deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates on toc, and rbac topics

Browse Source
This commit is contained in:
Joey Caparas
2018-08-23 21:42:56 -07:00
parent 3e0c88dc2e
commit a79750b9d4
5 changed files with 86 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
windows/security/threat-protection/TOC.md
View File

@ -66,10 +66,11 @@
##### [Query data using Advanced hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting reference](windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
###### [Advanced hunting query language best practices](windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
#### [Management and APIs](windows-defender-atp/management-apis.md)
##### [Understand threat intelligence concepts](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
##### [Supported Windows Defender ATP APIs](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md)
######Actor
####### [Get actor information](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md)
@ -244,41 +245,6 @@
#### [Configure Secure score dashboard security controls](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
##### General
###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md)
###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
###### [Enable Secure score security controls](windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md)
###### [Configure advanced features](windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md)
##### Permissions
###### [Use basic permissions to access the portal](windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md)
###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md)
####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md)
##### APIs
###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
#####Rules
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
#####Machine management
###### [Onboarding machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
###### [Offboarding machines](windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md)
##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md)
#### Management and API support
##### [Onboard machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
@ -328,6 +294,36 @@
####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center settings](windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md)
##### General
###### [Update data retention settings](windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md)
###### [Configure alert notifications](windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md)
###### [Enable Secure score security controls](windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md)
###### [Configure advanced features](windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md)
##### Permissions
###### [Use basic permissions to access the portal](windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md)
###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md)
####### [Create and manage roles](windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md)
####### [Create and manage machine groups](windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md)
######## [Create and manage machine tags](windows-defender-atp/machine-tags-windows-defender-advanced-threat-protection.md)
##### APIs
###### [Enable Threat intel](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md)
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
#####Rules
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
#####Machine management
###### [Onboarding machines](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
###### [Offboarding machines](windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md)
##### [Configure Windows Defender Security Center time zone settings](windows-defender-atp/time-settings-windows-defender-advanced-threat-protection.md)
### [Troubleshoot Windows Defender ATP](windows-defender-atp/troubleshoot-wdatp.md)

2
windows/security/threat-protection/index.md
View File

@ -93,7 +93,7 @@ Windows Defender ATP includes a secure score to help you dynamically assess the
**Advanced hunting**<br>
Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization.
- [Custom TI](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md)
- Custom detection
- [Realtime and historical hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md)
<a name="apis"></a>

69
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -64,10 +64,11 @@
#### [Query data using Advanced hunting](advanced-hunting-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting reference](advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
### [Management and APIs](management-apis.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
#### [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md)
#####Actor
###### [Get actor information](get-actor-information-windows-defender-advanced-threat-protection.md)
@ -242,39 +243,6 @@
### Configure Microsoft threat protection integration
#### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md)
### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
#### General
##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
#### Permissions
##### [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md)
###### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
####### [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md)
#### APIs
##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
### Management and API support
#### [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)
@ -324,6 +292,39 @@
####### [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md)
### [Configure Windows Defender Security Center settings](preferences-setup-windows-defender-advanced-threat-protection.md)
#### General
##### [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
##### [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](powerbi-reports-windows-defender-advanced-threat-protection.md)
##### [Enable Secure score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
##### [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
#### Permissions
##### [Use basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)
###### [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md)
###### [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)
####### [Create and manage machine tags](machine-tags-windows-defender-advanced-threat-protection.md)
#### APIs
##### [Enable Threat intel](enable-custom-ti-windows-defender-advanced-threat-protection.md)
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
####Machine management
##### [Onboarding machines](onboard-configure-windows-defender-advanced-threat-protection.md)
##### [Offboarding machines](offboard-machines-windows-defender-advanced-threat-protection.md)
#### [Configure Windows Defender Security Center time zone settings](time-settings-windows-defender-advanced-threat-protection.md)
## [Troubleshoot Windows Defender ATP](troubleshoot-wdatp.md)
###Troubleshoot sensor state

8
windows/security/threat-protection/windows-defender-atp/basic-permissions-windows-defender-advanced-threat-protection.md
View File

@ -44,12 +44,12 @@ You can assign users with one of the following levels of permissions:
**Full access** <br>
Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
Assigning full access rights requires adding the users to the <EFBFBD>Security Administrator<6F> or <EFBFBD>Global Administrator<6F> AAD built-in roles.
Assigning full access rights requires adding the users to the "Security Administrator<6F> or "Global Administrator<6F> AAD built-in roles.
**Read only access** <br>
Users with read only access can log in, view all alerts, and related information.
They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
Assigning read only access rights requires adding the users to the <EFBFBD>Security Reader<65> AAD built-in role.
Assigning read only access rights requires adding the users to the "Security Reader<65> AAD built-in role.
Use the following steps to assign security roles:
@ -59,7 +59,7 @@ Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "s
```
- For **read only** access, assign users to the security reader role by using the following command:
```text
Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress <EFBFBD>reader@Contoso.onmicrosoft.com<6F>
Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress "reader@Contoso.onmicrosoft.com<6F>
```
For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
@ -82,3 +82,5 @@ For more information see, [Manage Azure AD group and role membership](https://te
![Image of Microsoft Azure portal](images/atp-azure-ui-user-access.png)
## Related topic
- [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md)

13
windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
View File

@ -28,7 +28,7 @@ The following steps guide you on how to create roles in Windows Defender Securit
2. Click **Add role**.
3. Enter the role name, description, and permissions you<EFBFBD>d like to assign to the role.
3. Enter the role name, description, and permissions you'd like to assign to the role.
- **Role name**
@ -43,12 +43,16 @@ The following steps guide you on how to create roles in Windows Defender Securit
4. Click **Next** to assign the role to an Azure AD group.
5. Use the filter to select the Azure AD group that you<EFBFBD>d like to add to this role.
5. Use the filter to select the Azure AD group that you'd like to add to this role.
6. Click **Save and close**.
7. Apply the configuration settings.
After creating roles, you'll need to create a machine group and provide access to the machine group by assigning it to a role that you just created.
## Edit roles
1. Select the role you'd like to edit.
@ -64,3 +68,8 @@ The following steps guide you on how to create roles in Windows Defender Securit
1. Select the role you'd like to delete.
2. Click the drop-down button and select **Delete role**.
##Related topic
- [User basic permissions to access the portal](basic-permissions-windows-defender-advanced-threat-protection.md)
- [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md)