Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into FromPrivateRepo

2025-05-14 14:27:22 +00:00 · 2019-07-25 15:45:04 -07:00 · 2019-07-25 15:45:04 -07:00 · 950d1cccb1
commit 950d1cccb1
parent b4f7c7b374 9c81e5f45a
4 changed files with 62 additions and 138 deletions
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@ -7,8 +7,13 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: dansimp
+ms.author: dolmont
 author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
 # Threat Protection
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@ -130,7 +130,7 @@ Out of the two Microsoft Threat Expert components, targeted attack notification
 Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
 >[!NOTE]
->This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later.
+>This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
 ## Azure Information Protection
--- a/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/secure-score-dashboard.md
@ -8,12 +8,13 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: mjcaparas
+ms.author: dolmont
 author: DulceMontemayor
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
-ms.topic: article 
+ms.topic: conceptual
 ---
 # Configure the security controls in Secure score
@ -26,7 +27,7 @@ ms.topic: article
 Each security control lists recommendations that you can take to increase the security posture of your organization.
 ### Endpoint detection and response (EDR) optimization
-For an machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for your Endpoint detection and response tool.
+A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for your Endpoint detection and response tool.
 >[!IMPORTANT]
 >This feature is available for machines on Windows 10, version  1607 or later.
@ -44,18 +45,18 @@ You can take the following actions to increase the overall security score of you
 For more  information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md). 
-### Windows Defender Antivirus (Windows Defender AV) optimization
+### Microsoft Defender Antivirus (Microsoft Defender AV) optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
+A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender AV.
 >[!IMPORTANT]
 >This feature is available for machines on Windows 10, version  1607 or later. 
-#### Minimum baseline configuration setting for Windows Defender AV:
+#### Minimum baseline configuration setting for Microsoft Defender AV:
-Machines are considered "well configured" for Windows Defender AV if the following requirements are met:
+Machines are considered "well configured" for Microsoft Defender AV if the following requirements are met:
- Windows Defender AV is reporting correctly
+- Microsoft Defender AV is reporting correctly
- Windows Defender AV is turned on
+- Microsoft Defender AV is turned on
- Security intelligence is up to date
+- Security intelligence is up-to-date
 - Real-time protection is on
 - Potentially Unwanted Application (PUA) protection is enabled
@ -63,20 +64,20 @@ Machines are considered "well configured" for Windows Defender AV if the followi
 You can take the following actions to increase the overall security score of your organization:
 >[!NOTE]
-> For the Windows Defender Antivirus properties to show,  you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the machine. 
+> For the Microsoft Defender Antivirus properties to show,  you'll need to ensure that the Microsoft Defender Antivirus Cloud-based protection is properly configured on the machine. 
 - Fix antivirus reporting
-  - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
+  - This recommendation is displayed when the Microsoft Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
 - Turn on antivirus
 - Update antivirus Security intelligence 
 - Turn on real-time protection
 - Turn on PUA protection
-For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
+For more information, see [Configure Microsoft Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
 ### OS security updates optimization
-This tile shows you the exact number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
+This tile shows you the number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
 >[!IMPORTANT]
 >This feature is available for machines on Windows 10, version  1607 or later.
@ -84,20 +85,20 @@ This tile shows you the exact number of machines that require the latest securit
 You can take the following actions to increase the overall security score of your organization:
 - Install the latest security updates
 - Fix sensor data collection
-  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/help/4027322/windows-windows-update-troubleshooter).
-### Windows Defender Exploit Guard (Windows Defender EG) optimization
+### Microsoft Defender Exploit Guard (Microsoft Defender EG) optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on machines so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Microsoft Defender ATP Machine timeline. 
+A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on machines to meet the minimum baseline configuration setting for Microsoft Defender EG. When endpoints are configured according to the baseline the Microsoft Defender EG events shows on the Microsoft Defender ATP Machine timeline. 
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1709 or later.
-#### Minimum baseline configuration setting for Windows Defender EG:
+#### Minimum baseline configuration setting for Microsoft Defender EG:
-Machines are considered "well configured" for Windows Defender EG if the following requirements are met:
+Machines are considered "well configured" for Microsoft Defender EG if the following requirements are met:
 - System level protection settings are configured correctly
 - Attack Surface Reduction rules are configured correctly
@ -147,21 +148,21 @@ You can take the following actions to increase the overall security score of you
 - Turn on all system-level Exploit Protection settings
 - Set all ASR rules to enabled or audit mode
 - Turn on Controlled Folder Access
- Turn on Windows Defender Antivirus on compatible machines
+- Turn on Microsoft Defender Antivirus on compatible machines
-For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
+For more information, see [Microsoft Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
-### Windows Defender Application Guard (Windows Defender AG) optimization
+### Microsoft Defender Application Guard (Microsoft Defender AG) optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Microsoft Defender ATP Machine timeline. 
+A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender AG. When endpoints are configured according to the baseline, Microsoft Defender AG events shows on the Microsoft Defender ATP Machine timeline. 
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1709 or later.
-#### Minimum baseline configuration setting for Windows Defender AG:
+#### Minimum baseline configuration setting for Microsoft Defender AG:
-Machines are considered "well configured" for Windows Defender AG if the following requirements are met:
+Machines are considered "well configured" for Microsoft Defender AG if the following requirements are met:
 - Hardware and software prerequisites are met
- Windows Defender AG is turned on compatible machines
+- Microsoft Defender AG is turned on compatible machines
 - Managed mode is turned on
 ##### Recommended actions:
@ -169,26 +170,26 @@ You can take the following actions to increase the overall security score of you
 - Ensure hardware and software prerequisites are met
    >[!NOTE]
-    >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Windows Defender AG. It gives an indication of a potential reason why Windows Defender AG is not turned on.
+    >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Microsoft Defender AG. It gives an indication of a potential reason why Microsoft Defender AG is not turned on.
- Turn on  Windows Defender AG on compatible machines
+- Turn on  Microsoft Defender AG on compatible machines
 - Turn on managed mode
-For more information, see [Windows Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
+For more information, see [Microsoft Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
-### Windows Defender SmartScreen optimization
+### Microsoft Defender SmartScreen optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
+A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender SmartScreen.
 >[!WARNING]
-> Data collected by Windows Defender SmartScreen might be stored and processed outside of the storage location you have selected for your Microsoft Defender ATP data.
+> Data collected by Microsoft Defender SmartScreen might be stored and processed outside of the storage location you have selected for your Microsoft Defender ATP data.
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1709 or later.
-#### Minimum baseline configuration setting for Windows Defender SmartScreen:
+#### Minimum baseline configuration setting for Microsoft Defender SmartScreen:
 The following settings must be configured with the following settings:
 - Check apps and files: **Warn** or **Block** 
 - SmartScreen for Microsoft Edge: **Warn** or **Block**
@ -200,27 +201,27 @@ You can take the following actions to increase the overall security score of you
 - Set **SmartScreen for Microsoft Edge** to **Warn** or **Block**
 - Set **SmartScreen for Microsoft store apps** to **Warn** or **Off**
-For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
+For more information, see [Microsoft Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
-### Windows Defender Firewall optimization
+### Microsoft Defender Firewall optimization
-For a machine to be considered "well configured", Windows Defender Firewall must be turned on and enabled for all profiles and inbound connections are blocked by default. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender Firewall is fulfilled. 
+A well-configured machine must have Microsoft Defender Firewall turned on and enabled for all profiles so that inbound connections are blocked by default. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender Firewall. 
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1709 or later.
-#### Minimum baseline configuration setting for Windows Defender Firewall 
+#### Minimum baseline configuration setting for Microsoft Defender Firewall 
- Windows Defender Firewall is turned on for all network connections
+- Microsoft Defender Firewall is turned on for all network connections
- Secure domain profile by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure domain profile by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
- Secure private profile by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure private profile by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
- Secure public profile is configured by enabling Windows Defender Firewall and ensure that Inbound connections is set to Blocked
+- Secure public profile is configured by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
-For more information on Windows Defender Firewall settings, see [Planning settings for a basic firewall policy](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy).
+For more information on Microsoft Defender Firewall settings, see [Planning settings for a basic firewall policy](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy).
 >[!NOTE]
-> If Windows Defender Firewall is not your primary firewall, consider excluding it from the security score calculations and make sure that your third-party firewall is configured in a securely.
+> If Microsoft Defender Firewall is not your primary firewall, consider excluding it from the security score calculations and make sure that your third-party firewall is configured in a securely.
 ##### Recommended actions:
@ -231,12 +232,12 @@ You can take the following actions to increase the overall security score of you
 - Secure public profile
 - Verify secure configuration of third-party firewall
 - Fix sensor data collection
-  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
-For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
+For more information, see [Microsoft Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
 ### BitLocker optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for BitLocker is fulfilled. 
+A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for BitLocker. 
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1803 or later.
@ -253,21 +254,21 @@ You can take the following actions to increase the overall security score of you
 - Resume protection on all drives
 - Ensure drive compatibility
 - Fix sensor data collection
-  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
 For more information, see [Bitlocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
-### Windows Defender Credential Guard optimization
+### Microsoft Defender Credential Guard optimization
-For a machine to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender Credential Guard is fulfilled.
+A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender Credential Guard.
 >[!IMPORTANT]
 >This security control is only applicable for machines with Windows 10, version 1709 or later. 
-#### Minimum baseline configuration setting for Windows Defender Credential Guard:
+#### Minimum baseline configuration setting for Microsoft Defender Credential Guard:
-Machines are considered "well configured" for Windows Defender Credential Guard if the following requirements are met:
+Well-configured machines for Microsoft Defender Credential Guard meets the following requirements:
 - Hardware and software prerequisites are met
- Windows Defender Credential Guard is turned on compatible machines
+- Microsoft Defender Credential Guard is turned on compatible machines
 ##### Recommended actions:
@ -276,9 +277,9 @@ You can take the following actions to increase the overall security score of you
 - Ensure hardware and software prerequisites are met
 - Turn on Credential Guard 
 - Fix sensor data collection
-  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
+  - The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
-For more information, see [Manage Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
+For more information, see [Manage Microsoft Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
--- a/windows/security/threat-protection/windows-defender-atp/overview-secure-score.md
+++ b/windows/security/threat-protection/windows-defender-atp/overview-secure-score.md
@ -1,82 +0,0 @@
 ---
 title: Overview of Secure score in Windows Defender Security Center
 description: Expand your visibility into the overall security posture of your organization
 keywords: secure score, security controls, improvement opportunities, security score over time, score, posture, baseline
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ms.date: 09/03/2018
 ---
 # Overview of Secure score in Windows Defender Security Center
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
 >[!IMPORTANT]
 > This feature is available for machines on Windows 10, version  1703 or later. 
 The **Secure score dashboard** displays a snapshot of:
 - Microsoft secure score
 - Secure score over time
 - Top recommendations
 - Improvement opportunities
 ![Secure score dashboard](images/new-secure-score-dashboard.png)
 ## Microsoft secure score
 The Microsoft secure score tile is reflective of the sum of all the Windows Defender security controls that are configured according to the recommended baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
 ![Image of Microsoft secure score tile](images/mss.png)
 Each Windows Defender security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported security controls (Windows Defender security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). 
 The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/en-us/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
 In the example image, the total points for the Windows security controls and Office 365 add up to 602 points. 
 You can set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md).
 ## Secure score over time
 You can track the progression of your organizational security posture over time using this tile. It displays the overall score in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.  The expected update schedule for Secure Score is about 24 hours. In some cases, depending of the size of the organization, number of computers and other factors, this update can take up to 72 hours.
 ![Image of the security score over time tile](images/new-ssot.png)
 You can mouse over specific date points to see the total score for that security control is on a specific date.
 ## Top recommendations
 Reflects specific actions you can take to significantly increase the security stance of your organization and how many points will be added to the secure score if you take the recommended action.
 ![Top recommendations tile](images/top-recommendations.png)
 ## Improvement opportunities 
 Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
 Clicking on the affected machines link at the top of the table takes you to the Machines list. The list is filtered to reflect the list of machines where improvements can be made. 
 ![Improvement opportunities](images/io.png)
 Within the tile, you can click on each control to see the recommended optimizations.
 Clicking the link under the Misconfigured machines column opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
 ## Related topic
 - [Threat analytics](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 - [Threat analytics for Spectre and Meltdown](threat-analytics-dashboard-windows-defender-advanced-threat-protection.md)