-to-end process without having to leave the portal.
Security operation teams can use Windows Defender ATP portal to carry out this end-to-end process without having to leave the portal.
Teams can monitor the overall status of enterprise endpoints from the **Dashboard**, gain insight on the various alerts, their category, when they were observed, and how long theyve been in the network at a glance.