mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 13:57:22 +00:00
Merge pull request #4454 from MicrosoftDocs/master
removing solorigate link from includes
This commit is contained in:
Daniel Simpson
GitHub
commit
9daad6ea89
@ -9,6 +9,3 @@ author: dansimp
|
||||
ms.prod: w10
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
> [!IMPORTANT]
|
||||
> [Learn how Microsoft is helping to protect customers from Solorigate, a recent sophisticated attack](https://aka.ms/solorigate).
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 12 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 8.4 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 24 KiB |
@ -103,13 +103,15 @@ Navigate to the **Exceptions** tab in the **Remediation** page. You can filter b
|
||||
|
||||
Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can export. You can also view the related recommendation or cancel the exception.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## How to cancel an exception
|
||||
|
||||
To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. To cancel the exception for all device groups, select the **Cancel exception** button. You can also cancel the exception for a specific device group.
|
||||
To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception.
|
||||
|
||||
To cancel the exception for all device groups or for a global exception, select the **Cancel exception for all device groups** button. You will only be able to cancel exceptions for device groups you have permissions for.
|
||||
|
||||
|
||||
|
||||
### Cancel the exception for a specific device group
|
||||
|
||||
@ -117,13 +119,6 @@ Select the specific device group to cancel the exception for it. A flyout will a
|
||||
|
||||
|
||||
|
||||
|
||||
### Cancel a global exception
|
||||
|
||||
If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout.
|
||||
|
||||
|
||||
|
||||
## View impact after exceptions are applied
|
||||
|
||||
In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**.
|
||||
|
||||
@ -46,7 +46,8 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender fo
|
||||
|
||||
2. Select a security recommendation you would like to request remediation for, and then select **Remediation options**.
|
||||
|
||||
3. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. If you choose the "attention required" remediation option, selecting a due date will not be available since there is no specific action.
|
||||
3. Fill out the form, including what you are requesting remediation for, applicable device groups, priority, due date, and optional notes.
|
||||
1. If you choose the "attention required" remediation option, selecting a due date will not be available since there is no specific action.
|
||||
|
||||
4. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices.
|
||||
|
||||
|
||||
@ -112,32 +112,17 @@ If there is a large jump in the number of exposed devices, or a sharp increase i
|
||||
|
||||
## Request remediation
|
||||
|
||||
The threat and vulnerability management capability in Microsoft Defender ATP bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** pages to Intune.
|
||||
The threat and vulnerability management remediation capability bridges the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Security recommendation** page to Intune. [Learn more about remediation options](tvm-remediation.md)
|
||||
|
||||
### Enable Microsoft Intune connection
|
||||
### How to request remediation
|
||||
|
||||
To use this capability, enable your Microsoft Intune connections. In the Microsoft Defender Security Center, navigate to **Settings** > **General** > **Advanced features**. Scroll down and look for **Microsoft Intune connection**. By default, the toggle is turned off. Turn your **Microsoft Intune connection** toggle **On**.
|
||||
|
||||
See [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||
|
||||
### Remediation request steps
|
||||
|
||||
1. Select a security recommendation you would like to request remediation for, and then select **Remediation options**.
|
||||
|
||||
2. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices.
|
||||
|
||||
3. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment.
|
||||
|
||||
4. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request.
|
||||
|
||||
If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details.
|
||||
|
||||
>[!NOTE]
|
||||
>If your request involves remediating more than 10,000 devices, we can only send 10,000 devices for remediation to Intune.
|
||||
Select a security recommendation you would like to request remediation for, and then select **Remediation options**. Fill out the form and select **Submit request**. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. [Learn more about how to request remediation](tvm-remediation.md#request-remediation)
|
||||
|
||||
## File for exception
|
||||
|
||||
As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups.
|
||||
As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. [Learn more about exceptions](tvm-exception.md)
|
||||
|
||||
Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md).
|
||||
|
||||
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group).
|
||||
|
||||
@ -147,106 +132,7 @@ Select a security recommendation you would like create an exception for, and the
|
||||
|
||||
|
||||
|
||||
Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
|
||||
|
||||
### Exception scope
|
||||
|
||||
Exceptions can either be created for selected device groups, or for all device groups past and present.
|
||||
|
||||
#### Exception by device group
|
||||
|
||||
Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups.
|
||||
|
||||
|
||||
|
||||
##### Filtered
|
||||
|
||||
If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options.
|
||||
|
||||
Button to filter by device group on any of the threat and vulnerability management pages:
|
||||
|
||||
|
||||
|
||||
Exception view with filtered device groups:
|
||||
|
||||
|
||||
|
||||
##### Large number of device groups
|
||||
|
||||
If your organization has more than 20 device groups, select **Edit** next to the filtered device group option.
|
||||
|
||||
|
||||
|
||||
A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all.
|
||||
|
||||
|
||||
|
||||
#### Global exceptions
|
||||
|
||||
If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.”
|
||||
|
||||
|
||||
|
||||
Some things to keep in mind:
|
||||
|
||||
- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire.
|
||||
- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
|
||||
|
||||
### Justification
|
||||
|
||||
Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
|
||||
|
||||
The following list details the justifications behind the exception options:
|
||||
|
||||
- **Third party control** - A third party product or software already addresses this recommendation
|
||||
- Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
|
||||
- **Alternate mitigation** - An internal tool already addresses this recommendation
|
||||
- Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
|
||||
- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
|
||||
- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
|
||||
|
||||
### View all exceptions
|
||||
|
||||
Navigate to the **Exceptions** tab in the **Remediation** page.
|
||||
|
||||
|
||||
|
||||
Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception.
|
||||
|
||||
### How to cancel an exception
|
||||
|
||||
To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception.
|
||||
|
||||
#### Cancel the exception for a specific device group
|
||||
|
||||
If the exception is per device group, then you will need to select the specific device group to cancel the exception for it.
|
||||
|
||||
|
||||
|
||||
A flyout will appear for the device group, and you can select **Cancel exception**.
|
||||
|
||||
#### Cancel a global exception
|
||||
|
||||
If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout.
|
||||
|
||||
|
||||
|
||||
### View impact after exceptions are applied
|
||||
|
||||
In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**.
|
||||
|
||||
|
||||
|
||||
The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed.
|
||||
|
||||
The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change.
|
||||
|
||||
|
||||
If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating.
|
||||
|
||||
1. Select the recommendation and **Open software page**
|
||||
2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)
|
||||
3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request.
|
||||
Fill out the form and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. [Learn more about how to create an exception](tvm-exception.md#create-an-exception)
|
||||
|
||||
## Report inaccuracy
|
||||
|
||||
|
||||
@ -96,9 +96,13 @@ You can view software pages a few different ways:
|
||||
|
||||
A full page will appear with all the details of a specific software and the following information:
|
||||
|
||||
- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score
|
||||
- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices
|
||||
- Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the devices that the software is installed on, and the specific versions of the software with the number of devices that have each version installed and number of vulnerabilities.
|
||||
- Side panel with vendor information, prevalence of the software in the organization (including number of devices it's installed on, and exposed devices that aren't patched), whether and exploit is available, and impact to your exposure score.
|
||||
- Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs with the number of exposed devices.
|
||||
- Tabs showing information such as:
|
||||
- Corresponding security recommendations for the weaknesses and vulnerabilities identified.
|
||||
- Named CVEs of discovered vulnerabilities.
|
||||
- Devices that have the software installed (along with device name, domain, OS, and more).
|
||||
- Software version list (including number of devices the version is installed on, the number of discovered vulnerabilities, and the names of the installed devices).
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user