mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
Windows defender atp to mdatp
This commit is contained in:
Joey Caparas
parent
8d79b2fee7
commit
8fe5ccfe5c
@ -396,7 +396,7 @@
|
||||
|
||||
|
||||
|
||||
## [Troubleshoot Windows Defender ATP](troubleshoot-mdatp.md)
|
||||
## [Troubleshoot Microsoft Defender ATP](troubleshoot-mdatp.md)
|
||||
###Troubleshoot sensor state
|
||||
#### [Check sensor state](check-sensor-status.md)
|
||||
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
|
||||
|
||||
@ -19,7 +19,7 @@ ms.topic: article
|
||||
# Add or Remove Machine Tags API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Windows Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
This API adds or remove tag to a specific machine.
|
||||
|
||||
|
||||
@ -91,10 +91,10 @@ When you enable this feature, you'll be able to incorporate data from Office 365
|
||||
To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Microsoft Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
|
||||
|
||||
## Microsoft Threat Experts
|
||||
Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability, while experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it.
|
||||
Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability, while experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Microsoft Defender ATP portal's alerts dashboard and via email if you configure it.
|
||||
|
||||
>[!NOTE]
|
||||
>The Microsoft Threat Experts capability in Windows Defender ATP is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
|
||||
>The Microsoft Threat Experts capability in Microsoft Defender ATP is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
|
||||
|
||||
## Microsoft Cloud App Security
|
||||
Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Threat & Vulnerability Management in Windows Defender ATP
|
||||
title: Configure Threat & Vulnerability Management in Microsoft Defender ATP
|
||||
description: Configure your Threat & Vulnerability Management to allow security administrators and IT administrators to collaborate seamlessly to remediate issues via Microsoft intune and Microsoft System Center Configuration Manager (SCCM) integrations.
|
||||
keywords: RBAC, Threat & Vulnerability Management configuration, Threat & Vulnerability Management integrations, Microsft Intune integration with TVM, SCCM integration with TVM
|
||||
search.product: Windows 10
|
||||
@ -18,7 +18,7 @@ ms.topic: article
|
||||
---
|
||||
# Configure Threat & Vulnerability Management
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Windows Defender Advanced Threat Protection Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ You'll need to know the exact Linux distros and macOS versions that are compatib
|
||||
You'll need to take the following steps to onboard non-Windows machines:
|
||||
1. Select your preferred method of onboarding:
|
||||
|
||||
- For macOS devices, you can choose to onboard through Windows Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac).
|
||||
- For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac).
|
||||
- For other non-Windows devices choose **Onboard non-Windows machines through third-party integration**.
|
||||
|
||||
1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
|
||||
@ -54,7 +54,7 @@ You'll need to take the following steps to onboard non-Windows machines:
|
||||
|
||||
## Offboard non-Windows machines
|
||||
|
||||
1. Follow the third-party's documentation to disconnect the third-party solution from Windows Defender ATP.
|
||||
1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender ATP.
|
||||
|
||||
2. Remove permissions for the third-party solution in your Azure AD tenant.
|
||||
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||
|
||||
@ -126,7 +126,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
|
||||
**Threat intelligence details**
|
||||
|
||||
- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you please send me a link?
|
||||
- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Windows Defender ATP provides against this threat actor?
|
||||
- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor?
|
||||
|
||||
**Microsoft Threat Experts’ alert communications**
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ Information collected includes file data (such as file names, sizes, and hashes)
|
||||
|
||||
Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
|
||||
|
||||
This data enables Windows Defender ATP to:
|
||||
This data enables Microsoft Defender ATP to:
|
||||
- Proactively identify indicators of attack (IOAs) in your organization
|
||||
- Generate alerts if a possible attack was detected
|
||||
- Provide your security operations with a view into machines, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
|
||||
|
||||
@ -28,7 +28,7 @@ Get MachineAction collection API supports [OData V4 queries](https://www.odata.o
|
||||
|
||||
The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
|
||||
|
||||
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -20,9 +20,9 @@ ms.topic: article
|
||||
# Manage indicators
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Windows Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
|
||||
|
||||
Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Configure Microsoft Cloud App Security in Windows Defender ATP
|
||||
# Configure Microsoft Cloud App Security in Microsoft Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@ ms.topic: conceptual
|
||||
ms.date: 10/18/2018
|
||||
---
|
||||
|
||||
# Microsoft Cloud App Security in Windows Defender ATP overview
|
||||
# Microsoft Cloud App Security in Microsoft Defender ATP overview
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Onboard machines without Internet access to Windows Defender ATP
|
||||
description: Onboard machines without Internet access so that they can send sensor data to the Windows Defender ATP sensor
|
||||
title: Onboard machines without Internet access to Microsoft Defender ATP
|
||||
description: Onboard machines without Internet access so that they can send sensor data to the Microsoft Defender ATP sensor
|
||||
keywords: onboard, servers, vm, on-premise, oms gateway, log analytics, azure log analytics, mma
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
@ -17,10 +17,10 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Onboard machines without Internet access to Windows Defender ATP
|
||||
# Onboard machines without Internet access to Microsoft Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Windows Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
To onboard machines without Internet access, you'll need to take the following general steps:
|
||||
|
||||
@ -47,6 +47,6 @@ To onboard machines without Internet access, you'll need to take the following g
|
||||
|
||||
- Azure Security Center (ASC)
|
||||
- [Security Policy \> Log Analytics Workspace](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
|
||||
- [Threat Detection \> Allow Windows Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
|
||||
- [Threat Detection \> Allow Microsoft Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
|
||||
|
||||
For more information, see [Working with security policies](https://docs.microsoft.com/azure/security-center/tutorial-security-policy).
|
||||
@ -32,7 +32,7 @@ Topic | Description
|
||||
[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
|
||||
[Configure Secure score dashboard security controls](secure-score-dashboard.md) | Configure the security controls in Secure score to increase the security posture of your organization.
|
||||
[Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
|
||||
Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Windows Defender ATP.
|
||||
Configure Microsoft Threat Protection integration| Configure other solutions that integrate with Microsoft Defender ATP.
|
||||
Management and API support| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports.
|
||||
[Configure Microsoft Defender Security Center settings](preferences-setup.md) | Configure portal related settings such as general settings, advanced features, enable the preview experience and others.
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: conceptual
|
||||
# Partner applications in Microsoft Defender ATP
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Microsoft Defender ATP supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.
|
||||
|
||||
@ -52,14 +52,14 @@ Information protection is an integral part of Microsoft 365 Enterprise suite, pr
|
||||
>[!NOTE]
|
||||
>Partially available from Windows 10, version 1809.
|
||||
|
||||
- [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md) <BR> Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines.
|
||||
- [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md) <BR> Microsoft Cloud App Security leverages Microsoft Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender ATP monitored machines.
|
||||
|
||||
>[!NOTE]
|
||||
>Available from Windows 10, version 1809 or later.
|
||||
|
||||
- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) <BR> Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines.
|
||||
- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints#windows-server-version-1803-and-windows-server-2019) <BR> Microsoft Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines.
|
||||
|
||||
- [Power BI reports using Windows Defender ATP data](powerbi-reports.md) <br>
|
||||
Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.
|
||||
- [Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) <br>
|
||||
Microsoft Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal.
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)
|
||||
|
||||
@ -33,7 +33,7 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
- [Threat protection reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)<BR>The threat protection report provides high-level information about alerts generated in your organization.
|
||||
|
||||
|
||||
- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
|
||||
- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)<BR> Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.
|
||||
|
||||
- [Indicators](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/ti-indicator) <BR> APIs for indicators are now generally available.
|
||||
|
||||
@ -44,14 +44,14 @@ For more information preview features, see [Preview features](https://docs.micro
|
||||
## April 2019
|
||||
- [Microsoft Threat Experts Targeted Attack Notification capability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts#targeted-attack-notification) <BR> Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
|
||||
|
||||
- [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use-apis) <BR> Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities.
|
||||
- [Microsoft Defender ATP API](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use-apis) <BR> Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities.
|
||||
|
||||
|
||||
|
||||
## February 2019
|
||||
- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Windows Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.
|
||||
- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue) <BR> Incident is a new entity in Microsoft Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.
|
||||
|
||||
- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor.
|
||||
- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)<BR> Onboard supported versions of Windows machines so that they can send sensor data to the Microsoft Defender ATP sensor.
|
||||
|
||||
|
||||
## October 2018
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user