mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 19:33:37 +00:00
put in Windows Defender Advanced Threat Protection (Windows Defender ATP) in Applies to
This commit is contained in:
Joey Caparas
@ -14,6 +14,7 @@ author: mjcaparas
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|||||||
@ -14,10 +14,11 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
As a security operations team member, you can manage Windows Defender Advanced Threat Protection alerts as part of your routine activities. Alerts will appear in the respective queues according to their current status.
|
As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in the respective queues according to their current status.
|
||||||
|
|
||||||
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
|
To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
|
||||||
|
|
||||||
|
|||||||
@ -15,6 +15,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@ ms.sitesec: library
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
@ -21,7 +22,7 @@ The **Dashboard** displays a snapshot of:
|
|||||||
- The latest active alerts on your network
|
- The latest active alerts on your network
|
||||||
- Machines reporting
|
- Machines reporting
|
||||||
- Top machines with active alerts
|
- Top machines with active alerts
|
||||||
- The overall status of Windows Defender Advanced Threat Protection for the past 30 days
|
- The overall status of Windows Defender ATP for the past 30 days
|
||||||
- Machines with active malware detections
|
- Machines with active malware detections
|
||||||
|
|
||||||
You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
|
You can explore and investigate alerts and machines to quickly determine if, where, and when suspicious activities occurred in your network to help you understand the context they appeared in.
|
||||||
|
|||||||
@ -13,7 +13,7 @@ ms.sitesec: library
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
- Windows Defender Advanced Threat Protection
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|||||||
@ -13,10 +13,11 @@ ms.sitesec: library
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
Alerts in Windows Defender Advanced Threat Protection indicate possible security breaches on endpoints in your organization.
|
Alerts in Windows Defender ATP indicate possible security breaches on endpoints in your organization.
|
||||||
|
|
||||||
There are three alert severity levels, described in the following table.
|
There are three alert severity levels, described in the following table.
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
@ -58,7 +59,7 @@ Results of deep analysis are matched against threat intelligence and any matches
|
|||||||
|
|
||||||
Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
|
Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available in the context of the file view.
|
||||||
|
|
||||||
In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender Advanced Threat Protection backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
|
In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
|
||||||
|
|
||||||
> **Note** Only files from Windows 10 can be automatically collected.
|
> **Note** Only files from Windows 10 can be automatically collected.
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|||||||
@ -14,6 +14,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
@ -88,7 +89,7 @@ When you investigate a specific machine, you'll see:
|
|||||||
- **Alerts related to this machine**
|
- **Alerts related to this machine**
|
||||||
- **Machine timeline**
|
- **Machine timeline**
|
||||||
|
|
||||||
The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender Advanced Threat Protection service.
|
The machine details, IP, and reporting sections display some attributes of the machine such as its name, domain, OS, IP address, and how long it's been reporting telemetry to the Windows Defender ATP service.
|
||||||
|
|
||||||
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date that the alert was detected, a short description of the alert, the alert's severity, the alert's threat category, and the alert's status in the queue.
|
The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a simplified version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date that the alert was detected, a short description of the alert, the alert's severity, the alert's threat category, and the alert's status in the queue.
|
||||||
|
|
||||||
|
|||||||
@ -13,10 +13,11 @@ ms.sitesec: library
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
Windows Defender Advanced Threat Protection notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
|
Windows Defender ATP notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
|
||||||
|
|
||||||
See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts) topic for more details on how to investigate alerts.
|
See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts) topic for more details on how to investigate alerts.
|
||||||
|
|
||||||
|
|||||||
@ -14,10 +14,11 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
You can monitor the onboarding of the Windows Defender Advanced Threat Protection service to ensure your endpoints are correctly configured and are sending telemetry reports.
|
You can monitor the onboarding of the Windows Defender ATP service to ensure your endpoints are correctly configured and are sending telemetry reports.
|
||||||
|
|
||||||
You might need to monitor the onboarding if the package did not configure the registry correctly, or the reporting client did not start or execute correctly.
|
You might need to monitor the onboarding if the package did not configure the registry correctly, or the reporting client did not start or execute correctly.
|
||||||
|
|
||||||
|
|||||||
@ -14,10 +14,11 @@ author: iaanw
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 TAP program
|
- Windows 10 TAP program
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
You need to onboard to Windows Defender Advanced Threat Protection before you can use the service.
|
You need to onboard to Windows Defender ATP before you can use the service.
|
||||||
|
|
||||||
<!--There are two stages to onboarding:
|
<!--There are two stages to onboarding:
|
||||||
|
|
||||||
|
|||||||
@ -14,11 +14,12 @@ author: DulceMV
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|
||||||
Enterprise security teams can use the Windows Defender Advanced Threat Protection portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
|
Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
|
||||||
|
|
||||||
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
|
You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
|
||||||
- View, sort, and triage alerts from your endpoints
|
- View, sort, and triage alerts from your endpoints
|
||||||
|
|||||||
@ -15,10 +15,11 @@ author: mjcaparas
|
|||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
- Azure Active Directory
|
- Azure Active Directory
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
You have to assign users to the Windows Defender Advanced Threat Protection Service application in Azure Active Directory (AAD) before they can access the portal.
|
You have to assign users to the Windows Defender ATP Service application in Azure Active Directory (AAD) before they can access the portal.
|
||||||
|
|
||||||
**Manage user access to the Windows Defender ATP portal**:
|
**Manage user access to the Windows Defender ATP portal**:
|
||||||
|
|
||||||
|
|||||||
@ -14,6 +14,7 @@ author: DulceMV
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
@ -24,7 +25,7 @@ The aspect of time is important in the assessment and analysis of perceived and
|
|||||||
|
|
||||||
Cyberforensic investigations often rely on time stamps to piece together the sequence of events. It’s important that your system reflects the correct time zone settings.
|
Cyberforensic investigations often rely on time stamps to piece together the sequence of events. It’s important that your system reflects the correct time zone settings.
|
||||||
|
|
||||||
Windows Defender Advanced Threat Protection can display either Coordinated Universal Time (UTC) or local time.
|
Windows Defender ATP can display either Coordinated Universal Time (UTC) or local time.
|
||||||
|
|
||||||
Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Settings** menu .
|
Your current time zone setting is shown in the Windows Defender ATP menu. You can change the displayed time zone in the **Settings** menu .
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
|
|||||||
@ -14,6 +14,7 @@ author: mjcaparas
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
|
||||||
- Windows 10 Insider Preview
|
- Windows 10 Insider Preview
|
||||||
|
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||||
|
|
||||||
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
|
||||||
|
|
||||||
@ -26,7 +27,7 @@ A typical security breach investigation requires a member of a security operatio
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Security operation teams can use Windows Defender Advanced Threat Protection portal to carry out this end-to-end process without having to leave the portal.
|
Security operation teams can use Windows Defender ATP portal to carry out this end-to-end process without having to leave the portal.
|
||||||
|
|
||||||
Teams can monitor the overall status of enterprise endpoints from the **Dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance.
|
Teams can monitor the overall status of enterprise endpoints from the **Dashboard**, gain insight on the various alerts, their category, when they were observed, and how long they’ve been in the network at a glance.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user