From 3dea206d17ceeec5c5b6ac752c605ebc4f4a0b1b Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 14 Dec 2020 12:50:52 +0530 Subject: [PATCH 1/6] updated-task-4620497 updated task 4620497 --- .../advanced-hunting-shared-queries.md | 2 +- .../microsoft-defender-atp/advanced-hunting-take-action.md | 1 + .../microsoft-defender-atp/alerts-queue.md | 4 ++-- .../threat-protection/microsoft-defender-atp/alerts.md | 5 +++-- .../microsoft-defender-atp/android-configure.md | 4 ++-- .../microsoft-defender-atp/android-intune.md | 5 ++--- .../microsoft-defender-atp/android-privacy.md | 4 ++-- .../microsoft-defender-atp/android-support-signin.md | 4 ++-- .../microsoft-defender-atp/android-terms.md | 4 ++-- .../microsoft-defender-atp/api-explorer.md | 3 +-- .../microsoft-defender-atp/api-hello-world.md | 5 +++-- .../microsoft-defender-atp/api-microsoft-flow.md | 5 +++-- .../microsoft-defender-atp/api-portal-mapping.md | 3 +-- .../microsoft-defender-atp/api-power-bi.md | 5 +++-- .../microsoft-defender-atp/api-terms-of-use.md | 3 +++ .../threat-protection/microsoft-defender-atp/apis-intro.md | 4 ++-- .../microsoft-defender-atp/assign-portal-access.md | 1 + .../microsoft-defender-atp/attack-simulations.md | 3 +-- .../microsoft-defender-atp/attack-surface-reduction-faq.md | 5 ++--- .../microsoft-defender-atp/attack-surface-reduction.md | 5 ++--- .../microsoft-defender-atp/audit-windows-defender.md | 5 ++--- .../auto-investigation-action-center.md | 3 +++ .../microsoft-defender-atp/automated-investigations.md | 7 +++---- .../microsoft-defender-atp/automation-levels.md | 4 ++++ .../microsoft-defender-atp/basic-permissions.md | 1 + 25 files changed, 52 insertions(+), 43 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md index 0daf0cbfda..25d3f6f796 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md @@ -21,9 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md index d535b139e2..305f3fd9fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md @@ -22,6 +22,7 @@ ms.date: 09/20/2020 **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md index e403e8465c..a15bbb44d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md @@ -24,8 +24,8 @@ ms.date: 03/27/2020 **Applies to:** - -- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index eaa7c56c2f..72b1f1b8fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -20,8 +20,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md index f9f5d899e6..7b866543f6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md @@ -25,8 +25,8 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - -- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## Conditional Access with Defender for Endpoint for Android Microsoft Defender for Endpoint for Android along with Microsoft Intune and Azure Active diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index d899f7568a..fe5cae5c07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -24,10 +24,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -- [Defender for Endpoint](microsoft-defender-atp-android.md) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) This topic describes deploying Defender for Endpoint for Android on Intune Company Portal enrolled devices. For more information about Intune device enrollment, see [Enroll your diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md index 66ec2fa838..32be21bcc2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md @@ -20,8 +20,8 @@ ms.topic: conceptual # Microsoft Defender for Endpoint for Android - Privacy information **Applies to:** - -- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Defender for Endpoint for Android collects information from your configured diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index 34959bf022..4b7d89d0aa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -26,8 +26,8 @@ ms.topic: conceptual **Applies to:** - -- [Defender for Endpoint](microsoft-defender-atp-android.md) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) During onboarding, you might encounter sign in issues after the app is installed on your device. diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md index d8dd335aff..5b9ded6806 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md @@ -24,8 +24,8 @@ hideEdit: true [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - -- [Microsoft Defender for Endpoint](microsoft-defender-atp-android.md) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md index c75879bafc..5b1db3a730 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md @@ -22,10 +22,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) The Microsoft Defender for Endpoint API Explorer is a tool that helps you explore various Defender for Endpoint APIs interactively. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 0dfd7bfce2..1cfe7b3511 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -21,8 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index 95525bbf97..d45668f5a3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -21,8 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index 2170d310c0..ed503a7088 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -21,10 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 605b0f511a..6575464267 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -21,8 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md index 9c8c96f2ea..78cdd47953 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md @@ -20,6 +20,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## APIs diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md index c105db89bb..efa466e67c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md +++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md @@ -21,9 +21,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** +**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md index a8bf456da1..b8ebc6cdff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md @@ -27,6 +27,7 @@ ms.date: 11/28/2018 - Azure Active Directory - Office 365 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md index 74cc0538fb..0d3c296111 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md @@ -22,10 +22,9 @@ ms.date: 11/20/2018 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md index 27c2c2db47..5d12d0551b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md @@ -20,10 +20,9 @@ ms.custom: asr [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## Is attack surface reduction (ASR) part of Windows? diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index f5e542e2f6..e13e833985 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -21,10 +21,9 @@ ms.date: 11/30/2020 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ## Overview diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md index b442dcb82a..e374abe630 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md +++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md @@ -19,10 +19,9 @@ manager: dansimp [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature. diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index 0a77813dd2..f4e0f7e28e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -24,6 +24,9 @@ ms.date: 09/24/2020 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) During and after an automated investigation, certain remediation actions can be identified. Depending on the threat and how [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) is configured for your organization, some remediation actions are taken automatically. diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index fea480df60..70b3eb03b2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -27,10 +27,9 @@ ms.custom: AIR [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to** - -- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146806) - +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Your security operations team receives an alert whenever a malicious or suspicious artifact is detected by Microsoft Defender for Endpoint. Security operations teams face challenges in addressing the multitude of alerts that arise from the seemingly never-ending flow of threats. Microsoft Defender for Endpoint includes automated investigation and remediation (AIR) capabilities that can help your security operations team address threats more efficiently and effectively. Want to see how it works? Watch the following video: diff --git a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md index 9fa9ebd762..cd0bb6f7e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automation-levels.md @@ -25,6 +25,10 @@ ms.custom: AIR # Automation levels in automated investigation and remediation capabilities +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + Automated investigation and remediation (AIR) capabilities in Microsoft Defender for Endpoint can be configured to one of several levels of automation. Your automation level affects whether remediation actions following AIR investigations are taken automatically or only upon approval. - *Full automation* (recommended) means remediation actions are taken automatically on artifacts determined to be malicious. - *Semi-automation* means some remediation actions are taken automatically, but other remediation actions await approval before being taken. (See the table in [Levels of automation](#levels-of-automation).) diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index fed2ad3911..fbbcf28bc8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -25,6 +25,7 @@ ms.topic: article - Azure Active Directory - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink) From 6726c834ecf4c2c927cdd1536baf5afb5b15fa22 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Wed, 6 Jan 2021 10:53:41 +0530 Subject: [PATCH 2/6] fixedwarnings to fix warnings --- .../microsoft-defender-atp/attack-surface-reduction-faq.md | 2 +- .../microsoft-defender-atp/basic-permissions.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md index 5d12d0551b..1fe7d8786d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md @@ -42,7 +42,7 @@ Yes. ASR is supported for Windows Enterprise E3 and above. All of the rules supported with E3 are also supported with E5. -E5 also added greater integration with Defender for Endpoint. With E5, you can [use Defender for Endpoint to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports. +E5 also added greater integration with Defender for Endpoint. With E5, you can [use Defender for Endpoint to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide&preserve-view=true#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports. ## What are the currently supported ASR rules? diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md index fbbcf28bc8..ead8dfe61c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md @@ -48,7 +48,7 @@ You can assign users with one of the following levels of permissions: > [!NOTE] > You need to run the PowerShell cmdlets in an elevated command-line. -- Connect to your Azure Active Directory. For more information, see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx). +- Connect to your Azure Active Directory. For more information, see, [Connect-MsolService](https://docs.microsoft.com/powershell/module/msonline/connect-msolservice?view=azureadps-1.0&preserve-view=true). **Full access**
Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package. From 472b62781d3bd92a1275ec8ca9413f3d7c0ab404 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 15 Jan 2021 17:03:25 +0530 Subject: [PATCH 3/6] fix-suggestions To fix suggestions --- .../microsoft-defender-atp/android-intune.md | 24 +++++++++---------- .../microsoft-defender-atp/api-hello-world.md | 4 ++-- .../api-microsoft-flow.md | 12 +++++----- .../api-portal-mapping.md | 4 ++-- .../microsoft-defender-atp/api-power-bi.md | 6 ++--- 5 files changed, 25 insertions(+), 25 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md index 1937a2b7c8..7f56e16fcf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md @@ -51,7 +51,7 @@ Learn how to deploy Defender for Endpoint for Android on Intune Company Portal - center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add \> Android store app** and choose **Select**. - ![Image of Microsoft Endpoint Manager Admin Center](images/mda-addandroidstoreapp.png) + ![Image of Microsoft Endpoint Manager Admin Center1](images/mda-addandroidstoreapp.png) 2. On the **Add app** page and in the *App Information* section enter: @@ -63,7 +63,7 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> Other fields are optional. Select **Next**. - ![Image of Microsoft Endpoint Manager Admin Center](images/mda-addappinfo.png) + ![Image of Microsoft Endpoint Manager Admin Center2](images/mda-addappinfo.png) 3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Choose **Select** and then **Next**. @@ -71,14 +71,14 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> >The selected user group should consist of Intune enrolled users. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/363bf30f7d69a94db578e8af0ddd044b.png) + > ![Image of Microsoft Endpoint Manager Admin Center3](images/363bf30f7d69a94db578e8af0ddd044b.png) 4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**. In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page. - ![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png) + ![Image of Microsoft Endpoint Manager Admin Center4](images/86cbe56f88bb6e93e9c63303397fc24f.png) 5. In the app information page that is displayed, in the **Monitor** section, @@ -86,7 +86,7 @@ select **Device install status** to verify that the device installation has completed successfully. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager Admin Center](images/513cf5d59eaaef5d2b5bc122715b5844.png) + > ![Image of Microsoft Endpoint Manager Admin Center5](images/513cf5d59eaaef5d2b5bc122715b5844.png) ### Complete onboarding and check status @@ -123,14 +123,14 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \> **Android Apps** \> **Add** and select **Managed Google Play app**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager admin center](images/579ff59f31f599414cedf63051628b2e.png) + > ![Image of Microsoft Endpoint Manager admin center6](images/579ff59f31f599414cedf63051628b2e.png) 2. On your managed Google Play page that loads subsequently, go to the search box and lookup **Microsoft Defender.** Your search should display the Microsoft Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result. - ![Image of Microsoft Endpoint Manager admin center](images/0f79cb37900b57c3e2bb0effad1c19cb.png) + ![Image of Microsoft Endpoint Manager admin center7](images/0f79cb37900b57c3e2bb0effad1c19cb.png) 3. In the App description page that comes up next, you should be able to see app details on Defender for Endpoint. Review the information on the page and then @@ -180,7 +180,7 @@ Defender ATP should be visible in the apps list. 1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**. - ![Image of Microsoft Endpoint Manager admin center](images/android-mem.png) + ![Image of Microsoft Endpoint Manager admin center8](images/android-mem.png) 1. In the **Create app configuration policy** page, enter the following details: @@ -200,19 +200,19 @@ Defender ATP should be visible in the apps list. Then select **OK**. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-create-app-config.png) + > ![Image of create app configuration policy1](images/android-create-app-config.png) 1. You should now see both the permissions listed and now you can autogrant both by choosing autogrant in the **Permission state** drop-down and then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-auto-grant.png) + > ![Image of create app configuration policy2](images/android-auto-grant.png) 1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**. The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-select-group.png) + > ![Image of create app configuration policy3](images/android-select-group.png) 1. In the **Review + Create** page that comes up next, review all the information and then select **Create**.
@@ -220,7 +220,7 @@ Defender ATP should be visible in the apps list. The app configuration policy for Defender for Endpoint autogranting the storage permission is now assigned to the selected user group. > [!div class="mx-imgBorder"] - > ![Image of create app configuration policy](images/android-review-create.png) + > ![Image of create app configuration policy4](images/android-review-create.png) 10. Select **Microsoft Defender ATP** app in the list \> **Properties** \> diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md index 5a8e56a963..b00bc7b148 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md @@ -58,11 +58,11 @@ For the Application registration stage, you must have a **Global administrator** - **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear. - ![Image of API access and API selection](images/add-permission.png) + ![Image of API access and API selection1](images/add-permission.png) - Choose **Application permissions** > **Alert.Read.All** > Click on **Add permissions** - ![Image of API access and API selection](images/application-permissions.png) + ![Image of API access and API selection2](images/application-permissions.png) **Important note**: You need to select the relevant permissions. 'Read All Alerts' is only an example! diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md index 54ffcf11fc..3b42fefc66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md @@ -31,7 +31,7 @@ Automating security procedures is a standard requirement for every modern Securi Microsoft Defender API has an official Flow Connector with many capabilities. -![Image of edit credentials](images/api-flow-0.png) +![Image of edit credentials1](images/api-flow-0.png) ## Usage example @@ -41,15 +41,15 @@ The following example demonstrates how to create a Flow that is triggered any ti 2. Go to **My flows** > **New** > **Automated-from blank**. - ![Image of edit credentials](images/api-flow-1.png) + ![Image of edit credentials2](images/api-flow-1.png) 3. Choose a name for your Flow, search for "Microsoft Defender ATP Triggers" as the trigger, and then select the new Alerts trigger. - ![Image of edit credentials](images/api-flow-2.png) + ![Image of edit credentials3](images/api-flow-2.png) Now you have a Flow that is triggered every time a new Alert occurs. -![Image of edit credentials](images/api-flow-3.png) +![Image of edit credentials4](images/api-flow-3.png) All you need to do now is choose your next steps. For example, you can isolate the device if the Severity of the Alert is High and send an email about it. @@ -63,7 +63,7 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the 3. Set the **Alert ID** from the last step as **Input**. - ![Image of edit credentials](images/api-flow-4.png) + ![Image of edit credentials5](images/api-flow-4.png) ### Isolate the device if the Alert's severity is High @@ -73,7 +73,7 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the If yes, add the **Microsoft Defender ATP - Isolate machine** action with the Machine ID and a comment. - ![Image of edit credentials](images/api-flow-5.png) + ![Image of edit credentials6](images/api-flow-5.png) 3. Add a new step for emailing about the Alert and the Isolation. There are multiple email connectors that are very easy to use, such as Outlook or Gmail. diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md index ed503a7088..a0a21d751b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md @@ -84,9 +84,9 @@ Field numbers match the numbers in the images below. ![Image of alert details pane with numbers](images/atp-siem-mapping13.png) -![Image of artifact timeline with numbers](images/atp-siem-mapping3.png) +![Image of artifact timeline with numbers1](images/atp-siem-mapping3.png) -![Image of artifact timeline with numbers](images/atp-siem-mapping4.png) +![Image of artifact timeline with numbers2](images/atp-siem-mapping4.png) ![Image machine view](images/atp-mapping6.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 2d20e0d495..851e5a59d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -92,17 +92,17 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a - Click **Edit Credentials** - ![Image of edit credentials](images/power-bi-edit-credentials.png) + ![Image of edit credentials0](images/power-bi-edit-credentials.png) - Select **Organizational account** > **Sign in** - ![Image of set credentials](images/power-bi-set-credentials-organizational.png) + ![Image of set credentials1](images/power-bi-set-credentials-organizational.png) - Enter your credentials and wait to be signed in - Click **Connect** - ![Image of set credentials](images/power-bi-set-credentials-organizational-cont.png) + ![Image of set credentials2](images/power-bi-set-credentials-organizational-cont.png) - Now the results of your query will appear as table and you can start build visualizations on top of it! From fcbf1cdc170855afd28bf3c0df7363e582f42ba0 Mon Sep 17 00:00:00 2001 From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com> Date: Tue, 16 Feb 2021 19:07:08 +0100 Subject: [PATCH 4/6] Removing "Intune" from list of installation methods. Windows Server cannot be enrolled into Intune so calling out Intune as an installation mechanism is confusing. --- .../microsoft-defender-atp/configure-server-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index ebb9189935..bd3821562c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -157,7 +157,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo > [!NOTE] > - The Onboarding package for Windows Server 2019 through Microsoft Endpoint Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs). -> - A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. +> - A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, or Microsoft Endpoint Configuration Manager. Support for Windows Server provides deeper insight into server activities, coverage for kernel and memory attack detection, and enables response actions. From d0c72008f0bbd1714e54cce822cf90c5c0656215 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 17 Feb 2021 08:53:42 -0800 Subject: [PATCH 5/6] Update audit-windows-defender.md acrolinx --- .../audit-windows-defender.md | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md index 5a44e8a0c3..4b16ba2447 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md +++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md @@ -1,6 +1,6 @@ --- -title: Test how Microsoft Defender ATP features work in audit mode -description: Audit mode lets you use the event log to see how Microsoft Defender ATP would protect your devices if it was enabled. +title: Test how Microsoft Defender for Endpoint features work in audit mode +description: Audit mode helps you see how Microsoft Defender for Endpoint would protect your devices if it was enabled. keywords: exploit guard, audit, auditing, mode, enabled, disabled, test, demo, evaluate, lab search.product: eADQiWindows 10XVcnh ms.prod: m365-security @@ -27,7 +27,7 @@ ms.technology: mde You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature. -You may want to enable audit mode when testing how the features will work in your organization. Ensure it doesn't affect your line-of-business apps, and get an idea of how many suspicious file modification attempts generally occur over a certain period of time. +You may want to enable audit mode when testing how the features will work in your organization. This will help make sure your line-of-business apps aren't affected. You can also get an idea of how many suspicious file modification attempts occur over a certain period of time. The features won't block or prevent apps, scripts, or files from being modified. However, the Windows Event Log will record events as if the features were fully enabled. With audit mode, you can review the event log to see what impact the feature would have had if it was enabled. @@ -35,19 +35,17 @@ To find the audited entries, go to **Applications and Services** > **Microsoft** You can use Defender for Endpoint to get greater details for each event, especially for investigating attack surface reduction rules. Using the Defender for Endpoint console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md). -This article provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer. - You can use Group Policy, PowerShell, and configuration service providers (CSPs) to enable audit mode. >[!TIP] >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work. - Audit options | How to enable audit mode | How to view events --|-|- -Audit applies to all events | [Enable controlled folder access](enable-controlled-folders.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer) -Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](evaluate-attack-surface-reduction.md#review-attack-surface-reduction-events-in-windows-event-viewer) -Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer) -|Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection.md#review-exploit-protection-events-in-windows-event-viewer) + **Audit options** | **How to enable audit mode** | **How to view events** +|---------|---------|---------| +| Audit applies to all events | [Enable controlled folder access](enable-controlled-folders.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer) +| Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](evaluate-attack-surface-reduction.md#review-attack-surface-reduction-events-in-windows-event-viewer) +| Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer) +| Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection.md#review-exploit-protection-events-in-windows-event-viewer) ## Related topics From f132d9a9356bdfb8f26b000ef537762d96eb10af Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 17 Feb 2021 09:14:26 -0800 Subject: [PATCH 6/6] Update android-support-signin.md acrolinx --- .../android-support-signin.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index ae0ecfba8d..9ec3031858 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -30,9 +30,9 @@ ms.technology: mde - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -During onboarding, you might encounter sign in issues after the app is installed on your device. +When onboarding a device, you might see sign in issues after the app is installed. -This article provides solutions to address the sign on issues. +This article provides solutions to help address sign in issues. ## Sign in failed - unexpected error **Sign in failed:** *Unexpected error, try later* @@ -71,22 +71,22 @@ have a license for Microsoft 365 Enterprise subscription. Contact your administrator for help. -## Phishing pages are not blocked on specific OEM devices +## Phishing pages aren't blocked on some OEM devices **Applies to:** Specific OEMs only - **Xiaomi** -Phishing and harmful web connection threats detected by Defender for Endpoint -for Android are not blocked on some Xiaomi devices. The following functionality does not work on these devices. +Phishing and harmful web threats that are detected by Defender for Endpoint +for Android are not blocked on some Xiaomi devices. The following functionality doesn't work on these devices. ![Image of site reported unsafe](images/0c04975c74746a5cdb085e1d9386e713.png) **Cause:** -Xiaomi devices introduced a new permission that prevents Defender for Endpoint -for Android app from displaying pop-up windows while running in the background. +Xiaomi devices include a new permission model. This prevents Defender for Endpoint +for Android from displaying pop-up windows while it runs in the background. Xiaomi devices permission: "Display pop-up windows while running in the background."