diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index f2d59868c4..124078e760 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -4,7 +4,7 @@ ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac ms.reviewer: manager: laurawi ms.author: greglin -description: +description: How to activate using Key Management Service in Windows 10. keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy @@ -45,14 +45,16 @@ Installing a KMS host key on a computer running Windows 10 allows you to activa Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers. To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft’s activation services. -**Configure KMS in Windows 10** +**Configure KMS in Windows 10** -To activate by using the telephone, use the slmgr.vbs script. - -1. Run **slmgr.vbs /dti** and confirm the installation ID. -2. Call [Microsoft Licensing Activation Centers worldwide telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers) and follow the voice prompts to enter the installation ID that you obtained in step 1 on your telephone. -3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation. -4. Run **slmgr.vbs /atp \**. +To activate , use the slmgr.vbs command. Open an elevated command prompt and run one of the following commands: +- To install the KMS key, type `slmgr.vbs /ipk `. +- To activate online, type `slmgr.vbs/ato`. +- To activate by telephone , follow these steps: + 1. Run `slmgr.vbs /dti` and confirm the installation ID. + 2. Call [Microsoft Licensing Activation Centers worldwide telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers) and follow the voice prompts to enter the installation ID that you obtained in step 1 on your telephone. + 3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation. + 4. Run `slmgr.vbs /atp \`. For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032). diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index 9da366720a..6b3110a329 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -25,7 +25,7 @@ ms.topic: article This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. > [!NOTE] -> Microsoft also offers a pre-configured labusing an evaluation version of Configuration Manager. For more information, see [Windows and Office deployment and management lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab). +> Microsoft also offers a pre-configured lab using an evaluation version of Configuration Manager. For more information, see [Windows and Office deployment and management lab kit](/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab). This lab guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index c566c246bf..2a57c47db5 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -1,6 +1,6 @@ --- title: 4706(S) A new trust was created to a domain. (Windows 10) -description: Describes security event 4706(S) A new trust was created to a domain. +description: Describes security event 4706(S) A new trust was created to a domain. This event is generated when a new trust is created for a domain. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index f998718c41..dc7e2f5419 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -1,6 +1,6 @@ --- title: 4707(S) A trust to a domain was removed. (Windows 10) -description: Describes security event 4707(S) A trust to a domain was removed. +description: Describes security event 4707(S) A trust to a domain was removed. This event is generated when a domain trust is removed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index a4809630b7..69c6f2f153 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -1,6 +1,6 @@ --- title: 4713(S) Kerberos policy was changed. (Windows 10) -description: Describes security event 4713(S) Kerberos policy was changed. +description: Describes security event 4713(S) Kerberos policy was changed. This event is generated when Kerberos policy is changed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index 4498dfe0fc..e634cf0bbf 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -1,6 +1,6 @@ --- title: 4719(S) System audit policy was changed. (Windows 10) -description: Describes security event 4719(S) System audit policy was changed. +description: Describes security event 4719(S) System audit policy was changed. This event is generated when the computer audit policy changes. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index fffcee9e09..d18fd86200 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -1,6 +1,6 @@ --- title: 4720(S) A user account was created. (Windows 10) -description: Describes security event 4720(S) A user account was created. +description: Describes security event 4720(S) A user account was created. This event is generated a user object is created. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 2029ba7eae..97a958aba9 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -1,6 +1,6 @@ --- title: 4722(S) A user account was enabled. (Windows 10) -description: Describes security event 4722(S) A user account was enabled. +description: Describes security event 4722(S) A user account was enabled. This event is generated when a user or computer object is enabled. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index e1103b365e..c1bdc4c1f4 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -1,6 +1,6 @@ --- title: 4725(S) A user account was disabled. (Windows 10) -description: Describes security event 4725(S) A user account was disabled. +description: Describes security event 4725(S) A user account was disabled. This event is generated when a user or computer object is disabled. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index 5d48cc9ae6..ae0997e85e 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -1,6 +1,6 @@ --- title: 4726(S) A user account was deleted. (Windows 10) -description: Describes security event 4726(S) A user account was deleted. +description: Describes security event 4726(S) A user account was deleted. This event is generated when a user object is deleted. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index e9761cde7b..3ad4e0bb93 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -1,6 +1,6 @@ --- title: 4738(S) A user account was changed. (Windows 10) -description: Describes security event 4738(S) A user account was changed. +description: Describes security event 4738(S) A user account was changed. This event is generated when a user object is changed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy @@ -32,7 +32,7 @@ This event generates on domain controllers, member servers, and workstations. For each change, a separate 4738 event will be generated. -You might see this event without any changes inside, that is, where all **Changed Attributes** apear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4738 event will generate, but all attributes will be “-“. +You might see this event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4738 event will generate, but all attributes will be “-“. Some changes do not invoke a 4738 event. diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index 9d9732a82c..644aa94187 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -1,6 +1,6 @@ --- title: 4739(S) Domain Policy was changed. (Windows 10) -description: Describes security event 4739(S) Domain Policy was changed. +description: Describes security event 4739(S) Domain Policy was changed. This event is generated when certain changes are made to the local computer security policy. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 95cdfe7ee6..68838caedf 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -1,6 +1,6 @@ --- title: 4740(S) A user account was locked out. (Windows 10) -description: Describes security event 4740(S) A user account was locked out. +description: Describes security event 4740(S) A user account was locked out. This event is generated every time a user account is locked out. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index ddfd079946..22809b4f8f 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -1,6 +1,6 @@ --- title: 4741(S) A computer account was created. (Windows 10) -description: Describes security event 4741(S) A computer account was created. +description: Describes security event 4741(S) A computer account was created. This event is generated every time a computer object is created. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index 94fc78b48f..0d9f50526b 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -1,6 +1,6 @@ --- title: 4742(S) A computer account was changed. (Windows 10) -description: Describes security event 4742(S) A computer account was changed. +description: Describes security event 4742(S) A computer account was changed. This event is generated every time a computer object is changed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy @@ -36,7 +36,7 @@ For each change, a separate 4742 event will be generated. Some changes do not invoke a 4742 event, for example, changes made using Active Directory Users and Computers management console in **Managed By** tab in computer account properties. -You might see this event without any changes inside, that is, where all **Changed Attributes** apear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the **Description** of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4742 event will generate, but all attributes will be “-“. +You might see this event without any changes inside, that is, where all **Changed Attributes** appear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, this would happen if you change the **Description** of a group object using the Active Directory Users and Computers administrative console. Also, if the [discretionary access control list](https://msdn.microsoft.com/library/windows/desktop/aa374872(v=vs.85).aspx) (DACL) is changed, a 4742 event will generate, but all attributes will be “-“. ***Important*:** If you manually change any user-related setting or attribute, for example if you set the SMARTCARD\_REQUIRED flag in **userAccountControl** for the computer account, then the **sAMAccountType** of the computer account will be changed to NORMAL\_USER\_ACCOUNT and you will get “[4738](event-4738.md): A user account was changed” instead of 4742 for this computer account. Essentially, the computer account will “become” a user account. For NORMAL\_USER\_ACCOUNT you will always get events from [Audit User Account Management](audit-user-account-management.md) subcategory. We strongly recommend that you avoid changing any user-related settings manually for computer objects. diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 3fc25787d1..3cc90698fb 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -1,6 +1,6 @@ --- title: 4743(S) A computer account was deleted. (Windows 10) -description: Describes security event 4743(S) A computer account was deleted. +description: Describes security event 4743(S) A computer account was deleted. This event is generated every time a computer object is deleted. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 28f41dff94..86df9d9645 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -1,6 +1,6 @@ --- title: 4764(S) A group's type was changed. (Windows 10) -description: Describes security event 4764(S) A group’s type was changed. +description: "Describes security event 4764(S) A group's type was changed. This event is generated when the type of a group is changed." ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index c5310d9f72..3ea2c4e756 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -1,6 +1,6 @@ --- title: 4765(S) SID History was added to an account. (Windows 10) -description: Describes security event 4765(S) SID History was added to an account. +description: Describes security event 4765(S) SID History was added to an account. This event is generated when SID History is added to an account. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index e5f3f71068..87baefbc54 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -1,6 +1,6 @@ --- title: 4767(S) A user account was unlocked. (Windows 10) -description: Describes security event 4767(S) A user account was unlocked. +description: Describes security event 4767(S) A user account was unlocked. This event is generated every time a user account is unlocked. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index d8e637e093..af44f02711 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -1,6 +1,6 @@ --- title: 4771(F) Kerberos pre-authentication failed. (Windows 10) -description: Describes security event 4771(F) Kerberos pre-authentication failed. +description: Describes security event 4771(F) Kerberos pre-authentication failed. This event is generated when the Key Distribution Center fails to issue a Kerberos TGT. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index df9ff558e3..21a33e20a2 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -1,6 +1,6 @@ --- title: 4774(S, F) An account was mapped for logon. (Windows 10) -description: Describes security event 4774(S, F) An account was mapped for logon. +description: Describes security event 4774(S, F) An account was mapped for logon. This event is generated when an account is mapped for logon. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 042f226a20..a48651e686 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -1,6 +1,6 @@ --- title: 4781(S) The name of an account was changed. (Windows 10) -description: Describes security event 4781(S) The name of an account was changed. +description: Describes security event 4781(S) The name of an account was changed. This event is generated every time a user or computer account name is changed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index e661f5ed3d..b0be9a0f3a 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -1,6 +1,6 @@ --- title: 4800(S) The workstation was locked. (Windows 10) -description: Describes security event 4800(S) The workstation was locked. +description: Describes security event 4800(S) The workstation was locked. This event is generated when a workstation is locked. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 937d79b878..61e2682379 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -1,6 +1,6 @@ --- title: 4801(S) The workstation was unlocked. (Windows 10) -description: Describes security event 4801(S) The workstation was unlocked. +description: Describes security event 4801(S) The workstation was unlocked. This event is generated when workstation is unlocked. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 41f5ba4f6e..a00ead7497 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -1,6 +1,6 @@ --- title: 4802(S) The screen saver was invoked. (Windows 10) -description: Describes security event 4802(S) The screen saver was invoked. +description: Describes security event 4802(S) The screen saver was invoked. This event is generated when screen saver is invoked. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index c50d78d76c..0354849e13 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -1,6 +1,6 @@ --- title: 4803(S) The screen saver was dismissed. (Windows 10) -description: Describes security event 4803(S) The screen saver was dismissed. +description: Describes security event 4803(S) The screen saver was dismissed. This event is generated when screen saver is dismissed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index 4e45693aaa..3729924d93 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -1,6 +1,6 @@ --- title: 4826(S) Boot Configuration Data loaded. (Windows 10) -description: Describes security event 4826(S) Boot Configuration Data loaded. +description: Describes security event 4826(S) Boot Configuration Data loaded. This event is generated every time system starts and loads Boot Configuration Data settings. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index 62ced88fe8..5556b207b5 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -1,6 +1,6 @@ --- title: 4864(S) A namespace collision was detected. (Windows 10) -description: Describes security event 4864(S) A namespace collision was detected. +description: Describes security event 4864(S) A namespace collision was detected. This event is generated when a namespace collision is detected. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 847263668e..7573adb5f7 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -1,6 +1,6 @@ --- title: 4908(S) Special Groups Logon table modified. (Windows 10) -description: Describes security event 4908(S) Special Groups Logon table modified. +description: Describes security event 4908(S) Special Groups Logon table modified. This event is generated when the Special Groups Logon table is modified. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index 4e98d50f44..cf141b9a2d 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -1,6 +1,6 @@ --- title: 4912(S) Per User Audit Policy was changed. (Windows 10) -description: Describes security event 4912(S) Per User Audit Policy was changed. +description: Describes security event 4912(S) Per User Audit Policy was changed. This event is generated every time Per User Audit Policy is changed. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index 18964e5c16..c9e2159bc0 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -1,6 +1,6 @@ --- title: 4935(F) Replication failure begins. (Windows 10) -description: Describes security event 4935(F) Replication failure begins. +description: Describes security event 4935(F) Replication failure begins. This event is generated when Active Directory replication failure begins. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index 214811e890..d9d60e43be 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -1,6 +1,6 @@ --- title: 4936(S) Replication failure ends. (Windows 10) -description: Describes security event 4936(S) Replication failure ends. +description: Describes security event 4936(S) Replication failure ends. This event is generated when Active Directory replication failure ends. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index 43677f0e97..1f6c100b8d 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -1,6 +1,6 @@ --- title: 5039(-) A registry key was virtualized. (Windows 10) -description: Describes security event 5039(-) A registry key was virtualized. +description: Describes security event 5039(-) A registry key was virtualized. This event is generated when a registry key is virtualized using LUAFV. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index adfb677ffd..0bf8362113 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -1,6 +1,6 @@ --- title: 5051(-) A file was virtualized. (Windows 10) -description: Describes security event 5051(-) A file was virtualized. +description: Describes security event 5051(-) A file was virtualized. This event is generated when a file is virtualized using LUAFV. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 508bb9d381..008ecb3292 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -1,6 +1,6 @@ --- title: 5058(S, F) Key file operation. (Windows 10) -description: Describes security event 5058(S, F) Key file operation. +description: Describes security event 5058(S, F) Key file operation. This event is generated when an operation is performed on a file that contains a KSP key. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index e3f73073f3..096fcfe2c9 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -1,6 +1,6 @@ --- title: 5059(S, F) Key migration operation. (Windows 10) -description: Describes security event 5059(S, F) Key migration operation. +description: Describes security event 5059(S, F) Key migration operation. This event is generated when a cryptographic key is exported/imported using a Key Storage Provider. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index bd0414e3ca..96344c475f 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -1,6 +1,6 @@ --- title: 5060(F) Verification operation failed. (Windows 10) -description: Describes security event 5060(F) Verification operation failed. +description: Describes security event 5060(F) Verification operation failed. This event is generated in case of CNG verification operation failure. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 271b5d582b..d283324906 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -1,6 +1,6 @@ --- title: 5061(S, F) Cryptographic operation. (Windows 10) -description: Describes security event 5061(S, F) Cryptographic operation. +description: Describes security event 5061(S, F) Cryptographic operation. This event is generated when a cryptographic operation is performed using a Key Storage Provider. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index 727a8f8576..fdb2fe2741 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -1,6 +1,6 @@ --- title: 5142(S) A network share object was added. (Windows 10) -description: Describes security event 5142(S) A network share object was added. +description: Describes security event 5142(S) A network share object was added. This event is generated when a network share object is added. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index 7fd678a12b..a62699a745 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -1,6 +1,6 @@ --- title: 5143(S) A network share object was modified. (Windows 10) -description: Describes security event 5143(S) A network share object was modified. +description: Describes security event 5143(S) A network share object was modified. This event is generated when a network share object is modified. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index c0cff03c22..581c19e3c9 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -1,6 +1,6 @@ --- title: 5144(S) A network share object was deleted. (Windows 10) -description: Describes security event 5144(S) A network share object was deleted. +description: Describes security event 5144(S) A network share object was deleted. This event is generated when a network share object is deleted. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 9889690df3..fcc35ba385 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -1,6 +1,6 @@ --- title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10) -description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. +description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. This event is generated when an SMB SPN check fails. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 396bf6af15..ca5e8e02d6 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -1,6 +1,6 @@ --- title: 6407(-) 1%. (Windows 10) -description: Describes security event 6407(-) 1%. +description: Describes security event 6407(-) 1%. This is a BranchCache event, which is outside the scope of this document. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index 37b3ec6aaf..2ede6f7fce 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -1,6 +1,6 @@ --- title: 6420(S) A device was disabled. (Windows 10) -description: Describes security event 6420(S) A device was disabled. +description: Describes security event 6420(S) A device was disabled. This event is generated when a specific device is disabled. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 5c4de3d822..606f0228a6 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -1,6 +1,6 @@ --- title: 6422(S) A device was enabled. (Windows 10) -description: Describes security event 6422(S) A device was enabled. +description: Describes security event 6422(S) A device was enabled. This event is generated when a specific device is enabled. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index 5a7b38d9c1..42a1f36edd 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -1,6 +1,6 @@ --- title: Other Events (Windows 10) -description: Describes the Other Events auditing subcategory. +description: Describes the Other Events auditing subcategory, which includes events that are generated automatically and enabled by default. ms.pagetype: security ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/device-guard/memory-integrity.md b/windows/security/threat-protection/device-guard/memory-integrity.md index 5e2defcf75..3ebdf7bf95 100644 --- a/windows/security/threat-protection/device-guard/memory-integrity.md +++ b/windows/security/threat-protection/device-guard/memory-integrity.md @@ -1,7 +1,7 @@ --- title: Memory integrity keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet -description: Memory integrity. +description: Learn about memory integrity, a feature of Windows that ensures code running in the Windows kernel is securely designed and trustworthy. search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 7e2cc61fe3..279b1a69a3 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -1,6 +1,6 @@ --- title: Threat Protection (Windows 10) -description: Learn how Microsoft Defender ATP helps protect against threats. +description: Microsoft Defender Advanced Threat Protection is a unified platform for preventative protection, post-breach detection, automated investigation, and response. keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next-generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, Microsoft Secure Score for Devices, advanced hunting, cyber threat hunting, web threat protection search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/intelligence/index.md b/windows/security/threat-protection/intelligence/index.md index a8950a6977..1814307aac 100644 --- a/windows/security/threat-protection/intelligence/index.md +++ b/windows/security/threat-protection/intelligence/index.md @@ -1,6 +1,6 @@ --- title: Security intelligence -description: Safety tips about malware and how you can protect your organization +description: Learn about different types of malware, safety tips on how you can protect your organization, and resources for industry collaboration programs. keywords: security, malware ms.prod: w10 ms.mktglfcycl: secure diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md index 945265b8a3..db3e3a162e 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-notifications-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure Microsoft Defender Antivirus notifications -description: Configure and customize Microsoft Defender Antivirus notifications. +description: Learn how to configure and customize both standard and additional Microsoft Defender Antivirus notifications on endpoints. keywords: notifications, defender, antivirus, endpoint, management, admin search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md index a5087f74b0..a4a959b83d 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-on-windows-server-2016.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender Antivirus on Windows Server 2016 and 2019 -description: Enable and configure Microsoft Defender AV on Windows Server 2016 and 2019 +description: Learn how to enable and configure Microsoft Defender Antivirus on Windows Server 2016 and Windows Server 2019. keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012 search.product: eADQiWindows 10XVcnh ms.pagetype: security diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md index 58572c3d52..97fb2041b9 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure Microsoft Defender Antivirus with Group Policy -description: Configure Microsoft Defender Antivirus settings with Group Policy +description: Learn how to use a Group Policy to configure and manage Microsoft Defender Antivirus on your endpoints in Microsoft Defender ATP. keywords: group policy, GPO, configuration, settings search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md index 49f9134d53..5247002bbc 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/use-wmi-microsoft-defender-antivirus.md @@ -1,6 +1,6 @@ --- title: Configure Microsoft Defender Antivirus with WMI -description: Use WMI scripts to configure Microsoft Defender AV. +description: Learn how to configure and manage Microsoft Defender Antivirus by using WMI scripts to retrieve, modify, and update settings in Microsoft Defender ATP. keywords: wmi, scripts, windows management instrumentation, configuration search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md index 07fcff8c6f..85b5514ca3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md +++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md @@ -1,6 +1,6 @@ --- title: Add or Remove Machine Tags API -description: Use this API to Add or Remove machine tags. +description: Learn how to use the Add or Remove machine tags API to adds or remove a tag for a machine in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, tags, machine tags search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md index 59a850ea64..b1d61e1bd0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md @@ -1,6 +1,6 @@ --- title: Advanced hunting schema reference -description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on +description: Learn about the tables in the advanced hunting schema to understand the data you can run threat hunting queries on. keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp search, query, telemetry, schema reference, kusto, table, data search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index 820026e626..34ba31d9cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -1,6 +1,6 @@ --- title: Get alerts API -description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts. +description: Learn about the methods and properties of the Alert resource type in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md index d08c4e2bba..fc2674e848 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md @@ -1,6 +1,6 @@ --- title: Create alert from event API -description: Creates an alert using event details +description: Learn how to use the Create alert API to create a new Alert on top of Event in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, alert, information, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md index 1c03a39e93..068f605c89 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md @@ -1,6 +1,6 @@ --- title: Delete Indicator API. -description: Deletes Indicator entity by ID. +description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender Advanced Threat Protection. keywords: apis, public api, supported apis, delete, ti indicator, entity, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md index e737eb44d7..46db1622a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md @@ -1,6 +1,6 @@ --- title: Turning on network protection -description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager +description: Enable Network protection with Group Policy, PowerShell, or Mobile Device Management and Configuration Manager. keywords: ANetwork protection, exploits, malicious website, ip, domain, domains, enable, turn on search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md index e4ecad3ffa..00887c1ccb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-info-by-id.md @@ -1,6 +1,6 @@ --- title: Get alert information by ID API -description: Retrieve a Microsoft Defender ATP alert by its ID. +description: Learn how to use the Get alert information by ID API to retrieve a specific alert by its ID in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, alert, information, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md index 982e2a2585..e5d037ad94 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alert-related-user-info.md @@ -1,6 +1,6 @@ --- title: Get alert related user information -description: Retrieves the user associated to a specific alert. +description: Learn how to use the Get alert related user information API to retrieve the user related to a specific alert in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, alert, information, related, user search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index f13f6270fd..16e865448e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -1,6 +1,6 @@ --- title: List alerts API -description: Retrieve a collection of recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts. +description: Learn how to use the List alerts API to retrieve a collection of alerts in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md index 4207a4cc3b..1bb48a3550 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-cvekbmap-collection.md @@ -1,6 +1,6 @@ --- title: Get CVE-KB map API -description: Retrieves a map of CVE's to KB's. +description: Learn how to use the Get CVE-KB map API to retrieve a map of CVE's to KB's and CVE details in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, cve, kb search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md index 0aa06444da..d3a4e5bc56 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-alerts.md @@ -1,6 +1,6 @@ --- title: Get domain related alerts API -description: Retrieves a collection of alerts related to a given domain address. +description: Learn how to use the Get domain related alerts API to retrieve alerts related to a given domain address in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, domain, related, alerts search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md index 6b4dee50f5..da65275c62 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-related-machines.md @@ -1,6 +1,6 @@ --- title: Get domain related machines API -description: Retrieves a collection of devices related to a given domain address. +description: Learn how to use the Get domain related machines API to get machines that communicated to or from a domain in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, domain, related, devices search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md index 4cab7c52be..2da9aa6675 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-domain-statistics.md @@ -1,6 +1,6 @@ --- title: Get domain statistics API -description: Retrieves the prevalence for the given domain. +description: Learn how to use the Get domain statistics API to retrieve the statistics on the given domain in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, domain, domain related devices search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md index db2c9f018f..12b129b43f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-information.md @@ -1,6 +1,6 @@ --- title: Get file information API -description: Retrieves a file by identifier Sha1, Sha256, or MD5. +description: Learn how to use the Get file information API to get a file by Sha1, Sha256, or MD5 identifier in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5 search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md index 5ea61a7554..446e50982d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-alerts.md @@ -1,6 +1,6 @@ --- title: Get file related alerts API -description: Retrieves a collection of alerts related to a given file hash. +description: Learn how to use the Get file related alerts API to get a collection of alerts related to a given file hash in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, file, hash search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md index 480f952df9..029c7fc1d5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-related-machines.md @@ -1,6 +1,6 @@ --- title: Get file related machines API -description: Retrieves a collection of devices related to a given file hash. +description: Learn how to use the Get file related machines API to get a collection of machines related to a file hash in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, devices, hash search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md index b6abc23c5f..6f35b59012 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-file-statistics.md @@ -1,6 +1,6 @@ --- title: Get file statistics API -description: Retrieves the prevalence for the given file. +description: Learn how to use the Get file statistics API to retrieve the statistics for the given file in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, file, statistics search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md index 91b44caf50..832b6cd185 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-by-id.md @@ -1,6 +1,6 @@ --- title: Get machine by ID API -description: Retrieves a device entity by ID. +description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, devices, entity, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md index fc56069b04..9856c6c603 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-log-on-users.md @@ -1,6 +1,6 @@ --- title: Get machine log on users API -description: Retrieve a collection of logged on users on a specific device using Microsoft Defender ATP APIs. +description: Learn how to use the Get machine log on users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, device, log on, users search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md index e8fb105671..2aa5a05832 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-related-alerts.md @@ -1,6 +1,6 @@ --- title: Get machine related alerts API -description: Retrieves a collection of alerts related to a given device ID. +description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, devices, related, alerts search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md index dbcaf5b6fb..abd2981676 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineaction-object.md @@ -1,6 +1,6 @@ --- title: Get MachineAction object API -description: Use this API to create calls related to get machineaction object +description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, machineaction object search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md index 08f5fff7d0..c8a2ee671c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machineactions-collection.md @@ -1,6 +1,6 @@ --- title: List machineActions API -description: Use the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) API to create calls related to get machineactions collection. +description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, machineaction collection search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md index 8dca334083..b3de168061 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinegroups-collection.md @@ -1,6 +1,6 @@ --- title: Get RBAC machine groups collection API -description: Retrieves a collection of RBAC device groups. +description: Learn how to use the Get KB collection API to retrieve a collection of RBAC device groups in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, RBAC, group search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md index 93303b75fa..5c24fe2ff9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md @@ -1,6 +1,6 @@ --- title: List machines API -description: Retrieves a collection of recently seen devices. +description: Learn how to use the List machines API to retrieve a collection of machines that have communicated with Microsoft Defender ATP cloud. keywords: apis, graph api, supported apis, get, devices search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md index 5fed8ccf11..9c22b88199 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machinesecuritystates-collection.md @@ -1,6 +1,6 @@ --- title: Get machines security states collection API -description: Retrieve a collection of device security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP. +description: Retrieve a collection of device security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). keywords: apis, graph api, supported apis, get, device, security, state search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md index 7ac3ed480b..88927d6912 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-ti-indicators-collection.md @@ -1,6 +1,6 @@ --- title: List Indicators API -description: Use this API to create calls related to get Indicators collection +description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender Advanced Threat Protection. keywords: apis, public api, supported apis, Indicators collection search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md index 026cdb7ca3..a5efe702fe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-information.md @@ -1,6 +1,6 @@ --- title: Get user information API -description: Retrieve a User entity by key such as user name or domain. +description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, user, user information search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md index e55f0b9188..7116b8080d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-user-related-machines.md @@ -1,6 +1,6 @@ --- title: Get user related machines API -description: Retrieves a collection of devices related to a given user ID. +description: Learn how to use the Get user related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, get, user, user related alerts search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png new file mode 100644 index 0000000000..8106b9e665 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-analyst-report.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-mitigations.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-mitigations.png new file mode 100644 index 0000000000..4aea3eea5a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-mitigations.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta-overview.png new file mode 100644 index 0000000000..e246a0d3da Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ta-overview.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ta.png b/windows/security/threat-protection/microsoft-defender-atp/images/ta.png deleted file mode 100644 index 42a386d71f..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/ta.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png b/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png deleted file mode 100644 index 374a1e58b2..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/threat-analytics-report.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md index 4bace3c6df..424ed0cb61 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-behind-proxy.md @@ -1,6 +1,6 @@ --- title: Investigate connection events that occur behind forward proxies -description: Investigate connection events that occur behind forward proxies +description: Learn how to use advanced HTTP level monitoring through network protection in Microsoft Defender ATP, which surfaces a real target, instead of a proxy. keywords: proxy, network protection, forward proxy, network events, audit, block, domain names, domain search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md index ca9dbdfdd3..a74c4a0187 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/isolate-machine.md @@ -1,6 +1,6 @@ --- title: Isolate machine API -description: Use this API to create calls related isolating a device. +description: Learn how to use the Isolate machine API to isolate a device from accessing external network in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, isolate device search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -84,13 +84,13 @@ Here is an example of the request. [!include[Improve request performance](../../includes/improve-request-performance.md)] -``` +```console POST https://api.securitycenter.windows.com/api/machines/1e5bc9d7e413ddd7902c2932e418702b84d0cc07/isolate Content-type: application/json { "Comment": "Isolate machine due to alert 1234", “IsolationType”: “Full” } - +``` - To unisolate a device, see [Release device from isolation](unisolate-machine.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index da1f94c851..efdb013295 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -1,6 +1,6 @@ --- title: JAMF-based deployment for Microsoft Defender ATP for Mac -description: Install Microsoft Defender ATP for Mac, using JAMF. +description: Learn about all the steps needed to deploy Microsoft Defender Advanced Threat Protection for Mac through JAMF. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index b236965be2..ce8693466d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -1,6 +1,6 @@ --- title: What's new in Microsoft Defender Advanced Threat Protection for Mac -description: List of major changes for Microsoft Defender ATP for Mac. +description: Learn about the major changes for previous versions of Microsoft Defender Advanced Threat Protection for Mac. keywords: microsoft, defender, atp, mac, installation, macos, whatsnew search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 92e5b76fd8..e0c0e5b9b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -1,6 +1,6 @@ --- title: Machine resource type -description: Retrieves top machines +description: Learn about the methods and properties of the Machine resource type in Microsoft Defender Advanced Threat Protection. keywords: apis, supported apis, get, machines search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md index 930d43341f..be98dcc681 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machineaction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machineaction.md @@ -1,6 +1,6 @@ --- title: machineAction resource type -description: Quickly respond to detected attacks by isolating machines or collecting an investigation package. +description: Learn about the methods and properties of the MachineAction resource type in Microsoft Defender Advanced Threat Protection. keywords: apis, supported apis, get, machineaction, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md index 04bb26271d..6b4210212e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-suppression-rules.md @@ -1,6 +1,6 @@ --- title: Manage Microsoft Defender Advanced Threat Protection suppression rules -description: Manage suppression rules +description: You might need to prevent alerts from appearing in the portal by using suppression rules. Learn how to manage your suppression rules in Microsoft Defender ATP. keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 62d68dcdee..bfad87ca3d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -1,7 +1,7 @@ --- title: Microsoft Defender ATP for Mac ms.reviewer: -description: Describes how to install and use Microsoft Defender ATP for Mac. +description: Learn how to install, configure, update, and use Microsoft Defender Advanced Threat Protection for Mac. keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index 5e1fd0cad0..63ca10ace1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -1,6 +1,6 @@ --- title: Submit or Update Indicator API -description: Use this API to submit or Update Indicator. +description: Learn how to use the Submit or Update Indicator API to submit or update a new Indicator entity in Microsoft Defender Advanced Threat Protection. keywords: apis, graph api, supported apis, submit, ti, indicator, update search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md index 00040ec11f..2625952949 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting API ms.reviewer: -description: Use the Advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection +description: Learn to use the advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection. Find out about limitations and see an example. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md index deacdfd079..9163a45a52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md +++ b/windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md @@ -1,7 +1,7 @@ --- title: Advanced Hunting with Python API Guide ms.reviewer: -description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using Python. +description: Learn how to query using the Microsoft Defender Advanced Threat Protection API, by using Python, with examples. keywords: apis, supported apis, advanced hunting, query search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md index 2bdc3f389c..1a065cce0b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/stop-and-quarantine-file.md @@ -1,6 +1,6 @@ --- title: Stop and quarantine file API -description: Use this API to stop and quarantine file. +description: Learn how to stop running a file on a device and delete the file in Microsoft Defender Advanced Threat Protection. See an example. keywords: apis, graph api, supported apis, stop and quarantine file search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md index 421805849d..7612d8d24a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-analytics.md @@ -22,49 +22,84 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to quickly assess their security posture, covering the impact of emerging threats and their organizational resilience. +With more sophisticated adversaries and new threats emerging frequently and prevalently, it's critical to be able to quickly: -Threat analytics is a set of reports published by Microsoft security researchers as soon as emerging threats and outbreaks are identified. The reports help you assess the impact of threats to your environment and identify actions that can contain them. +- Assess the impact of new threats +- Review your resilience against or exposure to the threats +- Identify the actions you can take to stop or contain the threats -Watch this short video to quickly understand how threat analytics can help you track the latest threats and stop them. +Threat analytics is a set of reports from expert Microsoft security researchers covering the most relevant threats, including: + +- Active threat actors and their campaigns +- Popular and new attack techniques +- Critical vulnerabilities +- Common attack surfaces +- Prevalent malware + +Each report provides a detailed analysis of a threat and extensive guidance on how to defend against the threat. It also incorporates data from your network, indicating whether the threat is active and if you have applicable security updates and recommended settings in place. + +Watch this short video to learn more about how threat analytics can help you track the latest threats and stop them.

> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4bw1f] ## View the threat analytics dashboard -The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It provides several overviews about the threats covered in the reports: +The threat analytics dashboard is a great jump off point for getting to the reports that are most relevant to your organization. It summarizes the threats in the following sections: -- **Latest threats** — lists the most recently published threat reports, along with the number of devices with resolved and unresolved alerts. -- **High-impact threats** — lists the threats that have had the highest impact on the organization in terms of the number of devices that have had related alerts, along with the number of devices with resolved and unresolved alerts. -- **Threat summary** — shows the number of threats among the threats reported in threat analytics with actual alerts. +- **Latest threats**—lists the most recently published threat reports, along with the number of devices with active and resolved alerts. +- **High-impact threats**—lists the threats that have had the highest impact to the organization. This section ranks threats by the number of devices that have active alerts. +- **Threat summary**—shows the overall impact of all the threats reported in threat analytics by showing the number of threats with active and resolved alerts. + +Select a threat from the dashboard to view the report for that threat. ![Image of a threat analytics dashboard](images/ta_dashboard.png) -Select a threat from any of the overviews or from the table to view the report for that threat. - ## View a threat analytics report -Each threat report generally provides an overview of the threat and an analysis of the techniques and tools used by the threat. It also provides mitigation recommendations and detection information. It includes several cards that show dynamic data about how your organization is impacted by the threat and how prepared it is to stop the threat. +Each threat analytics report provides information in three sections: **Overview**, **Analyst report**, and **Mitigations**. -![Image of a threat analytics report](images/ta.png) +### Quickly understand a threat and assess its impact to your network in the overview -### Organizational impact -Each report includes cards designed to provide information about the organizational impact of a threat: -- **Devices with alerts** — shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved. -- **Devices with alerts over time** — shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days. +The **Overview** section provides a preview of the detailed analyst report. It also provides charts that highlight the impact of the threat to your organization and your exposure through misconfigured and unpatched devices. -### Organizational resilience -Each report also includes cards that provide an overview of how resilient your organization can be against a given threat: -- **Security configuration status** — shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings. -- **Vulnerability patching status** — shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat. -- **Mitigation details** — lists specific actionable recommendations that can help you increase your organizational resilience. This card lists tracked mitigations, including recommended settings and vulnerability patches, along with the number of devices that don't have the mitigations in place. +![Image of the overview section of a threat analytics report](images/ta-overview.png) +_Overview section of a threat analytics report_ -### Additional report details and limitations +#### Organizational impact +Each report includes charts designed to provide information about the organizational impact of a threat: +- **Devices with alerts**—shows the current number of distinct devices that have been impacted by the threat. A device is categorized as **Active** if there is at least one alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the device have been resolved. +- **Devices with alerts over time**—shows the number of distinct devices with **Active** and **Resolved** alerts over time. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts resolved within a few days. + +#### Organizational resilience and exposure +Each report includes charts that provide an overview of how resilient your organization is against a given threat: +- **Security configuration status**—shows the number of devices that have applied the recommended security settings that can help mitigate the threat. Devices are considered **Secure** if they have applied _all_ the tracked settings. +- **Vulnerability patching status**—shows the number of devices that have applied security updates or patches that address vulnerabilities exploited by the threat. + +### Get expert insight from the analyst report +Go to the **Analyst report** section to read through the detailed expert write-up. Most reports provide detailed descriptions of attack chains, including tactics and techniques mapped to the MITRE ATT&CK framework, exhaustive lists of recommendations, and powerful [threat hunting](advanced-hunting-overview.md) guidance. + +![Image of the analyst report section of a threat analytics report](images/ta-analyst-report.png) +_Analyst report section of a threat analytics report_ + +### Review list of mitigations and the status of your devices +In the **Mitigations** section, review the list of specific actionable recommendations that can help you increase your organizational resilience against the threat. The list of tracked mitigations includes recommended settings and vulnerability patches. It also shows the number of devices that don't have these mitigations in place. + +Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report. + +![Image of the mitigations section of a threat analytics report](images/ta-mitigations.png) +_Mitigations section of a threat analytics report_ + + +## Additional report details and limitations When using the reports, keep the following in mind: -- Data is scoped based on your RBAC permissions. You will only see the status of devices that you have been granted access to on the RBAC. -- Charts reflect only mitigations that are tracked. Check the report overview for additional mitigations that are not reflected in the charts. +- Data is scoped based on your role-based access control (RBAC) scope. You will see the status of devices in [groups that you can access](machine-groups.md). +- Charts reflect only mitigations that are tracked. Check the report overview for additional mitigations that are not shown in the charts. - Mitigations don't guarantee complete resilience. The provided mitigations reflect the best possible actions needed to improve resiliency. -- Devices are counted as "unavailable" if they have been unable to transmit data to the service. -- Antivirus related statistics are based on Microsoft Defender Antivirus settings. Devices with third-party antivirus solutions can appear as "exposed". +- Devices are counted as "unavailable" if they have not transmitted data to the service. +- Antivirus-related statistics are based on Microsoft Defender Antivirus settings. Devices with third-party antivirus solutions can appear as "exposed". + +## Related topics +- [Proactively find threats with advanced hunting](advanced-hunting-overview.md) +- [Assess and resolve security weaknesses and exposures](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md index 47a3571c4e..7df606ba66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration.md @@ -1,7 +1,7 @@ --- title: Integrate Microsoft Defender ATP with other Microsoft solutions ms.reviewer: -description: Learn how Microsoft Defender ATP integrations with other Microsoft solutions +description: Learn how Microsoft Defender ATP integrates with other Microsoft solutions, including Azure Advanced Threat Protection and Azure Security Center. keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md index 86607dd332..24dcaab4dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations.md @@ -1,7 +1,7 @@ --- title: Troubleshoot exploit protection mitigations keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install -description: Remove unwanted Exploit protection mitigations. +description: Learn how to deal with unwanted mitigations in Windows Security, including a process to remove all mitigations and import a baseline configuration file instead. search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md index 38a2c6d170..6a1a315729 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/update-alert.md +++ b/windows/security/threat-protection/microsoft-defender-atp/update-alert.md @@ -1,6 +1,6 @@ --- title: Update alert entity API -description: Update a Microsoft Defender ATP alert via this API. +description: Learn how to update a Microsoft Defender ATP alert by using this API. You can update the status, determination, classification, and assignedTo properties. keywords: apis, graph api, supported apis, get, alert, information, id search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md index 9bae1e6575..b39153d62c 100644 --- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender SmartScreen overview (Windows 10) -description: Conceptual info about Microsoft Defender SmartScreen. +description: Learn how Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen ms.prod: w10 ms.mktglfcycl: explore diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md index 2f56b9e1e8..3e7f0169c7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -1,6 +1,6 @@ --- title: Maintain AppLocker policies (Windows 10) -description: This topic describes how to maintain rules within AppLocker policies. +description: Learn how to maintain rules within AppLocker policies. View common AppLocker maintenance scenarios and see the methods to use to maintain AppLocker policies. ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md index b1e6b39844..9b387d559d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md @@ -1,6 +1,6 @@ --- title: Disable Windows Defender Application Control policies (Windows 10) -description: This topic covers how to disable unsigned or signed WDAC policies. +description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md index 9c6d253b10..61a59f78bf 100644 --- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md @@ -1,6 +1,6 @@ --- title: Plan for WDAC policy management (Windows 10) -description: How to plan for Windows Defender Application Control (WDAC) policy management. +description: Learn about the decisions you need to make to establish the processes for managing and maintaining Windows Defender Application Control policies. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index e14032719c..134df74024 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -1,6 +1,6 @@ --- title: Understand WDAC policy rules and file rules (Windows 10) -description: Windows Defender Application Control (WDAC) provides control over a computer running Windows 10 by using policies that specify whether a driver or application is trusted and can be run. A policy includes *policy rules* that control options. +description: Learn how Windows Defender Application Control provides control over a computer running Windows 10 by using policies that include policy rules and file rules. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md index 47bf414bc9..4886c28f4d 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-family-options.md @@ -1,6 +1,6 @@ --- title: Family options in the Windows Security app -description: Hide the Family options section in enterprise environments +description: Learn how to hide the Family options section of Windows Security for enterprise environments. Family options are not intended for business environments. keywords: wdsc, family options, hide, suppress, remove, disable, uninstall, kids, parents, safety, parental, child, screen time search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md index 6be93c64cb..b22eec75f4 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md @@ -1,6 +1,6 @@ --- title: Manage Windows Security in Windows 10 in S mode -description: Windows Security settings are different in Windows 10 in S mode +description: Learn how to manage Windows Security settings in Windows 10 in S mode. Windows 10 in S mode is streamlined for tighter security and superior performance. keywords: windows 10 in s mode, windows 10 s, windows 10 s mode, wdav, smartscreen, antivirus, wdsc, firewall, device health, performance, Edge, browser, family, parental options, security, windows search.product: eADQiWindows 10XVcnh ms.prod: w10