From bc486b67f29f2fa7285a0f36c09cf429ce3b6519 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 5 Jan 2021 16:27:35 -0800 Subject: [PATCH 1/2] up score --- .../android-support-signin.md | 5 +- .../microsoft-defender-atp/common-errors.md | 6 +-- .../configure-attack-surface-reduction.md | 4 +- .../get-domain-related-alerts.md | 4 +- .../get-file-related-alerts.md | 8 +-- .../get-file-related-machines.md | 8 +-- .../microsoft-defender-atp/ios-terms.md | 49 +++++++++---------- .../partner-applications.md | 16 +++--- 8 files changed, 47 insertions(+), 53 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md index 34959bf022..3b6e8322ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md +++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md @@ -31,7 +31,7 @@ ms.topic: conceptual During onboarding, you might encounter sign in issues after the app is installed on your device. -This article provides solutions to address the sign on issues. +This article provides solutions to address the sign-on issues. ## Sign in failed - unexpected error **Sign in failed:** *Unexpected error, try later* @@ -63,8 +63,7 @@ from Google Play Store and try again **Cause:** -You do not have Microsoft 365 license assigned, or your organization does not -have a license for Microsoft 365 Enterprise subscription. +You do not have Microsoft 365 license assigned, or your organization does not have a license for Microsoft 365 Enterprise subscription. **Solution:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md index c43240cb86..77ea709f52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md +++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md @@ -21,9 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] * The error codes listed in the following table may be returned by an operation on any of Microsoft Defender for Endpoint APIs. -* Note that in addition to the error code, every error response contains an error message which can help resolving the problem. -* Note that the message is a free text that can be changed. -* At the bottom of the page you can find response examples. +* In addition to the error code, every error response contains an error message, which can help resolve the problem. +* The message is a free text that can be changed. +* At the bottom of the page, you can find response examples. Error code |HTTP status code |Message :---|:---|:--- diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md index 736ab0b846..e12a5c23c2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-attack-surface-reduction.md @@ -1,6 +1,6 @@ --- title: Configure attack surface reduction -description: Use Microsoft Intune, Microsoft Endpoint Configuration Manager, Powershell cmdlets, and Group Policy to configure attack surface reduction. +description: Use Microsoft Intune, Microsoft Endpoint Configuration Manager, PowerShell cmdlets, and Group Policy to configure attack surface reduction. keywords: asr, attack surface reduction, windows defender, microsoft defender, antivirus, av search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -22,7 +22,7 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -You can configure attack surface reduction with a number of tools, including: +You can configure attack surface reduction with many tools, including: * Microsoft Intune * Microsoft Endpoint Configuration Manager diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md index 2ef6ab2307..a9d61d3418 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md @@ -1,5 +1,5 @@ --- -title: Get domain related alerts API +title: Get domain-related alerts API description: Learn how to use the Get domain related alerts API to retrieve alerts related to a given domain address in Microsoft Defender for Endpoint. keywords: apis, graph api, supported apis, get, domain, related, alerts search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get domain related alerts API +# Get domain-related alerts API [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index e9088291e8..78611c1902 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -1,6 +1,6 @@ --- -title: Get file related alerts API -description: Learn how to use the Get file related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender for Endpoint. +title: Get file-related alerts API +description: Learn how to use the Get file-related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender for Endpoint. keywords: apis, graph api, supported apis, get, file, hash search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get file related alerts API +# Get file-related alerts API [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -69,7 +69,7 @@ Authorization | String | Bearer {token}. **Required**. Empty ## Response -If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file do not exist - 404 Not Found. +If successful and file exists - 200 OK with list of [alert](alerts.md) entities in the body. If file does not exist - 404 Not Found. ## Example diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index 99313ac5c8..da6b2b71d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -1,6 +1,6 @@ --- -title: Get file related machines API -description: Learn how to use the Get file related machines API to get a collection of machines related to a file hash in Microsoft Defender for Endpoint. +title: Get file-related machines API +description: Learn how to use the Get file-related machines API to get a collection of machines related to a file hash in Microsoft Defender for Endpoint. keywords: apis, graph api, supported apis, get, devices, hash search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get file related machines API +# Get file-related machines API [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] @@ -69,7 +69,7 @@ Authorization | String | Bearer {token}. **Required**. Empty ## Response -If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file do not exist - 404 Not Found. +If successful and file exists - 200 OK with list of [machine](machine.md) entities in the body. If file does not exist - 404 Not Found. ## Example diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md index 997e5ed226..87fc256054 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-terms.md @@ -29,7 +29,7 @@ hideEdit: true ## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT These license terms ("Terms") are an agreement between Microsoft Corporation (or -based on where you live, one of its affiliates) and you. Please read them. They +based on where you live, one of its affiliates) and you. They apply to the application named above. These Terms also apply to any Microsoft - updates, @@ -51,21 +51,21 @@ DO NOT USE THE APPLICATION.** 1. **INSTALLATION AND USE RIGHTS.** 1. **Installation and Use.** You may install and use any number of copies - of this application on iOS enabled device or devices which you own + of this application on iOS enabled device or devices that you own or control. You may use this application with your company's valid subscription of Defender for Endpoint or - an online service that includes MDATP functionalities. + an online service that includes Microsoft Defender for Endpoint functionalities. - 2. **Updates.** Updates or upgrades to MDATP may be required for full + 2. **Updates.** Updates or upgrades to Microsoft Defender for Endpoint may be required for full functionality. Some functionality may not be available in all countries. - 3. **Third Party Programs.** The application may include third party + 3. **Third-Party Programs.** The application may include third-party programs that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third-party program are included for your information only. 2. **INTERNET ACCESS MAY BE REQUIRED.** You may incur charges related to - Internet access, data transfer and other services per the terms of the data + Internet access, data transfer, and other services per the terms of the data service plan and any other agreement you have with your network operator due to use of the application. You are solely responsible for any network operator charges. @@ -78,8 +78,7 @@ DO NOT USE THE APPLICATION.** operates as your consent to the transmission of standard device information (including but not limited to technical information about your device, system and application software, and peripherals) for - Internet-based or wireless services. If other terms are provided in - connection with your use of the services, those terms also apply. + Internet-based or wireless services. If other terms are provided with your use of the services, those terms also apply. - Data. Some online services require, or may be enhanced by, the installation of local software like this one. At your, or your @@ -91,21 +90,20 @@ DO NOT USE THE APPLICATION.** improve Microsoft products and services and enhance your experience. You may limit or control collection of some usage and performance data through your device settings. Doing so may disrupt your use of - certain features of the application. For additional information on - Microsoft's data collection and use, see the [Online Services + certain features of the application. For more information on Microsoft's data collection and use, see the [Online Services Terms](https://go.microsoft.com/fwlink/?linkid=2106777). 2. Misuse of Internet-based Services. You may not use any Internet-based service in any way that could harm it or impair anyone else's use of it or the wireless network. You may not use the service to try to gain - unauthorized access to any service, data, account or network by any + unauthorized access to any service, data, account, or network by any means. 4. **FEEDBACK.** If you give feedback about the application to Microsoft, you - give to Microsoft, without charge, the right to use, share and commercialize + give to Microsoft, without charge, the right to use, share, and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, - technologies and services to use or interface with any specific parts of a + technologies, and services to use or interface with any specific parts of a Microsoft software or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your feedback @@ -129,16 +127,14 @@ DO NOT USE THE APPLICATION.** - publish the application for others to copy; - - rent, lease or lend the application; or + - rent, lease, or lend the application; or - transfer the application or this agreement to any third party. 6. **EXPORT RESTRICTIONS.** The application is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the application. These laws - include restrictions on destinations, end users and end use. For additional - information, - see [www.microsoft.com/exporting](https://www.microsoft.com/exporting). + include restrictions on destinations, end users and end use. For more information, see [www.microsoft.com/exporting](https://www.microsoft.com/exporting). 7. **SUPPORT SERVICES.** Because this application is "as is," we may not provide support services for it. If you have any issues or questions about @@ -150,14 +146,13 @@ DO NOT USE THE APPLICATION.** 8. **APPLICATION STORE.** - 1. If you obtain the application through an application store (e.g., App - Store), please review the applicable application store terms to ensure + 1. If you obtain the application through an application store (for example, App + Store), review the applicable application store terms to ensure your download and use of the application complies with such terms. - Please note that these Terms are between you and Microsoft and not with + These terms are between you and Microsoft and not with the application store. - 2. The respective application store provider and its subsidiaries are third - party beneficiaries of these Terms, and upon your acceptance of these + 2. The respective application store provider and its subsidiaries are third-party beneficiaries of these Terms, and upon your acceptance of these Terms, the application store provider(s) will have the right to directly enforce and rely upon any provision of these Terms that grants them a benefit or rights. @@ -212,20 +207,20 @@ DO NOT USE THE APPLICATION.** This limitation applies to: - anything related to the application, services, content (including code) on - third party Internet sites, or third party programs; and + third-party Internet sites, or third-party programs; and -- claims for breach of contract, warranty, guarantee or condition; consumer +- claims for breach of contract, warranty, guarantee, or condition; consumer protection; deception; unfair competition; strict liability, negligence, - misrepresentation, omission, trespass or other tort; violation of statute or + misrepresentation, omission, trespass, or other tort; violation of statute or regulation; or unjust enrichment; all to the extent permitted by applicable law. It also applies even if: -a. Repair, replacement or refund for the application does not fully compensate +a. Repair, replacement, or refund for the application does not fully compensate you for any losses; or b. Covered Parties knew or should have known about the possibility of the damages. -The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages. +The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential, or other damages. diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index af671e6890..26d5318130 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -54,7 +54,7 @@ Logo |Partner name | Description ![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats ![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Defender for Endpoint detections -![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness leveraging Microsoft Graph Security API +![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness using Microsoft Graph Security API ![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations ![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities ![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk @@ -97,14 +97,14 @@ Logo |Partner name | Description Logo |Partner name | Description :---|:---|:--- ![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats -![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy +![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy ![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices ![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense -## Additional integrations +## Other integrations Logo |Partner name | Description :---|:---|:--- ![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Defender for Endpoint with advanced Web Filtering @@ -115,27 +115,27 @@ Logo |Partner name | Description ## SIEM integration -Defender for Endpoint supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). +Defender for Endpoint supports SIEM integration through various methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). ## Ticketing and IT service management Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. ## Security orchestration and automation response (SOAR) integration -Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs expose to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. +Orchestration solutions can help build playbooks and integrate the rich data model and actions that Defender for Endpoint APIs exposes to orchestrate responses, such as query for device data, trigger device isolation, block/allow, resolve alert and others. ## External alert correlation and Automated investigation and remediation Defender for Endpoint offers unique automated investigation and remediation capabilities to drive incident response at scale. Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices. -External alerts can be pushed into Defender for Endpoint and is presented side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert — with the real process and the full story of attack. +External alerts can be pushed into Defender for Endpoint and is presented side by side with other device-based alerts from Defender for Endpoint. This view provides a full context of the alert — with the real process and the full story of attack. ## Indicators matching You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs). -Defender for Endpoint allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match. +Defender for Endpoint allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; applying prevention and automated response capabilities to block execution and take remediation actions when there's a match. Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators. ## Support for non-Windows platforms -Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. +Defender for Endpoint provides a centralized security operations experience for Windows and non-Windows platforms, including mobile devices. You'll be able to see alerts from various supported operating systems (OS) in the portal and better protect your organization's network. From 4d20ee8f677958c46e1194d1992fbfdb5fdfab2f Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 17 Feb 2021 14:51:09 -0800 Subject: [PATCH 2/2] pencil edit --- .../microsoft-defender-atp/partner-applications.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index f253842794..998b06013b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -141,7 +141,7 @@ External alerts can be pushed to Defender for Endpoint. These alerts are shown s You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs). -Defender for Endpoint allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts. You can also useg prevention and automated response capabilities to block execution and take remediation actions when there's a match. +Defender for Endpoint allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts. You can also use prevention and automated response capabilities to block execution and take remediation actions when there's a match. Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.