diff --git a/windows/security/threat-protection/intelligence/criteria.md b/windows/security/threat-protection/intelligence/criteria.md index 869519e673..0c75b48120 100644 --- a/windows/security/threat-protection/intelligence/criteria.md +++ b/windows/security/threat-protection/intelligence/criteria.md @@ -172,7 +172,7 @@ Microsoft uses specific categories and the category definitions to classify soft * **Advertising software:** Software that displays advertisements or promotions, or prompts you to complete surveys for other products or services in software other than itself. This includes software that inserts advertisements to webpages. -* **Torrent software:** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies. +* **Torrent software (Enterprise only):** Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies. * **Cryptomining software:** Software that uses your device resources to mine cryptocurrencies. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md index 49091cb89b..54c891a786 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-extension-file-exclusions-microsoft-defender-antivirus.md @@ -31,6 +31,8 @@ ms.technology: mde You can exclude certain files from Microsoft Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Microsoft Defender Antivirus includes many automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations. +**Note**: Exclusions apply to Potentially Unwanted Apps (PUA) detections as well. + > [!NOTE] > Automatic exclusions apply only to Windows Server 2016 and above. These exclusions are not visible in the Windows Security app and in PowerShell. diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md index f56820cf7f..eedb6be8ae 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus.md @@ -151,7 +151,7 @@ Setting the value for this cmdlet to `Disabled` turns the feature off if it has See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus. -### View PUA events +## View PUA events PUA events are reported in the Windows Event Viewer, but not in Microsoft Endpoint Manager or in Intune. You can also use the `Get-MpThreat` cmdlet to view threats that Microsoft Defender Antivirus handled. Here's an example: @@ -174,11 +174,11 @@ You can turn on email notifications to receive mail about PUA detections. See [Troubleshoot event IDs](troubleshoot-microsoft-defender-antivirus.md) for details on viewing Microsoft Defender Antivirus events. PUA events are recorded under event ID **1160**. -### Allow-listing apps +## Excluding files -Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. +Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be added to an exclusion list. -For more information, see [Recommended antivirus exclusions for Configuration Manager site servers, site systems, and clients](https://docs.microsoft.com/troubleshoot/mem/configmgr/recommended-antivirus-exclusions#exclusions). +For more information, see [Configure and validate exclusions based on file extension and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). ## See also diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/images/mde-turn-tamperprotect-on.png b/windows/security/threat-protection/microsoft-defender-antivirus/images/mde-turn-tamperprotect-on.png new file mode 100644 index 0000000000..f7fa41a4ac Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-antivirus/images/mde-turn-tamperprotect-on.png differ diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md index a4354b5403..e7286a1d8b 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md @@ -14,7 +14,7 @@ audience: ITPro author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 01/07/2021 +ms.date: 02/16/2021 ms.technology: mde --- @@ -27,10 +27,12 @@ ms.technology: mde - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) -Tamper protection is available on devices running the following versions of Windows: - +Tamper protection is available for devices that are running one of the following versions of Windows: + - Windows 10 -- Windows Server 2016 and 2019 (if using tenant attach with [Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006)) +- Windows Server 2019 +- Windows Server, version 1803 or later +- Windows Server 2016 ## Overview @@ -49,76 +51,67 @@ With tamper protection, malicious apps are prevented from taking actions such as Tamper protection essentially locks Microsoft Defender Antivirus and prevents your security settings from being changed through apps and methods such as: -- Configuring settings in Registry Editor on your Windows machine +- Configuring settings in Registry Editor on your Windows device - Changing settings through PowerShell cmdlets - Editing or removing security settings through group policies -Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; tamper protection is managed by your security team. +Tamper protection doesn't prevent you from viewing your security settings. And, tamper protection doesn't affect how third-party antivirus apps register with the Windows Security app. If your organization is using Windows 10 Enterprise E5, individual users can't change the tamper protection setting; in those cases, tamper protection is managed by your security team. ### What do you want to do? -1. Turn tamper protection on
- - [For an individual machine, use Windows Security](#turn-tamper-protection-on-or-off-for-an-individual-machine). - - [For your organization, use Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune). - - [Use tenant attach with Configuration Manager, version 2006, for devices running Windows 10 or Windows Server 2019](#manage-tamper-protection-with-configuration-manager-version-2006) +| To perform this task... | See this section... | +|:---|:---| +| Turn tamper protection on (or off) for an individual device | [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device) | +| Turn tamper protection on (or off) for all or part of your organization with Intune

Fine-tune tamper protection settings in your organization | [Manage tamper protection for your organization using Intune](#manage-tamper-protection-for-your-organization-using-intune) | +| Turn tamper protection on (or off) for your organization with Configuration Manager | [Manage tamper protection for your organization with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) | +| Turn tamper protection on in the Microsoft Defender Security Center

Manage tamper protection across your tenant | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) | +| View details about tampering attempts on devices | [View information about tampering attempts](#view-information-about-tampering-attempts) | +| Review your security recommendations | [Review security recommendations](#review-your-security-recommendations) | +| Review the list of frequently asked questions (FAQs) | [Browse the FAQs](#view-information-about-tampering-attempts) | -2. [View information about tampering attempts](#view-information-about-tampering-attempts). - -3. [Review your security recommendations](#review-your-security-recommendations). - -4. [Browse the frequently asked questions](#view-information-about-tampering-attempts). - -## Turn tamper protection on (or off) for an individual machine +## Manage tamper protection on an individual device > [!NOTE] > Tamper protection blocks attempts to modify Microsoft Defender Antivirus settings through the registry. > > To help ensure that tamper protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. (See [Security intelligence updates](https://www.microsoft.com/wdsi/definitions).) > -> Once you’ve made this update, tamper protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors. +> Once you’ve made this update, tamper protection continues to protect your registry settings, and logs attempts to modify them without returning errors. -If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to turn tamper protection on or off. You must have appropriate admin permissions on your machine to do change security settings, such as tamper protection. +If you are a home user, or you are not subject to settings managed by a security team, you can use the Windows Security app to manage tamper protection. You must have appropriate admin permissions on your device to do change security settings, such as tamper protection. -1. Click **Start**, and start typing *Security*. In the search results, select **Windows Security**. +Here's what you see in the Windows Security app: +![Tamper protection turned on in Windows 10 Home](images/tamperprotectionturnedon.png) + +1. Select **Start**, and start typing *Security*. In the search results, select **Windows Security**. 2. Select **Virus & threat protection** > **Virus & threat protection settings**. - 3. Set **Tamper Protection** to **On** or **Off**. - Here's what you see in the Windows Security app: +## Manage tamper protection for your organization using Intune - ![Tamper protection turned on in Windows 10 Home](images/tamperprotectionturnedon.png) +If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal. Use Intune when you want to fine-tune tamper protection settings. For example, if you want to enable tamper protection on some devices, but not all, use Intune. -## Turn tamper protection on (or off) for your organization using Intune +### Requirements for managing tamper protection in Intune -If you are part of your organization's security team, and your subscription includes [Intune](https://docs.microsoft.com/intune/fundamentals/what-is-intune), you can turn tamper protection on (or off) for your organization in the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) portal. +- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations. +- Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.) +- Your Windows devices must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).) +- You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). +- Your devices must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) -You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task. +### Turn tamper protection on (or off) in Intune -1. Make sure your organization meets all of the following requirements to use Intune to manage tamper protection: - - - Your organization uses [Intune to manage devices](https://docs.microsoft.com/intune/fundamentals/what-is-device-management). ([Intune licenses](https://docs.microsoft.com/intune/fundamentals/licenses) are required; Intune is included in Microsoft 365 E5.) - - Your Windows machines must be running Windows 10 OS [1709](https://docs.microsoft.com/windows/release-health/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803), [1809](https://docs.microsoft.com/windows/release-health/status-windows-10-1809-and-windows-server-2019) or later. (For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information).) - - You must be using Windows security with [security intelligence](https://www.microsoft.com/wdsi/definitions) updated to version 1.287.60.0 (or above). - - Your machines must be using anti-malware platform version 4.18.1906.3 (or above) and anti-malware engine version 1.1.15500.X (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) - -2. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account. - -3. Select **Devices** > **Configuration Profiles**. - -4. Create a profile that includes the following settings: +![Turn tamper protection on with Intune](images/turnontamperprotect-MEM.png) +1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com) and sign in with your work or school account. +2. Select **Devices** > **Configuration Profiles**. +3. Create a profile that includes the following settings: - **Platform: Windows 10 and later** - - **Profile type: Endpoint protection** - - **Category: Microsoft Defender Security Center** - - **Tamper Protection: Enabled** - - ![Turn tamper protection on with Intune](images/turnontamperprotect-MEM.png) - -5. Assign the profile to one or more groups. +4. Assign the profile to one or more groups. ### Are you using Windows OS 1709, 1803, or 1809? @@ -127,38 +120,60 @@ If you are using Windows 10 OS [1709](https://docs.microsoft.com/windows/release #### Use PowerShell to determine whether tamper protection is turned on 1. Open the Windows PowerShell app. - 2. Use the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) PowerShell cmdlet. - 3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.) -## Manage tamper protection with Configuration Manager, version 2006 +## Manage tamper protection for your organization with Configuration Manager, version 2006 > [!IMPORTANT] > The procedure can be used to extend tamper protection to devices running Windows 10 and Windows Server 2019. Make sure to review the prerequisites and other information in the resources mentioned in this procedure. -If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver your endpoint security configuration policies to your on-premises collections & devices. +If you're using [version 2006 of Configuration Manager](https://docs.microsoft.com/mem/configmgr/core/plan-design/changes/whats-new-in-version-2006), you can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. Tenant attach enables you to sync your on-premises-only Configuration Manager devices into the Microsoft Endpoint Manager admin center, and then deliver endpoint security configuration policies to on-premises collections & devices. + +![Windows security experience in Endpoint Manager](images/win-security- exp-policy-endpt-security.png) 1. Set up tenant attach. See [Microsoft Endpoint Manager tenant attach: Device sync and device actions](https://docs.microsoft.com/mem/configmgr/tenant-attach/device-sync-actions). - 2. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Antivirus**, and choose **+ Create Policy**.
- - In the **Platform** list, select **Windows 10 and Windows Server (ConfigMgr)**. - - In the **Profile** list, select **Windows Security experience (preview)**.
- - The following screenshot illustrates how to create your policy: - - :::image type="content" source="images/win-security- exp-policy-endpt-security.png" alt-text="Windows security experience in Endpoint Manager"::: - 3. Deploy the policy to your device collection. -Need help? See the following resources: +### Need help with this? + +See the following resources: - [Settings for the Windows Security experience profile in Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/antivirus-security-experience-windows-settings) - - [Tech Community Blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) +## Manage tamper protection for your organization using the Microsoft Defender Security Center + +Currently in preview, tamper protection can be turned on or off in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind: + +- When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use Intune or the tenant attach method. +- When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006). +- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center. +- Tamper protection is generally available; however, the ability to manage tamper protection in the Microsoft Defender Security Center is currently in preview. + +### Requirements for managing tamper protection in the Microsoft Defender Security Center + +- You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations. +- Your Windows devices must be running one of the following versions of Windows: + - Windows 10 + - [Windows Server 2019](/windows-server/get-started-19/whats-new-19) + - Windows Server, version [1803](https://docs.microsoft.com/windows/release-health/status-windows-10-1803) or later + - [Windows Server 2016](/windows-server/get-started/whats-new-in-windows-server-2016) + - For more information about releases, see [Windows 10 release information](https://docs.microsoft.com/windows/release-health/release-information). +- Your devices must be [onboarded to Microsoft Defender for Endpoint](../microsoft-defender-atp/onboarding.md). +- Your devices must be using anti-malware platform version 4.18.2010.7 (or above) and anti-malware engine version 1.1.17600.5 (or above). ([Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).) +- [Cloud-delivered protection must be turned on](enable-cloud-protection-microsoft-defender-antivirus.md). + +### Turn tamper protection on (or off) in the Microsoft Defender Security Center + +![Turn tamper protection on in the Microsoft Defender Security Center](images/mde-turn-tamperprotect-on.png) + +1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. +2. Choose **Settings**. +3. Go to **General** > **Advanced features**, and then turn tamper protection on. ## View information about tampering attempts @@ -200,13 +215,13 @@ Devices that are onboarded to Microsoft Defender for Endpoint will have Microsof ### How can I turn tamper protection on/off? -If you are a home user, see [Turn tamper protection on (or off) for an individual machine](#turn-tamper-protection-on-or-off-for-an-individual-machine). +If you are a home user, see [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device). If you are an organization using [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp), you should be able to manage tamper protection in Intune similar to how you manage other endpoint protection features. See the following sections of this article: -- [Turn tamper protection on (or off) for your organization using Intune](#turn-tamper-protection-on-or-off-for-your-organization-using-intune) - -- [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) +- [Manage tamper protection using Intune](#manage-tamper-protection-for-your-organization-using-intune) +- [Manage tamper protection using Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) +- [Manage tamper protection using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) (currently in preview) ### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy? @@ -218,7 +233,9 @@ Configuring tamper protection in Intune or Microsoft Endpoint Manager can be tar ### Can I configure Tamper Protection in Microsoft Endpoint Configuration Manager? -If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See [Manage tamper protection with Configuration Manager, version 2006](#manage-tamper-protection-with-configuration-manager-version-2006) and [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin). +If you are using tenant attach, you can use Microsoft Endpoint Configuration Manager. See the following resources: +- [Manage tamper protection for your organization with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) +- [Tech Community blog: Announcing Tamper Protection for Configuration Manager Tenant Attach clients](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/announcing-tamper-protection-for-configuration-manager-tenant/ba-p/1700246#.X3QLR5Ziqq8.linkedin) ### I have the Windows E3 enrollment. Can I use configuring tamper protection in Intune? @@ -240,7 +257,7 @@ If a device is off-boarded from Microsoft Defender for Endpoint, tamper protecti Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securitycenter.microsoft.com) under **Alerts**. -In addition, your security operations team can use hunting queries, such as the following example: +Your security operations team can also use hunting queries, such as the following example: `DeviceAlertEvents | where Title == "Tamper Protection bypass"` @@ -248,8 +265,6 @@ In addition, your security operations team can use hunting queries, such as the ## See also -[Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) - -[Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) - -[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) +- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/intune/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune) +- [Get an overview of Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) +- [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md index c635331c7b..f5c2868d55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md @@ -25,10 +25,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) ## Overview diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md index 103ed6ab7a..71162e7251 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md +++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md @@ -23,9 +23,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md index b7fdee5e13..e492aea556 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md +++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md @@ -25,10 +25,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) ## Overview diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md index 1ff9f0d001..3e7ccee247 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md +++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md @@ -21,8 +21,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md index c0c401ff5c..60e31e7900 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender for Endpoint APIs. -* Note that in addition to the error code, every error response contains an error message which can help resolving the problem. +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) + +* The table below shows the error codes that may be returned by an operation from the Microsoft Defender for Endpoint APIs. +* In addition to the error code, every error response contains an error message that can help describe the problem. * Note that the message is a free text that can be changed. -* At the bottom of the page you can find response examples. +* At the bottom of the page, you can find response examples. Error code |HTTP status code |Message :---|:---|:--- @@ -46,14 +48,14 @@ DisabledFeature | Forbidden (403) | Tenant feature is not enabled. DisallowedOperation | Forbidden (403) | {the disallowed operation and the reason}. NotFound | Not Found (404) | General Not Found error message. ResourceNotFound | Not Found (404) | Resource {the requested resource} was not found. -InternalServerError | Internal Server Error (500) | (No error message, try retry the operation or contact us if it does not resolved) +InternalServerError | Internal Server Error (500) | (No error message, retry the operation) TooManyRequests | Too Many Requests (429) | Response will represent reaching quota limit either by number of requests or by CPU. ## Body parameters are case-sensitive The submitted body parameters are currently case-sensitive.
If you experience an **InvalidRequestBody** or **MissingRequiredParameter** errors, it might be caused from a wrong parameter capital or lower-case letter. -
We recommend that you go to the requested API documentation page and check that the submitted parameters match the relevant example. +
Review the API documentation page and check that the submitted parameters match the relevant example. ## Correlation request ID diff --git a/windows/security/threat-protection/microsoft-defender-atp/community.md b/windows/security/threat-protection/microsoft-defender-atp/community.md index c38f71682a..e8debb489b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/community.md +++ b/windows/security/threat-protection/microsoft-defender-atp/community.md @@ -1,6 +1,6 @@ --- -title: Access the Microsoft Defender ATP Community Center -description: Access the Microsoft Defender ATP Community Center to share experiences, engange, and learn about the product. +title: Access the Microsoft Defender for Endpoint Community Center +description: Access the Microsoft Defender ATP Community Center to share experiences, engage, and learn about the product. keywords: community, community center, tech community, conversation, announcements search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -24,11 +24,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) The Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product. diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md index 8222bee9d9..93ea0017f4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md @@ -22,11 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md index df34c2cfe1..45279a411f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md @@ -1,5 +1,5 @@ --- -title: Configure Micro Focus ArcSight to pull Microsoft Defender ATP detections +title: Configure Micro Focus ArcSight to pull Microsoft Defender for Endpoint detections description: Configure Micro Focus ArcSight to receive and pull detections from Microsoft Defender Security Center keywords: configure Micro Focus ArcSight, security information and events management tools, arcsight search.product: eADQiWindows 10XVcnh @@ -22,11 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md index 3db29d7045..767a807717 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md @@ -1,6 +1,6 @@ --- title: Configure attack surface reduction -description: Use Microsoft Intune, Microsoft Endpoint Configuration Manager, Powershell cmdlets, and Group Policy to configure attack surface reduction. +description: Use Microsoft Intune, Microsoft Endpoint Configuration Manager, PowerShell cmdlets, and Group Policy to configure attack surface reduction. keywords: asr, attack surface reduction, windows defender, microsoft defender, antivirus, av search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -22,6 +22,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) You can configure attack surface reduction with a number of tools, including: diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md index 1f196772bd..e77d4f82c5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md @@ -22,9 +22,13 @@ ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs # Configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint -**Applies to** +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Defender for Endpoint), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md index e294b0d8a5..2fe50d0988 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md @@ -23,7 +23,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) This section guides you through all the steps you need to take to properly implement Conditional Access. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md index ded8ef06d9..904b50ea79 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md @@ -22,10 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index 7f4bbd4a62..166d6e77a5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -23,22 +23,18 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - Group Policy - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - - - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) > [!NOTE] > To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. - +> > For Windows Server 2019, you may need to replace NT AUTHORITY\Well-Known-System-Account with NT AUTHORITY\SYSTEM of the XML file that the Group Policy preference creates. ## Onboard devices using Group Policy @@ -52,13 +48,13 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ 1. Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): - a. In the navigation pane, select **Settings** > **Onboarding**. + 1. In the navigation pane, select **Settings** > **Onboarding**. - b. Select Windows 10 as the operating system. + 1. Select Windows 10 as the operating system. - c. In the **Deployment method** field, select **Group policy**. + 1. In the **Deployment method** field, select **Group policy**. - d. Click **Download package** and save the .zip file. + 1. Click **Download package** and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*. @@ -88,16 +84,16 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa 1. On your GP management device, copy the following files from the configuration package: - a. Copy _AtpConfiguration.admx_ into _C:\\Windows\\PolicyDefinitions_ + - Copy _AtpConfiguration.admx_ into _C:\\Windows\\PolicyDefinitions_ - b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ + - Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the configuration package: - a. Copy _AtpConfiguration.admx_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions_ + - Copy _AtpConfiguration.admx_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions_ - b. Copy _AtpConfiguration.adml_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions\\en-US_ + - Copy _AtpConfiguration.adml_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions\\en-US_ 2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**. @@ -127,6 +123,7 @@ Policy | Setting :---|:--- Enable\Disable Sample collection| Enabled - "Enable sample collection on machines" checked +
**Policy location:** \Windows Components\Windows Defender Antivirus @@ -134,6 +131,8 @@ Policy | Setting :---|:--- Configure detection for potentially unwanted applications | Enabled, Block +
+ **Policy location:** \Windows Components\Windows Defender Antivirus\MAPS Policy | Setting @@ -141,6 +140,8 @@ Policy | Setting Join Microsoft MAPS | Enabled, Advanced MAPS Send file samples when further analysis is required | Enabled, Send safe samples +
+ **Policy location:** \Windows Components\Windows Defender Antivirus\Real-time Protection Policy | Setting @@ -150,6 +151,7 @@ Turn on behavior monitoring|Enabled Scan all downloaded files and attachments|Enabled Monitor file and program activity on your computer|Enabled +
**Policy location:** \Windows Components\Windows Defender Antivirus\Scan @@ -160,19 +162,23 @@ Policy | Setting Check for the latest virus and spyware security intelligence before running a scheduled scan |Enabled +
**Policy location:** \Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction Get the current list of attack surface reduction GUIDs from [Customize attack surface reduction rules](customize-attack-surface-reduction.md) 1. Open the **Configure Attack Surface Reduction** policy. -2. Select **Enabled**. -3. Select the **Show…** button. -4. Add each GUID in the **Value Name** field with a Value of 2. -This will set each up for audit only. +1. Select **Enabled**. -![Image of attack surface reduction configuration](images/asr-guid.png) +1. Select the **Show** button. + +1. Add each GUID in the **Value Name** field with a Value of 2. + + This will set each up for audit only. + + ![Image of attack surface reduction configuration](images/asr-guid.png) @@ -190,13 +196,13 @@ For security reasons, the package used to Offboard devices will expire 30 days a 1. Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): - a. In the navigation pane, select **Settings** > **Offboarding**. + 1. In the navigation pane, select **Settings** > **Offboarding**. - b. Select Windows 10 as the operating system. + 1. Select Windows 10 as the operating system. - c. In the **Deployment method** field, select **Group policy**. + 1. In the **Deployment method** field, select **Group policy**. - d. Click **Download package** and save the .zip file. + 1. Click **Download package** and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. @@ -222,6 +228,7 @@ For security reasons, the package used to Offboard devices will expire 30 days a With Group Policy there isn’t an option to monitor deployment of policies on the devices. Monitoring can be done directly on the portal, or by using the different deployment tools. ## Monitor devices using the portal + 1. Go to [Microsoft Defender Security Center](https://securitycenter.windows.com/). 2. Click **Devices list**. 3. Verify that devices are appearing. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md index fa54228453..603253f4a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md @@ -22,11 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink) @@ -69,20 +67,20 @@ For security reasons, the package used to Offboard devices will expire 30 days a 1. Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): - a. In the navigation pane, select **Settings** > **Offboarding**. + 1. In the navigation pane, select **Settings** > **Offboarding**. - b. Select Windows 10 as the operating system. + 1. Select Windows 10 as the operating system. - c. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**. + 1. In the **Deployment method** field, select **Mobile Device Management / Microsoft Intune**. - d. Click **Download package**, and save the .zip file. + 1. Click **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*. 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. - OMA-URI: ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding - Date type: String + OMA-URI: ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding
+ Date type: String
Value: [Copy and paste the value from the content of the WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding file] For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune). diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md index f294e61abc..595a2aec82 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md @@ -27,7 +27,8 @@ ms.technology: mde - macOS - Linux -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md index 20a91dac4c..4d619ca79e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md @@ -23,11 +23,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- Microsoft Endpoint Manager current branch +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +- Microsoft Endpoint Configuration Manager current branch - System Center 2012 R2 Configuration Manager >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) @@ -58,7 +58,6 @@ Starting in Configuration Manager version 2002, you can onboard the following op ### Onboard devices using System Center Configuration Manager - [![Image of the PDF showing the various deployment paths](images/onboard-config-mgr.png)](images/onboard-config-mgr.png#lightbox) @@ -68,13 +67,13 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ 1. Open the Configuration Manager configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): - a. In the navigation pane, select **Settings** > **Onboarding**. + 1. In the navigation pane, select **Settings** > **Onboarding**. - b. Select Windows 10 as the operating system. + 1. Select Windows 10 as the operating system. - c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**. + 1. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**. - d. Select **Download package**, and save the .zip file. + 1. Select **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*. @@ -108,11 +107,12 @@ This rule should be a *remediating* compliance rule configuration item that sets The configuration is set through the following registry key entry: -``` -Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection” +```console +Path: "HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection" Name: "AllowSampleCollection" Value: 0 or 1 ``` + Where:
Key type is a D-WORD.
Possible values are: @@ -176,13 +176,13 @@ If you use Microsoft Endpoint Manager current branch, see [Create an offboarding 1. Get the offboarding package from [Microsoft Defender Security Center](https://securitycenter.windows.com/): - a. In the navigation pane, select **Settings** > **Offboarding**. + 1. In the navigation pane, select **Settings** > **Offboarding**. - b. Select Windows 10 as the operating system. + 1. Select Windows 10 as the operating system. - c. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**. + 1. In the **Deployment method** field, select **System Center Configuration Manager 2012/2012 R2/1511/1602**. - d. Select **Download package**, and save the .zip file. + 1. Select **Download package**, and save the .zip file. 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*. @@ -225,11 +225,13 @@ You can set a compliance rule for configuration item in System Center 2012 R2 Co This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted devices. Monitor the following registry key entry: + +```console +Path: "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status" +Name: "OnboardingState" +Value: "1" ``` -Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status” -Name: “OnboardingState” -Value: “1” -``` + For more information, see [Introduction to compliance settings in System Center 2012 R2 Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/gg682139\(v=technet.10\)). ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md index 647e8a9281..6c32573e4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md @@ -22,13 +22,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** - - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - - +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index bd29f01bd5..766b0d8fcf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -23,12 +23,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Virtual desktop infrastructure (VDI) devices - Windows 10, Windows Server 2019, Windows Server 2008R2/2012R2/2016 - >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink) ## Onboard non-persistent virtual desktop infrastructure (VDI) devices diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md index fe24027108..85c75d3828 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md @@ -22,13 +22,13 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) + Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization. The following deployment tools and methods are supported: diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md index ee85dd307b..6b6afc49f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md @@ -22,10 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink). diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index c4a097c931..76815e7245 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -22,9 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index c801fe5195..f85e803452 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -22,9 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index bbfac451bc..3bd54ed230 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -22,9 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint ](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index 7c149c51f5..08de267337 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -26,8 +26,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) ## Before you begin > [!NOTE] diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md index 85af41af47..6f4f12e78a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md @@ -22,10 +22,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md index 37eaf566e9..09106fbd64 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md @@ -1,6 +1,6 @@ --- title: Configure managed security service provider support -description: Take the necessary steps to configure the MSSP integration with the Microsoft Defender ATP +description: Take the necessary steps to configure the MSSP integration with the Microsoft Defender for Endpoint keywords: managed security service provider, mssp, configure, integration search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -22,14 +22,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) - [!include[Prerelease information](../../includes/prerelease.md)] You'll need to take the following configuration steps to enable the managed security service provider (MSSP) integration. diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 78039bd903..87dd461c37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -17,7 +17,9 @@ manager: dansimp audience: ITPro ms.collection: - m365-security-compliance -- m365initiative-defender-endpoint +- m365initiative-defender-endpoint +- m365solution-scenario +- m365scenario-fpfn ms.topic: conceptual ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs, yonghree, jcedola ms.custom: FPFN @@ -135,7 +137,8 @@ When you're done reviewing and undoing actions that were taken as a result of fa ### Remove a file from quarantine across multiple devices -![Quarantine file](images/autoir-quarantine-file-1.png) +> [!div class="mx-imgBorder"] +> ![Quarantine file](images/autoir-quarantine-file-1.png) 1. Go to the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and sign in. 2. On the **History** tab, select a file that has the Action type **Quarantine file**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md index c7d82788c7..aa0fc830ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-files-info.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Microsoft Defender for Endpoint? [Sign up for free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md index c62d36c89d..25ea5e8fcf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-ip-info.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md index a0485d008e..38461117ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-machine-info.md @@ -22,9 +22,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index 2708e84be2..fb06d75de7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index 07f3aae5d2..20bd761327 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md index 456656b810..21b2e1ebd9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -21,15 +21,17 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - [!include[Prerelease information](../../includes/prerelease.md)] Retrieves a list of all security recommendations affecting the organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md index 72c6195f02..0bb2f8a653 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities-by-machines.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md index 55c2d01d2b..1acf21401e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -21,15 +21,16 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - [!include[Prerelease information](../../includes/prerelease.md)] Retrieves a list of all the vulnerabilities affecting the organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md index 1baec0d097..2fe3ae2a8b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md @@ -23,10 +23,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 18b2837244..fc18d97935 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -21,6 +21,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index 59a269f290..54078f8925 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md index 62dffb96cc..ef3ed4e1f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md index b257482b07..14b95f8007 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index 17be9a45d5..a8aa5990dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index e07ce4dc5e..2d3c69d629 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index c71b44884e..ee1527e69b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index ebeac705a2..e3a89eb1f0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index 048d31d35e..08b55799cc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index 16f6b98f78..cc1e435b61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index d5ff87526d..45f23bcd3e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -21,14 +21,17 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] + [!include[Prerelease information](../../includes/prerelease.md)] Retrieves a collection of installed software related to a given device ID. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md index e9fd39976f..108d89871f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-collection.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md index 773f54b58f..561c68ac0b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-investigation-object.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md index 2bc674a875..8c6690d917 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-related-alerts.md @@ -21,16 +21,16 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - ## API description Retrieves a collection of alerts related to a given IP address. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md index e8e4fe2132..c3c0b129df 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md @@ -21,24 +21,22 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - ## API description Retrieves the statistics for the given IP. - ## Limitations 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. - ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md index 74c7f29a11..a2bdfc279e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-kbinfo-collection.md @@ -23,10 +23,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md index 9acff3afe1..782f1f620c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-alerts.md @@ -21,16 +21,17 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - ## API description Retrieves a collection of alerts related to a given user ID. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index 04bbd93d8e..e726dab081 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -21,16 +21,17 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - ## API description Retrieves a collection of devices related to a given user ID. diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md index 588fa99206..a8bf3252ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -21,10 +21,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] @@ -58,7 +59,7 @@ GET /api/Software/{Id}/vulnerabilities Empty ## Response -If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software. +If successful, this method returns 200 OK with a list of vulnerabilities exposed by the specified software. ## Example diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md index 517c99859f..5b09a4bb67 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -1,5 +1,5 @@ --- -title: Get vulnerability by Id +title: Get vulnerability by ID description: Retrieves vulnerability information by its ID. keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api search.product: eADQiWindows 10XVcnh @@ -21,15 +21,17 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - [!include[Prerelease information](../../includes/prerelease.md)] Retrieves vulnerability information by its ID. diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index ccfd7fdd9b..e30f0defb0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -20,11 +20,12 @@ ms.technology: mde # Microsoft Defender for Endpoint for US Government customers -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering. > [!NOTE] > If you are a GCC customer using Defender for Endpoint in Commercial, please refer to the public documentation pages. diff --git a/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md b/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md index 0101dd3fe8..5a2af69aab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/grant-mssp-access.md @@ -22,10 +22,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink) @@ -101,7 +101,8 @@ To implement a multi-tenant delegated access solution, take the following steps: - Can only be requested by users in the MSSP SOC Tenant - Access auto expires after 365 days - ![Image of new access package](images/new-access-package.png) + > [!div class="mx-imgBorder"] + > ![Image of new access package](images/new-access-package.png) For more information, see [Create a new access package](https://docs.microsoft.com/azure/active-directory/governance/entitlement-management-access-package-create). @@ -110,8 +111,8 @@ To implement a multi-tenant delegated access solution, take the following steps: The My Access portal link is used by MSSP SOC analysts to request access via the access packages created. The link is durable, meaning the same link may be used over time for new analysts. The analyst request goes into a queue for approval by the **MSSP Analyst Approvers**. - - ![Image of access properties](images/access-properties.png) + > [!div class="mx-imgBorder"] + > ![Image of access properties](images/access-properties.png) The link is located on the overview page of each access package. diff --git a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md index b2fb42afb7..e2f8bfd7a6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/helpful-resources.md @@ -24,7 +24,10 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Access helpful resources such as links to blogs and other resources related to Microsoft Defender for Endpoint. diff --git a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md index 73079133a0..e14a1a1440 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md +++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md @@ -22,8 +22,11 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -* [Microsoft Defender for Endpoint](microsoft-defender-advanced-threat-protection.md) Exploit protection helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level. diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md index 3711493fda..9cb3e7fef1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md @@ -25,7 +25,8 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md index 46c19bd5c4..ed32a99990 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md @@ -25,7 +25,9 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md index 2512b46e9a..6bd26e04a7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-ip-domain.md @@ -23,9 +23,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md index 6e182cb95e..946eeb3008 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md @@ -25,7 +25,8 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md index f7fd7a6bf7..baef9c8ecb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-in-windows-overview.md @@ -22,10 +22,13 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + [!include[Prerelease information](../../includes/prerelease.md)] @@ -83,7 +86,7 @@ Data discovery based on Defender for Endpoint is also available in [Azure Log An For more information on Azure Information Protection analytics, see [Central reporting for Azure Information Protection](https://docs.microsoft.com/azure/information-protection/reports-aip). -Open Azure Log Analytics in Azure Portal and open a query builder (standard or classic). +Open Azure Log Analytics in Azure portal and open a query builder (standard or classic). To view Defender for Endpoint data, perform a query that contains: diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md index 3cdcebc8a2..e3d8274f25 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -21,10 +21,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) A typical advanced persistent threat lifecycle involves data exfiltration. In a security incident, it's important to have the ability to prioritize investigations where sensitive files may be jeopardy so that corporate data and information are protected. diff --git a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md index 452f3f477c..f36d4f2fd7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/initiate-autoir-investigation.md @@ -16,15 +16,16 @@ ms.collection: M365-security-compliance ms.topic: article ms.technology: mde --- - # Start Investigation API [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] @@ -84,7 +85,7 @@ If successful, this method returns 201 - Created response code and [Investigatio Here is an example of the request. -```http +```https POST https://api.securitycenter.microsoft.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/startInvestigation ``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md index a4ecbd4a80..e1191dde6c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-alerts.md @@ -25,12 +25,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index c9eaca6d3f..40b569b13d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -24,12 +24,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - ->Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) Defender for Endpoint supports network connection monitoring from different levels of the network stack. A challenging case is when the network uses a forward proxy as a gateway to the Internet. diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md index 40b0549518..72a0bfbd88 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-domain.md @@ -26,11 +26,8 @@ ms.technology: mde **Applies to:** - - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - - +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md index 79beac66e4..de2db9a059 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md @@ -25,10 +25,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md index a89b45f1d6..04c380c532 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-incidents.md @@ -24,9 +24,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Investigate incidents that affect your network, understand what they mean, and collate evidence to resolve them. @@ -42,7 +42,7 @@ When you investigate an incident, you'll see: ## Analyze incident details Click an incident to see the **Incident pane**. Select **Open incident page** to see the incident details and related information (alerts, devices, investigations, evidence, graph). -![Image of incident details](images/atp-incident-details.png) +![Image of incident details1](images/atp-incident-details.png) ### Alerts You can investigate the alerts and see how they were linked together in an incident. @@ -85,7 +85,7 @@ The **Graph** tells the story of the cybersecurity attack. For example, it shows You can click the circles on the incident graph to view the details of the malicious files, associated file detections, how many instances have there been worldwide, whether it’s been observed in your organization, if so, how many instances. -![Image of incident details](images/atp-incident-graph-details.png) +![Image of incident details2](images/atp-incident-graph-details.png) ## Related topics - [Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md index 8f5372442e..408450f834 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-ip.md @@ -27,8 +27,9 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 91e8851fb0..dbe3c86cce 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -26,8 +26,8 @@ ms.technology: mde **Applies to:** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatemachines-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md index bce39eac15..d1db196189 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-user.md @@ -24,10 +24,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatgeuser-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigation.md b/windows/security/threat-protection/microsoft-defender-atp/investigation.md index d3f3c68d78..5db24608de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigation.md @@ -23,16 +23,16 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] - Represent an Automated Investigation entity in Defender for Endpoint.
See [Overview of automated investigations](automated-investigations.md) for more information. @@ -50,7 +50,7 @@ Property | Type | Description id | String | Identity of the investigation entity. startTime | DateTime Nullable | The date and time when the investigation was created. endTime | DateTime Nullable | The date and time when the investigation was completed. -cancelledBy | String | The ID of the user/application that cancelled that investigation. +cancelledBy | String | The ID of the user/application that canceled that investigation. investigationState | Enum | The current state of the investigation. Possible values are: 'Unknown', 'Terminated', 'SuccessfullyRemediated', 'Benign', 'Failed', 'PartiallyRemediated', 'Running', 'PendingApproval', 'PendingResource', 'PartiallyInvestigated', 'TerminatedByUser', 'TerminatedBySystem', 'Queued', 'InnerFailure', 'PreexistingAlert', 'UnsupportedOs', 'UnsupportedAlertType', 'SuppressedAlert'. statusDetails | String | Additional information about the state of the investigation. machineId | String | The ID of the device on which the investigation is executed. diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md index 00fc73300c..0aa8395536 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-configure-features.md @@ -25,6 +25,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + > [!NOTE] > Defender for Endpoint for iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md index c58faa8d2e..d3614e3095 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-install.md @@ -25,6 +25,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) + This topic describes deploying Defender for Endpoint for iOS on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll iOS/iPadOS devices in Intune](https://docs.microsoft.com/mem/intune/enrollment/ios-enroll). ## Before you begin @@ -45,7 +51,7 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. 1. In [Microsoft Endpoint manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apps** -> **iOS/iPadOS** -> **Add** -> **iOS store app** and click **Select**. > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-1.png) + > ![Image of Microsoft Endpoint Manager Admin Center1](images/ios-deploy-1.png) 1. On the Add app page, click on **Search the App Store** and type **Microsoft Defender ATP** in the search bar. In the search results section, click on *Microsoft Defender ATP* and click **Select**. @@ -57,14 +63,14 @@ Deploy Defender for Endpoint for iOS via Intune Company Portal. > The selected user group should consist of Intune enrolled users. > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-2.png) + > ![Image of Microsoft Endpoint Manager Admin Center2](images/ios-deploy-2.png) 1. In the *Review + Create* section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app should be created successfully, and a notification should show up at the top-right corner of the page. 1. In the app information page that is displayed, in the **Monitor** section, select **Device install status** to verify that the device installation has completed successfully. > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-3.png) + > ![Image of Microsoft Endpoint Manager Admin Center3](images/ios-deploy-3.png) ## Complete onboarding and check status @@ -88,13 +94,13 @@ The Microsoft Defender for Endpoint for iOS app has specialized ability on super Intune allows you to configure the Defender for iOS app through an App Configuration policy. - > [!NOTE] - > This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice. + > [!NOTE] + > This app configuration policy for supervised devices is applicable only to managed devices and should be targeted for all managed iOS devices as a best practice. 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Apps** > **App configuration policies** > **Add**. Click on **Managed devices**. > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-4.png) + > ![Image of Microsoft Endpoint Manager Admin Center4](images/ios-deploy-4.png) 1. In the *Create app configuration policy* page, provide the following information: - Policy Name @@ -102,7 +108,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura - Targeted app: Select **Microsoft Defender ATP** from the list > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-5.png) + > ![Image of Microsoft Endpoint Manager Admin Center5](images/ios-deploy-5.png) 1. In the next screen, select **Use configuration designer** as the format. Specify the following property: - Configuration Key: issupervised @@ -110,7 +116,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura - Configuration Value: {{issupervised}} > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-6.png) + > ![Image of Microsoft Endpoint Manager Admin Center6](images/ios-deploy-6.png) 1. Click **Next** to open the **Scope tags** page. Scope tags are optional. Click **Next** to continue. @@ -127,7 +133,7 @@ Intune allows you to configure the Defender for iOS app through an App Configura - Navigate to **Devices** -> **iOS/iPadOS** -> **Configuration profiles** -> **Create Profile** > [!div class="mx-imgBorder"] - ![Image of Microsoft Endpoint Manager Admin Center](images/ios-deploy-7.png) + > ![Image of Microsoft Endpoint Manager Admin Center7](images/ios-deploy-7.png) - Provide a name of the profile. When prompted to import a Configuration profile file, select the one downloaded above. - In the **Assignment** section, select the device group to which you want to apply this profile. As a best practice, this should be applied to all managed iOS devices. Click **Next**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md index 8bea026e5d..489a76edb4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-privacy.md @@ -24,8 +24,10 @@ ms.technology: mde # Privacy information - Microsoft Defender for Endpoint for iOS **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](microsoft-defender-atp-ios.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) > [!NOTE] > Defender for Endpoint for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.** diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index 40b1c4b949..a8a4b7a434 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -22,9 +22,12 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index 34da9afb03..a2fcd856c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -26,8 +26,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 46594777a2..e017a9cca2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article describes how to deploy Microsoft Defender for Endpoint for Linux manually. A successful deployment requires the completion of all of the following tasks: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index b0ac68a9e6..8b54e3a8a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article describes how to deploy Defender for Endpoint for Linux using Ansible. A successful deployment requires the completion of all of the following tasks: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 157fa13b36..f3363b34dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article describes how to deploy Defender for Endpoint for Linux using Puppet. A successful deployment requires the completion of all of the following tasks: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index c745a4803c..7da256d6f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) >[!IMPORTANT] >This topic contains instructions for how to set preferences for Defender for Endpoint for Linux in enterprise environments. If you are interested in configuring the product on a device from the command-line, see [Resources](linux-resources.md#configure-from-the-command-line). diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md index f389dd572e..e8f59927aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-privacy.md @@ -22,10 +22,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Defender for Endpoint for Linux. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md index 7062258108..cd239ed756 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-pua.md @@ -26,8 +26,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) The potentially unwanted application (PUA) protection feature in Defender for Endpoint for Linux can detect and block PUA files on endpoints in your network. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md index 19ac941547..0fcf1d929e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-resources.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) ## Collect diagnostic information diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index 7aa2cb9dbe..9f54cc52f1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Microsoft Defender ATP can discover a proxy server using the ```HTTPS_PROXY``` environment variable. This setting must be configured **both** at installation time and after the product has been installed. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 2567347f46..87430c9333 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -26,8 +26,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) ## Run the connectivity test diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md index f9e2cf4acd..1ed0260fb6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md @@ -26,8 +26,10 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) ## Verify if installation succeeded diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 483084d117..9c286456bd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -25,8 +25,9 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article provides some general steps that can be used to narrow down performance issues related to Defender for Endpoint for Linux. @@ -34,7 +35,7 @@ Real-time protection (RTP) is a feature of Defender for Endpoint for Linux that Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Defender for Endpoint for Linux. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Defender for Endpoint for Linux. -Before starting, **please make sure that other security products are not currenly running on the device**. Multilpe security products may conflict and impact the host performance. +Before starting, **please make sure that other security products are not currently running on the device**. Multiple security products may conflict and impact the host performance. The following steps can be used to troubleshoot and mitigate these issues: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md index 336214e71b..f2f2749165 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-updates.md @@ -27,8 +27,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md index 2da23f201a..92ac9ef16f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response-command-examples.md @@ -24,8 +24,10 @@ ms.technology: mde **Applies to:** -- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Learn about common commands used in live response and see examples on how they are typically used. @@ -108,7 +110,7 @@ getfile c:\Users\user\Desktop\work.txt -auto > * Empty files > * Virtual files, or files that are not fully present locally > -> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/). +> These file types **are** supported by [PowerShell](/powershell/scripting/overview?view=powershell-6/?&preserve-view=true). > > Use PowerShell as an alternative, if you have problems using this command from within Live Response. diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index e0a810cd9c..cf0e1e7fd8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -22,11 +22,13 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) + Live response gives security operations teams instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats—in real time. Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 818558bc99..1e866f42d9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -26,8 +26,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md index bc0711a28e..8989813e71 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -24,22 +24,23 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) 1. Enter your credentials. - ![Image of Jamf Pro dashboard](images/jamf-pro-portal1.png) + ![Image of Jamf Pro dashboard1](images/jamf-pro-portal1.png) 2. Select **Computers**. - ![Image of Jamf Pro dashboard](images/jamf-pro-dashboard.png) + ![Image of Jamf Pro dashboard2](images/jamf-pro-dashboard.png) 3. You will see the settings that are available. - ![Image of Jamf Pro dashboard](images/jamfpro-settings.png) + ![Image of Jamf Pro dashboard3](images/jamfpro-settings.png) ## Next step diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md index 375f715a8e..515ed636df 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-manually.md @@ -24,10 +24,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for macOS](microsoft-defender-atp-mac.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) This topic describes how to deploy Microsoft Defender for Endpoint for macOS manually. A successful deployment requires the completion of all of the following steps: - [Download installation and onboarding packages](#download-installation-and-onboarding-packages) @@ -58,16 +59,16 @@ To complete this process, you must have admin privileges on the device. 1. Navigate to the downloaded wdav.pkg in Finder and open it. - ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-28-AppInstall.png) + ![App install screenshot1](../microsoft-defender-antivirus/images/MDATP-28-AppInstall.png) 2. Select **Continue**, agree with the License terms, and enter the password when prompted. - ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-29-AppInstallLogin.png) + ![App install screenshot2](../microsoft-defender-antivirus/images/MDATP-29-AppInstallLogin.png) > [!IMPORTANT] > You will be prompted to allow a driver from Microsoft to be installed (either "System Extension Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed. - ![App install screenshot](../microsoft-defender-antivirus/images/MDATP-30-SystemExtension.png) + ![App install screenshot3](../microsoft-defender-antivirus/images/MDATP-30-SystemExtension.png) 3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**: @@ -87,7 +88,7 @@ To complete this process, you must have admin privileges on the device. 1. Navigate to the downloaded wdav.pkg in Finder and open it. - ![App install screenshot](images/big-sur-install-1.png) + ![App install screenshot4](images/big-sur-install-1.png) 2. Select **Continue**, agree with the License terms, and enter the password when prompted. @@ -97,13 +98,13 @@ To complete this process, you must have admin privileges on the device. 4. From the **Security & Privacy** window, select **Allow**. - ![System extension security preferences](images/big-sur-install-3.png) + ![System extension security preferences1](images/big-sur-install-3.png) 5. Repeat steps 3 & 4 for all system extensions distributed with Microsoft Defender for Endpoint for Mac. 6. As part of the Endpoint Detection and Response capabilities, Microsoft Defender for Endpoint for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. When prompted to grant Microsoft Defender for Endpoint permissions to filter network traffic, select **Allow**. - ![System extension security preferences](images/big-sur-install-4.png) + ![System extension security preferences2](images/big-sur-install-4.png) 7. Open **System Preferences** > **Security & Privacy** and navigate to the **Privacy** tab. Grant **Full Disk Access** permission to **Microsoft Defender ATP** and **Microsoft Defender ATP Endpoint Security Extension**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 45e4130495..9ca979d54b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -26,15 +26,17 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) +>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Learn how to deploy Microsoft Defender for Endpoint for macOS with Jamf Pro. > [!NOTE] > If you are using macOS Catalina (10.15.4) or newer versions of macOS, see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies). -This is a multi step process. You'll need to complete all of the following steps: +This is a multistep process. You'll need to complete all of the following steps: - [Login to the Jamf Portal](mac-install-jamfpro-login.md) - [Setup the Microsoft Defender for Endpoint for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index e1befe8407..1138236d4b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -26,8 +26,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) ## Prerequisites and system requirements @@ -96,7 +98,7 @@ Grant Full Disk Access to the following components: - Identifier Type: Bundle ID - Code Requirement: identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate leaf[subject.OU] = UBF8T346G9 -- Microsoft Defender for Endpoint Endpoint Security Extension +- Microsoft Defender for Endpoint Security Extension - Identifier: `com.microsoft.wdav.epsext` - Identifier Type: Bundle ID - Code Requirement: identifier "com.microsoft.wdav.epsext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md index 73dc882a2c..d6c2b96c1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -24,10 +24,11 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) Set up the device groups similar to Group policy organizational unite (OUs), Microsoft Endpoint Configuration Manager's device collection, and Intune's device groups. @@ -35,15 +36,15 @@ Set up the device groups similar to Group policy organizational unite (OUs), Mi 2. Select **New**. - ![Image of Jamf Pro](images/jamf-pro-static-group.png) + ![Image of Jamf Pro1](images/jamf-pro-static-group.png) 3. Provide a display name and select **Save**. - ![Image of Jamf Pro](images/jamfpro-machine-group.png) + ![Image of Jamf Pro2](images/jamfpro-machine-group.png) 4. Now you will see the **Contoso's Machine Group** under **Static Computer Groups**. - ![Image of Jamf Pro](images/contoso-machine-group.png) + ![Image of Jamf Pro3](images/contoso-machine-group.png) ## Next step - [Set up Microsoft Defender for Endpoint for macOS policies in Jamf Pro](mac-jamfpro-policies.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md index ab77dc10cc..584cf1782d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -26,8 +26,10 @@ ms.technology: mde **Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- [Microsoft Defender for Endpoint for Mac](microsoft-defender-atp-mac.md) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigateip-abovefoldlink) ## Enroll macOS devices @@ -45,7 +47,7 @@ For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c 1. In the Jamf Pro dashboard, navigate to **Enrollment invitations**. - ![Image of configuration settings](images/a347307458d6a9bbfa88df7dbe15398f.png) + ![Image of configuration settings1](images/a347307458d6a9bbfa88df7dbe15398f.png) 2. Select **+ New**. @@ -53,29 +55,29 @@ For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c 3. In **Specify Recipients for the Invitation** > under **Email Addresses** enter the e-mail address(es) of the recipients. - ![Image of configuration settings](images/718b9d609f9f77c8b13ba88c4c0abe5d.png) + ![Image of configuration settings2](images/718b9d609f9f77c8b13ba88c4c0abe5d.png) - ![Image of configuration settings](images/ae3597247b6bc7c5347cf56ab1e820c0.png) + ![Image of configuration settings3](images/ae3597247b6bc7c5347cf56ab1e820c0.png) For example: janedoe@contoso.com - ![Image of configuration settings](images/4922c0fcdde4c7f73242b13bf5e35c19.png) + ![Image of configuration settings4](images/4922c0fcdde4c7f73242b13bf5e35c19.png) 4. Configure the message for the invitation. - ![Image of configuration settings](images/ce580aec080512d44a37ff8e82e5c2ac.png) + ![Image of configuration settings5](images/ce580aec080512d44a37ff8e82e5c2ac.png) - ![Image of configuration settings](images/5856b765a6ce677caacb130ca36b1a62.png) + ![Image of configuration settings6](images/5856b765a6ce677caacb130ca36b1a62.png) - ![Image of configuration settings](images/3ced5383a6be788486d89d407d042f28.png) + ![Image of configuration settings7](images/3ced5383a6be788486d89d407d042f28.png) - ![Image of configuration settings](images/54be9c6ed5b24cebe628dc3cd9ca4089.png) + ![Image of configuration settings8](images/54be9c6ed5b24cebe628dc3cd9ca4089.png) ## Enrollment Method 2: Prestage Enrollments 1. In the Jamf Pro dashboard, navigate to **Prestage enrollments**. - ![Image of configuration settings](images/6fd0cb2bbb0e60a623829c91fd0826ab.png) + ![Image of configuration settings9](images/6fd0cb2bbb0e60a623829c91fd0826ab.png) 2. Follow the instructions in [Computer PreStage Enrollments](https://docs.jamf.com/9.9/casper-suite/administrator-guide/Computer_PreStage_Enrollments.html). @@ -83,24 +85,24 @@ For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/c 1. Select **Continue** and install the CA certificate from a **System Preferences** window. - ![Image of Jamf Pro enrollment](images/jamfpro-ca-certificate.png) + ![Image of Jamf Pro enrollment1](images/jamfpro-ca-certificate.png) 2. Once CA certificate is installed, return to the browser window and select **Continue** and install the MDM profile. - ![Image of Jamf Pro enrollment](images/jamfpro-install-mdm-profile.png) + ![Image of Jamf Pro enrollment2](images/jamfpro-install-mdm-profile.png) 3. Select **Allow** to downloads from JAMF. - ![Image of Jamf Pro enrollment](images/jamfpro-download.png) + ![Image of Jamf Pro enrollment3](images/jamfpro-download.png) 4. Select **Continue** to proceed with the MDM Profile installation. - ![Image of Jamf Pro enrollment](images/jamfpro-install-mdm.png) + ![Image of Jamf Pro enrollment4](images/jamfpro-install-mdm.png) 5. Select **Continue** to install the MDM Profile. - ![Image of Jamf Pro enrollment](images/jamfpro-mdm-unverified.png) + ![Image of Jamf Pro enrollment5](images/jamfpro-mdm-unverified.png) 6. Select **Continue** to complete the configuration. - ![Image of Jamf Pro enrollment](images/jamfpro-mdm-profile.png) + ![Image of Jamf Pro enrollment6](images/jamfpro-mdm-profile.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md index 217dcdf4ea..d053e3cc3d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-edr.md @@ -2,7 +2,6 @@ title: Manage endpoint detection and response capabilities description: Manage endpoint detection and response capabilities ms.reviewer: -description: Manage endpoint detection and response capabilities keywords: search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md index a1de0acb00..93f29b113b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios.md @@ -45,6 +45,7 @@ iOS devices along with other platforms. - Device(s) are [enrolled](https://docs.microsoft.com/mem/intune/user-help/enroll-your-device-in-intune-ios) via the Intune Company Portal app to enforce Intune device compliance policies. This requires the end user to be assigned a Microsoft Intune license. - Intune Company Portal app can be downloaded from the [Apple App Store](https://apps.apple.com/us/app/intune-company-portal/id719171358). + - Note that Apple does not allow redirecting users to download other apps from the app store and hence this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app. - For more information on how to assign licenses, see [Assign licenses to users](https://docs.microsoft.com/azure/active-directory/users-groups-roles/licensing-groups-assign). diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index a22485ff25..dbac12f064 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -24,7 +24,6 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) @@ -99,7 +98,7 @@ For more information preview features, see [Preview features](https://docs.micro ## September 2019 -- [Tamper Protection settings using Intune](../microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#turn-tamper-protection-on-or-off-for-your-organization-using-intune)
You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management Portal (Intune). +- [Tamper protection settings using Intune](../microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md#manage-tamper-protection-for-your-organization-using-intune)
You can now turn Tamper Protection on (or off) for your organization in the Microsoft 365 Device Management Portal (Intune). - [Live response](live-response.md)
Get instantaneous access to a device using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real-time.