deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-9912231

Browse Source
This commit is contained in:
LizRoss 2017-03-16 06:52:23 -07:00
commit acac9633af
7 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
devices/surface/microsoft-surface-data-eraser.md
View File

@ -18,6 +18,9 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
[Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB stick is easy to create by using the provided wizard, the Microsoft Surface Data Eraser wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy). [Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB stick is easy to create by using the provided wizard, the Microsoft Surface Data Eraser wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy).
>[!IMPORTANT]
>Microsoft Surface Data Eraser uses the NVM Express (NVMe) format command to erase data as authorized in [NIST Special Publication 800-88 Revision 1](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf).
Compatible Surface devices include: Compatible Surface devices include:
- Surface Studio - Surface Studio

40
windows/keep-secure/custom-ti-api-windows-defender-advanced-threat-protection.md
View File

@ -1,5 +1,5 @@
--- ---
title: Create custom threat intelligence using REST API in Windows Defender ATP title: Create threat intelligence using REST API in Windows Defender ATP
description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions. description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -54,6 +54,44 @@ For this URL:
**Quotas**</br> **Quotas**</br>
Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage). Each tenant has a defined quota that limits the number of possible alert definitions, IOCs and another quota for IOCs of Action different than “equals” in the system. If you upload data beyond this quota, you'll encounter an HTTP error status code 507 (Insufficient Storage).
## Request an access token from the token issuing endpoint
Windows Defender ATP Threat Intelligence API uses OAuth 2.0. In the context of Windows Defender ATP, the alert definitions are a protected resource. To issue tokens for ad-hoc, non-automatic operations you can use the **Preferences settings** page and click the **Generate Token** button. However, if youd like to create an automated client, you need to use the “Client Credentials Grant” flow. For more information, see the [OAuth 2.0 authorization framework](https://tools.ietf.org/html/rfc6749#section-4.4).
For more information about the authorization flow, see [OAuth 2.0 authorization flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code#oauth-20-authorization-flow).
Make an HTTP POST request to the token issuing endpoint with the following parameters, replacing `<ClientId>`, `<ClientSecret>`, and `<AuthorizationServerUrl>` with your app's client ID, client secret and authorization server URL.
>[!NOTE]
> The authorization server URL is `https://login.windows.net/<AADTenantID>/oauth2/token`. Replace `<AADTenantID>` with your Azure Active Directory tenant ID.
>[!NOTE]
> The `<ClientId>`, `<ClientSecret>`, and the `<AuthorizationServerUrl>` are all provided to you when enabling the custom threat intelligence application. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md).
```
POST <AuthorizationServerUrl> HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<ClientId>
&client_secret=<ClientSecret>
&resource=https://graph.microsoft.com
```
The response will include an access token and expiry information.
```json
{
"token_type": "Bearer",
"expires_in": "3599",
"ext_expires_in": "0",
"expires_on": "1449685363",
"not_before": "1449681463",
"resource": "https://graph.microsoft.com",
"access_token": "<token>"
}
```
## Threat intelligence API metadata ## Threat intelligence API metadata
The metadata document ($metadata) is published at the service root. The metadata document ($metadata) is published at the service root.

6
windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
--- ---
title: Enable the custom threat intelligence application in Windows Defender ATP title: Enable the custom threat intelligence API in Windows Defender ATP
description: Enable the custom threat intelligence application in Windows Defender ATP so that you can create custom threat intelligence using REST API. description: Learn how to setup the custom threat intelligence application in Windows Defender ATP to create custom threat intelligence (TI).
keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10
@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high localizationpriority: high
--- ---
# Enable the custom threat intelligence application # Enable the custom threat intelligence API in Windows Defender ATP
**Applies to:** **Applies to:**

4
windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
View File

@ -65,7 +65,7 @@ Clients that run Windows 10 version 1607 will not show details on the sign-in sc
If the **Privacy** setting is turned on, details will show. If the **Privacy** setting is turned on, details will show.
The **Privacy** setting cannot be changed for clients in bulk. The **Privacy** setting cannot be changed for clients in bulk.
Instead, apply KB 4013429 to clients that run Windows 10 version 1607 so they behave similarly to previous versions of Windows. Instead, apply [KB 4013429](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429) to clients that run Windows 10 version 1607 so they behave similarly to previous versions of Windows.
There are related Group Policy settings: There are related Group Policy settings:
@ -81,7 +81,7 @@ If **Block user from showing account details on sign-in** is enabled, then only
Users will not be able to show details. Users will not be able to show details.
If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** to show additional details such as domain\username. If **Block user from showing account details on sign-in** is not enabled, then you can set **Interactive logon: Display user information when the session is locked** to **User display name, domain and user names** to show additional details such as domain\username.
In this case, clients that run Windows 10 version 1607 need KB 4013429 applied. In this case, clients that run Windows 10 version 1607 need [KB 4013429](http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429) applied.
Users will not be able to hide additional details. Users will not be able to hide additional details.
If **Block user from showing account details on sign-in** is not enabled and **Dont display last signed-in** is enabled, the username will not be shown. If **Block user from showing account details on sign-in** is not enabled and **Dont display last signed-in** is enabled, the username will not be shown.

2
windows/keep-secure/threat-indicator-concepts-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
--- ---
title: Understand threat intelligence concepts in Windows Defender ATP title: Understand threat intelligence concepts in Windows Defender ATP
description: Understand the concepts around threat intelligence in Windows Defender Advanced Threat Protection so that you can effectively create custom intelligence for your organization. description: Create custom threat alerts for your organization and learn the concepts around threat intelligence in Windows Defender Advanced Threat Protection.
keywords: threat intelligence, alert definitions, indicators of compromise, ioc keywords: threat intelligence, alert definitions, indicators of compromise, ioc
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10

2
windows/keep-secure/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md
View File

@ -37,7 +37,7 @@ If your client secret expires or if you've misplaced the copy provided when you
3. Select your tenant. 3. Select your tenant.
4. Click **Application**, then select your custom threat intelligence application. 4. Click **Application**, then select your custom threat intelligence application. The application name is **WindowsDefenderATPThreatIntelAPI** (formerly known as **WindowsDefenderATPCustomerTiConnector**).
5. Select **Keys** section, then provide a key description and specify the key validity duration. 5. Select **Keys** section, then provide a key description and specify the key validity duration.

4
windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
--- ---
title: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts title: Use the custom threat intelligence API to create custom alerts for your organization
description: Use the custom threat intelligence API to create custom alerts for your organization. description: Use the threat intelligence API in Windows Defender Advanced Threat Protection to create custom alerts
keywords: threat intelligence, alert definitions, indicators of compromise keywords: threat intelligence, alert definitions, indicators of compromise
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
ms.prod: w10 ms.prod: w10