From b16afe7e9af0d3178b47fc1011541ea1c17f31b4 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 13 Jan 2020 15:55:49 -0800 Subject: [PATCH] update files and toc --- windows/security/threat-protection/TOC.md | 9 +++-- .../overview-attack-surface-reduction.md | 3 +- .../web-content-filtering.md | 4 +- .../web-protection-overview.md | 40 ++++++++++--------- .../web-threat-protection.md | 37 +++++++++++++++++ 5 files changed, 66 insertions(+), 27 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7e2204a44a..47154f79e0 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -32,10 +32,11 @@ #### [Exploit protection](microsoft-defender-atp/exploit-protection.md) #### [Network protection](microsoft-defender-atp/network-protection.md) -#### [Web protection]() -##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md) -##### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md) -##### [Respond to web threats](microsoft-defender-atp/web-protection-response.md) +#### [Web protection](microsoft-defender-atp/web-protection-overview.md) +##### [Web threat protection](web-threat-protection.md) +###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md) +###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md) +##### [Web content filtering](web-content-filtering.md) #### [Controlled folder access](microsoft-defender-atp/controlled-folders.md) #### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index f67f450978..1247c43078 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -31,7 +31,8 @@ Reduce your attack surfaces by minimizing the places where your organization is |[Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protect and maintain the integrity of a system as it starts and while it's running. Validate system integrity through local and remote attestation. And, use container isolation for Microsoft Edge to help guard against malicious websites. | |[Application control](../windows-defender-application-control/windows-defender-application-control.md) | Use application control so that your applications must earn trust in order to run. | |[Exploit protection](./exploit-protection.md) |Help protect operating systems and apps your organization uses from being exploited. Exploit protection also works with third-party antivirus solutions. | -|[Network protection](./network-protection.md) |Extend protection to your network traffic and connectivity on your organization's devices. (Requires Windows Defender Antivirus) | +|[Network protection](./network-protection.md) |Extend protection to your network traffic and connectivity on your organization's devices. (Requires Windows Defender Antivirus) | +|[Web protection](./web-protection-overview.md) |Secure your machines against web threats and help you regulate unwanted content. |[Controlled folder access](./controlled-folders.md) | Help prevent malicious or suspicious apps (including file-encrypting ransomware malware) from making changes to files in your key system folders (Requires Windows Defender Antivirus) | |[Attack surface reduction](./attack-surface-reduction.md) |Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware. (Requires Windows Defender Antivirus) | |[Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) |Prevent unauthorized traffic from flowing to or from your organization's devices with two-way network traffic filtering. | diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md index 23afa588ed..181eb6c2a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-content-filtering.md @@ -24,7 +24,7 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) -Web content filtering enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. +Web content filtering is part of [Web protection](web-protection-overview.md) in Microsoft Defender ATP. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic due to compliance regulations, bandwidth usage, or other concerns. You can configure policies across your machine groups to block certain categories, effectively preventing users within specified machine groups from accessing URLs within that category. If a category is not blocked, all your users will be able to access the URLs without disruption. However, web content filtering will continue to gather access statistics that you can use to understand web usage and inform future policy decisions. @@ -117,8 +117,6 @@ To add a new policy: Select **Reports > Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering. -![Image of all web protection cards](images/web-protection.png) - ### Web activity by category This card lists the parent web content categories with the largest percentage change in the number of access attempts, whether they have increased or decreased. You can use this card to understand drastic changes in web activity patterns in your organization from last 30 days, 3 months, or 6 months. Select a category name to view more information about that particular category. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md index 37f62a101c..fa838cc1dc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview.md @@ -1,5 +1,5 @@ --- -title: Overview of web protection in Microsoft Defender ATP +title: Web protection description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser search.product: eADQiWindows 10XVcnh @@ -8,43 +8,45 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: lomayor -author: lomayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 08/30/2019 --- -# Protect your organization against web threats +# Web protection >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) -Web protection in Microsoft Defender ATP uses [network protection](network-protection.md) to secure your machines against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web protection stops web threats without a web proxy and can protect machines while they are away or on premises. Web protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md). +Web protection in Microsoft Defender ATP lets you secure your machines against web threats and help you regulate unwanted content. You can find it in the Microsoft Defender Security Center by going to **Reports > Web protection**. ->[!Note] ->It can take up to an hour for machines to receive new customer indicators. +![Image of all web protection cards](images/web-protection.png) -With web protection, you also get: +The cards are generally split into two categories: [web threat protection](web-threat-protection.md) and [web content filtering](web-content-filtering.md). + +## Web threat protection + +The cards that make up web threat protection are "Web threat detections over time," "Web threat summary," and Web activity summary." + +Web threat protection includes: - Comprehensive visibility into web threats affecting your organization - Investigation capabilities over web-related threat activity through alerts and comprehensive profiles of URLs and the machines that access these URLs - A full set of security features that track general access trends to malicious and unwanted websites -## Prerequisites -Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers. +## Web content filtering -To turn on network protection on your machines: -- Edit the Microsoft Defender ATP security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-atp-security-baseline) -- Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md) - ->[!Note] ->If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only. +The cards that make up web content filtering are "Web activity by category" and "Web content filtering summary." +Web content filtering includes: +- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away +- You can conveniently deploy varied policies to various sets of users using the machine groups defined in the [Microsoft Defender ATP role-based access control settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/rbac) +- You can access web reports in the same central location, with visibility over actual blocks and web usage ## In this section Topic | Description :---|:--- -[Monitor web security](web-protection-monitoring.md) | Monitor attempts to access malicious and unwanted websites. -[Respond to web threats](web-protection-response.md) | Investigate and manage alerts related to malicious and unwanted websites. Understand how end users are notified whenever a web threat is blocked. +[Web threat protection](web-threat-protection.md) | Stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked. +[Web content filtering](web-content-filtering.md) | Track and regulate access to websites based on their content categories. diff --git a/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md new file mode 100644 index 0000000000..8bf7647688 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/web-threat-protection.md @@ -0,0 +1,37 @@ +--- +title: Protect your organization against web threats +description: Learn about web protection in Microsoft Defender ATP and how it can protect your organization +keywords: web protection, web threat protection, web browsing, security, phishing, malware, exploit, websites, network protection, Edge, Internet Explorer, Chrome, Firefox, web browser +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: ellevin +author: levinec +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Protect your organization against web threats + +>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-main-abovefoldlink&rtc=1) + +Web threat protection is part of [Web protection](web-protection-overview.md) in Microsoft Defender ATP. It uses [network protection](network-protection.md) to secure your machines against web threats. By integrating with Microsoft Edge and popular third-party browsers like Chrome and Firefox, web threat protection stops web threats without a web proxy and can protect machines while they are away or on premises. Web threat protection stops access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked in your [custom indicator list](manage-indicators.md). + +>[!Note] +>It can take up to an hour for machines to receive new customer indicators. + +## Prerequisites +Web protection uses network protection to provide web browsing security on Microsoft Edge and third-party web browsers. + +To turn on network protection on your machines: +- Edit the Microsoft Defender ATP security baseline under **Web & Network Protection** to enable network protection before deploying or redeploying it. [Learn about reviewing and assigning the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md#review-and-assign-the-microsoft-defender-atp-security-baseline) +- Turn network protection on using Intune device configuration, SCCM, Group Policy, or your MDM solution. [Read more about enabling network protection](enable-network-protection.md) + +>[!Note] +>If you set network protection to **Audit only**, blocking will be unavailable. Also, you will be able to detect and log attempts to access malicious and unwanted websites on Microsoft Edge only. \ No newline at end of file