diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-dropdown.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-dropdown.png new file mode 100644 index 0000000000..2fe843f6ad Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-dropdown.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-flyout.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-flyout.png new file mode 100644 index 0000000000..be50eefc3b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-device-value-flyout.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 7084b50423..0f5af6bdf7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -36,7 +36,7 @@ ms.topic: article 3. Enter the following queries: ```kusto -// Search for machines with High active alerts or Critical CVE public exploit +// Search for devices with High active alerts or Critical CVE public exploit DeviceTvmSoftwareInventoryVulnerabilities | join kind=inner(DeviceTvmSoftwareVulnerabilitiesKB) on CveId | where IsExploitAvailable == 1 and CvssScore >= 7 @@ -51,6 +51,7 @@ DeviceName=any(DeviceName) by DeviceId, AlertId ``` ## Define a device's value to the organization + Defining a device’s value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation, so devices marked as “high value” will receive more weight. Device value options: @@ -59,18 +60,24 @@ Device value options: - Normal (Default) - High -Examples of machines that should be mark as high value: +Examples of devices that should be marked as high value: - Domain controllers, Active Directory -- Internet facing machines -- VIP machines -- Machines hosting internal/external production services +- Internet facing devices +- VIP devices +- Devices hosting internal/external production services ### Set device value -1. Navigate into any machine page -2. Select Machine Value and define a value -3. Review the value in the machine tag area +1. Navigate to any device page, the easiest place is from the device inventory. + +2. Select **Device Value** from three dots next to the actions bar at the top of the page. + ![Example of the device value dropdown.](images/tvm-device-value-dropdown.png) + +

+ +3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device. +![Example of the device value flyout.](images/tvm-device-value-flyout.png) ## Related topics