mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge pull request #4824 from MicrosoftDocs/file-prevalence
add file prevalence and rebrand
This commit is contained in:
Gary Moore
GitHub
commit
b1f47a8e30
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Add or Remove Machine Tags API
|
||||
description: Learn how to use the Add or Remove machine tags API to adds or remove a tag for a machine in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Add or Remove machine tags API to adds or remove a tag for a machine in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, tags, machine tags
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: AssignedIPAddresses() function in advanced hunting for Microsoft Defender Advanced Threat Protection
|
||||
title: AssignedIPAddresses() function in advanced hunting for Microsoft Defender for Endpoint
|
||||
description: Learn how to use the AssignedIPAddresses() function to get the latest IP addresses assigned to a device
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender for Endpoint, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Extend advanced hunting coverage with the right settings
|
||||
description: Check auditing settings on Windows devices and other settings to help ensure that you get the most comprehensive data in advanced hunting
|
||||
keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection
|
||||
keywords: advanced hunting, incident, pivot, entity, audit settings, user account management, security group management, threat hunting, cyber threat hunting, search, query, telemetry, mdatp, Microsoft Defender ATP, Microsoft Defender for Endpoint, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: FileProfile() function in advanced hunting for Microsoft Defender Advanced Threat Protection
|
||||
title: FileProfile() function in advanced hunting for Microsoft Defender for Endpoint
|
||||
description: Learn how to use the FileProfile() to enrich information about files in your advanced hunting query results
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment
|
||||
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, Microsoft Defender ATP, Microsoft Defender for Endpoint, Windows Defender, Windows Defender ATP, Windows Defender Advanced Threat Protection, search, query, telemetry, schema reference, kusto, FileProfile, file profile, function, enrichment
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alerts API
|
||||
description: Learn about the methods and properties of the Alert resource type in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn about the methods and properties of the Alert resource type in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, alerts, recent
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Hello World for Microsoft Defender Advanced Threat Protection API
|
||||
title: Hello World for Microsoft Defender for Endpoint API
|
||||
ms.reviewer:
|
||||
description: Create a practice 'Hello world'-style API call to the Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) API.
|
||||
description: Create a practice 'Hello world'-style API call to the Microsoft Defender for Endpoint (Microsoft Defender ATP) API.
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender ATP APIs connection to Power BI
|
||||
ms.reviewer:
|
||||
description: Create a Power Business Intelligence (BI) report on top of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) APIs.
|
||||
description: Create a Power Business Intelligence (BI) report on top of Microsoft Defender for Endpoint APIs.
|
||||
keywords: apis, supported apis, Power BI, reports
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Access the Microsoft Defender Advanced Threat Protection APIs
|
||||
title: Access the Microsoft Defender for Endpoint APIs
|
||||
ms.reviewer:
|
||||
description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender ATP capabilities
|
||||
keywords: apis, api, wdatp, open api, microsoft defender atp api, public api, supported apis, alerts, device, user, domain, ip, file, advanced hunting, query
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Assign user access to Microsoft Defender Security Center
|
||||
description: Assign read and write or read only access to the Microsoft Defender Advanced Threat Protection portal.
|
||||
description: Assign read and write or read only access to the Microsoft Defender for Endpoint portal.
|
||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Experience Microsoft Defender ATP through simulated attacks
|
||||
description: Run the provided attack scenario simulations to experience how Microsoft Defender ATP can detect, investigate, and respond to breaches.
|
||||
keywords: wdatp, test, scenario, attack, simulation, simulated, diy, microsoft defender advanced threat protection
|
||||
keywords: wdatp, test, scenario, attack, simulation, simulated, diy, Microsoft Defender for Endpoint
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Attack surface reduction frequently asked questions (FAQ)
|
||||
description: Find answers to frequently asked questions about Microsoft Defender ATP's attack surface reduction rules.
|
||||
keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP
|
||||
keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, microsoft defender for endpoint
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Use attack surface reduction rules to prevent malware infection
|
||||
description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware.
|
||||
keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP
|
||||
keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender for Endpoint, Microsoft Defender ATP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: manage
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Use basic permissions to access Microsoft Defender Security Center
|
||||
description: Learn how to use basic permissions to access the Microsoft Defender Advanced Threat Protection portal.
|
||||
description: Learn how to use basic permissions to access the Microsoft Defender for Endpoint portal.
|
||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Configure alert notifications in Microsoft Defender ATP
|
||||
description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria.
|
||||
title: Configure alert notifications in Microsoft Defender for Endpoint
|
||||
description: You can use Microsoft Defender for Endpoint to configure email notification settings for security alerts, based on severity and other criteria.
|
||||
keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard Windows 10 devices to Microsoft Defender ATP via Group Policy
|
||||
description: Use Group Policy to deploy the configuration package on Windows 10 devices so that they are onboarded to the service.
|
||||
keywords: configure devices using group policy, device management, configure Windows ATP devices, onboard Microsoft Defender Advanced Threat Protection devices, group policy
|
||||
keywords: configure devices using group policy, device management, configure Windows ATP devices, onboard Microsoft Defender for Endpoint devices, group policy
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard Windows 10 devices using Mobile Device Management tools
|
||||
description: Use Mobile Device Management tools to deploy the configuration package on devices so that they are onboarded to the service.
|
||||
keywords: onboard devices using mdm, device management, onboard Windows ATP devices, onboard Microsoft Defender Advanced Threat Protection devices, mdm
|
||||
keywords: onboard devices using mdm, device management, onboard Windows ATP devices, onboard Microsoft Defender for Endpoint devices, mdm
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard non-Windows devices to the Microsoft Defender for Endpoint service
|
||||
description: Configure non-Windows devices so that they can send sensor data to the Microsoft Defender ATP service.
|
||||
keywords: onboard non-Windows devices, macos, linux, device management, configure Windows ATP devices, configure Microsoft Defender Advanced Threat Protection devices
|
||||
keywords: onboard non-Windows devices, macos, linux, device management, configure Windows ATP devices, configure Microsoft Defender for Endpoint devices
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard Windows 10 devices using Configuration Manager
|
||||
description: Use Configuration Manager to deploy the configuration package on devices so that they are onboarded to the service.
|
||||
keywords: onboard devices using sccm, device management, configure Windows ATP devices, configure Microsoft Defender Advanced Threat Protection devices
|
||||
keywords: onboard devices using sccm, device management, configure Windows ATP devices, configure Microsoft Defender for Endpoint devices
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard Windows 10 devices using a local script
|
||||
description: Use a local script to deploy the configuration package on devices so that they are onboarded to the service.
|
||||
keywords: configure devices using a local script, device management, configure Windows ATP devices, configure Microsoft Defender Advanced Threat Protection devices
|
||||
keywords: configure devices using a local script, device management, configure Windows ATP devices, configure Microsoft Defender for Endpoint devices
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard non-persistent virtual desktop infrastructure (VDI) devices
|
||||
description: Deploy the configuration package on virtual desktop infrastructure (VDI) device so that they are onboarded to Microsoft Defender ATP the service.
|
||||
keywords: configure virtual desktop infrastructure (VDI) device, vdi, device management, configure Windows ATP endpoints, configure Microsoft Defender Advanced Threat Protection endpoints
|
||||
keywords: configure virtual desktop infrastructure (VDI) device, vdi, device management, configure Windows ATP endpoints, configure Microsoft Defender for Endpoint endpoints
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard Windows servers to the Microsoft Defender for Endpoint service
|
||||
description: Onboard Windows servers so that they can send sensor data to the Microsoft Defender for Endpoint sensor.
|
||||
keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers, onboard Microsoft Defender for Endpoint servers
|
||||
keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender for Endpoint servers, onboard Microsoft Defender for Endpoint servers
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Pull detections to your SIEM tools from Microsoft Defender Advanced Threat Protection
|
||||
title: Pull detections to your SIEM tools from Microsoft Defender for Endpoint
|
||||
description: Learn how to use REST API and configure supported security information and events management tools to receive and pull detections.
|
||||
keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Create alert from event API
|
||||
description: Learn how to use the Create alert API to create a new Alert on top of Event in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Create alert API to create a new Alert on top of Event in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Verify data storage location and update data retention settings
|
||||
description: Verify data storage location and update data retention settings for Microsoft Defender Advanced Threat Protection
|
||||
description: Verify data storage location and update data retention settings for Microsoft Defender for Endpoint
|
||||
keywords: data, storage, settings, retention, update
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Delete Indicator API.
|
||||
description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Delete Indicator API to delete an Indicator entity by ID in Microsoft Defender for Endpoint.
|
||||
keywords: apis, public api, supported apis, delete, ti indicator, entity, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alert related domains information
|
||||
description: Retrieve all domains related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Retrieve all domains related to a specific alert using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related domain
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alert related files information
|
||||
description: Retrieve all files related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint).
|
||||
description: Retrieve all files related to a specific alert using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related files
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alert related IPs information
|
||||
description: Retrieve all IPs related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint).
|
||||
description: Retrieve all IPs related to a specific alert using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related ip
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alert related machine information
|
||||
description: Retrieve all devices related to a specific alert using Microsoft Defender Advanced Threat Protection (Microsoft Defender for Endpoint).
|
||||
description: Retrieve all devices related to a specific alert using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related device
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get alert related user information
|
||||
description: Learn how to use the Get alert related user information API to retrieve the user related to a specific alert in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get alert related user information API to retrieve the user related to a specific alert in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, related, user
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get IP related alerts API
|
||||
description: Retrieve a collection of alerts related to a given IP address using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Retrieve a collection of alerts related to a given IP address using Microsoft Defender for Endpoint
|
||||
keywords: apis, graph api, supported apis, get, ip, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get IP statistics API
|
||||
description: Get the latest stats for your IP using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Get the latest stats for your IP using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, ip, statistics, prevalence
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get KB collection API
|
||||
description: Retrieve a collection of knowledge bases (KB's) and KB details with Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Retrieve a collection of knowledge bases (KB's) and KB details with Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get machine by ID API
|
||||
description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get machine by ID API to retrieve a machine by its device ID or computer name in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, devices, entity, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get machine logon users API
|
||||
description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get machine logon users API to retrieve a collection of logged on users on a device in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, device, log on, users
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get machine related alerts API
|
||||
description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get machine related alerts API to retrieve all alerts related to a specific device in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, devices, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get MachineAction object API
|
||||
description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get MachineAction API to retrieve a specific Machine Action by its ID in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, machineaction object
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: List machineActions API
|
||||
description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the List MachineActions API to retrieve a collection of Machine Actions in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, machineaction collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get machines security states collection API
|
||||
description: Retrieve a collection of device security states using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Retrieve a collection of device security states using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, device, security, state
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: List Indicators API
|
||||
description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the List Indicators API to retrieve a collection of all active Indicators in Microsoft Defender for Endpoint.
|
||||
keywords: apis, public api, supported apis, Indicators collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get user information API
|
||||
description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get user information API to retrieve a User entity by key, or user name, in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, user, user information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get user-related alerts API
|
||||
description: Retrieve a collection of alerts related to a given user ID using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Retrieve a collection of alerts related to a given user ID using Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, user, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get user-related machines API
|
||||
description: Learn how to use the Get user-related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Get user-related machines API to retrieve a collection of devices related to a user ID in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, get, user, user related alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Helpful Microsoft Defender Advanced Threat Protection resources
|
||||
description: Access helpful resources such as links to blogs and other resources related to Microsoft Defender Advanced Threat Protection
|
||||
title: Helpful Microsoft Defender for Endpoint resources
|
||||
description: Access helpful resources such as links to blogs and other resources related to Microsoft Defender for Endpoint
|
||||
keywords: Microsoft Defender Security Center, product brief, brief, capabilities, licensing
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Import Indicators API
|
||||
description: Learn how to use the Import batch of Indicator API in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Import batch of Indicator API in Microsoft Defender for Endpoint.
|
||||
keywords: apis, supported apis, submit, ti, indicator, update
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Investigate Microsoft Defender Advanced Threat Protection alerts
|
||||
title: Investigate Microsoft Defender for Endpoint alerts
|
||||
description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
|
||||
keywords: investigate, investigation, devices, device, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Investigate Microsoft Defender Advanced Threat Protection domains
|
||||
title: Investigate Microsoft Defender for Endpoint domains
|
||||
description: Use the investigation options to see if devices and servers have been communicating with malicious domains.
|
||||
keywords: investigate domain, domain, malicious domain, microsoft defender atp, alert, URL
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -77,7 +77,7 @@ You can view events from different periods of time by entering the dates into th
|
||||
5. Clicking any of the device names will take you to that device's view, where you can continue investigate reported alerts, behaviors, and events.
|
||||
|
||||
## Related topics
|
||||
- [View and organize the Microsoft Defender Advanced Threat Protection Alerts queue](alerts-queue.md)
|
||||
- [View and organize the Microsoft Defender for Endpoint Alerts queue](alerts-queue.md)
|
||||
- [Manage Microsoft Defender for Endpoint alerts](manage-alerts.md)
|
||||
- [Investigate Microsoft Defender for Endpoint alerts](investigate-alerts.md)
|
||||
- [Investigate a file associated with a Microsoft Defender for Endpoint alert](investigate-files.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Investigate Microsoft Defender Advanced Threat Protection files
|
||||
title: Investigate Microsoft Defender for Endpoint files
|
||||
description: Use the investigation options to get details on files associated with alerts, behaviors, or events.
|
||||
keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -65,7 +65,12 @@ For more information on these actions, see [Take response action on a file](resp
|
||||
|
||||
The file details, incident, malware detection, and file prevalence cards display various attributes about the file.
|
||||
|
||||
You'll see details such as the file’s MD5, the Virus Total detection ratio, and Microsoft Defender AV detection if available, and the file’s prevalence, both worldwide and within your organizations.
|
||||
You'll see details such as the file’s MD5, the Virus Total detection ratio, and Microsoft Defender AV detection if available, and the file’s prevalence.
|
||||
|
||||
The file prevalence card shows where the file was seen in devices in the organization and worldwide.
|
||||
|
||||
> [!NOTE]
|
||||
> Different users may see dissimilar values in the *devices in organization* section of the file prevalence card. This is because the card displays information based on the RBAC scope that a user has. Meaning, if a user has been granted visibility on a specific set of devices, they will only see the file organizational prevalence on those devices.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Isolate machine API
|
||||
description: Learn how to use the Isolate machine API to isolate a device from accessing external network in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Isolate machine API to isolate a device from accessing external network in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, isolate device
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: What's new in Microsoft Defender Advanced Threat Protection for Linux
|
||||
title: What's new in Microsoft Defender for Endpoint for Linux
|
||||
description: List of major changes for Microsoft Defender ATP for Linux.
|
||||
keywords: microsoft, defender, atp, linux, whatsnew, release
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Live response command examples
|
||||
description: Learn to run basic or advanced live response commands for Microsoft Defender Advanced Threat Protection (ATP) and see examples on how it's used.
|
||||
description: Learn to run basic or advanced live response commands for Microsoft Defender for Endpoint and see examples on how it's used.
|
||||
keywords: example, command, cli, remote, shell, connection, live, response, real-time, command, script, remediate, hunt, export, log, drop, download, file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -97,6 +97,6 @@ You can create a scanning schedule using the *launchd* daemon on a macOS device.
|
||||
|
||||
## Schedule a scan with Intune
|
||||
|
||||
You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender Advanced Threat Protection](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode.
|
||||
You can also schedule scans with Microsoft Intune. The [runMDATPQuickScan.sh](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP#runmdatpquickscansh) shell script available at [Scripts for Microsoft Defender for Endpoint](https://github.com/microsoft/shell-intune-samples/tree/master/Misc/MDATP) will persist when the device resumes from sleep mode.
|
||||
|
||||
See [Use shell scripts on macOS devices in Intune](https://docs.microsoft.com/mem/intune/apps/macos-shell-scripts) for more detailed instructions on how to use this script in your enterprise.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: What's new in Microsoft Defender Advanced Threat Protection for Mac
|
||||
description: Learn about the major changes for previous versions of Microsoft Defender Advanced Threat Protection for Mac.
|
||||
title: What's new in Microsoft Defender for Endpoint for Mac
|
||||
description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint for Mac.
|
||||
keywords: microsoft, defender, atp, mac, installation, macos, whatsnew
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Machine resource type
|
||||
description: Learn about the methods and properties of the Machine resource type in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn about the methods and properties of the Machine resource type in Microsoft Defender for Endpoint.
|
||||
keywords: apis, supported apis, get, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: machineAction resource type
|
||||
description: Learn about the methods and properties of the MachineAction resource type in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn about the methods and properties of the MachineAction resource type in Microsoft Defender for Endpoint.
|
||||
keywords: apis, supported apis, get, machineaction, recent
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Manage Microsoft Defender Advanced Threat Protection alerts
|
||||
title: Manage Microsoft Defender for Endpoint alerts
|
||||
description: Change the status of alerts, create suppression rules to hide alerts, submit comments, and review change history for individual alerts with the Manage Alert menu.
|
||||
keywords: manage alerts, manage, alerts, status, new, in progress, resolved, resolve alerts, suppress, supression, rules, context, history, comments, changes
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Manage Microsoft Defender Advanced Threat Protection suppression rules
|
||||
title: Manage Microsoft Defender for Endpoint suppression rules
|
||||
description: You might need to prevent alerts from appearing in the portal by using suppression rules. Learn how to manage your suppression rules in Microsoft Defender ATP.
|
||||
keywords: manage suppression, rules, rule name, scope, action, alerts, turn on, turn off
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Cloud App Security integration overview
|
||||
ms.reviewer:
|
||||
description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) integrates with Cloud App Security by forwarding all cloud app networking activities.
|
||||
description: Microsoft Defender for Endpoint integrates with Cloud App Security by forwarding all cloud app networking activities.
|
||||
keywords: cloud, app, networking, visibility, usage
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -123,7 +123,7 @@ Microsoft Defender for Endpoint's new managed threat hunting service provides pr
|
||||
<a name="apis"></a>
|
||||
|
||||
**[Centralized configuration and administration, APIs](management-apis.md)**<br>
|
||||
Integrate Microsoft Defender Advanced Threat Protection into your existing workflows.
|
||||
Integrate Microsoft Defender for Endpoint into your existing workflows.
|
||||
|
||||
<a name="mtp"></a>
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender ATP for Mac
|
||||
ms.reviewer:
|
||||
description: Learn how to install, configure, update, and use Microsoft Defender Advanced Threat Protection for Mac.
|
||||
description: Learn how to install, configure, update, and use Microsoft Defender for Endpoint for Mac.
|
||||
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Microsoft Defender Security Center
|
||||
description: Microsoft Defender Security Center is the portal where you can access Microsoft Defender Advanced Threat Protection.
|
||||
description: Microsoft Defender Security Center is the portal where you can access Microsoft Defender for Endpoint.
|
||||
keywords: windows, defender, security, center, defender, advanced, threat, protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Threat Experts
|
||||
ms.reviewer:
|
||||
description: Microsoft Threat Experts provides an additional layer of expertise to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Microsoft Threat Experts provides an additional layer of expertise to Microsoft Defender for Endpoint.
|
||||
keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, MTE-TAN, targeted attack notification, Targeted Attack Notification
|
||||
search.product: Windows 10
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Offboard devices from the Microsoft Defender ATP service
|
||||
description: Onboard Windows 10 devices, servers, non-Windows devices from the Microsoft Defender ATP service
|
||||
keywords: offboarding, microsoft defender advanced threat protection offboarding, windows atp offboarding
|
||||
keywords: offboarding, microsoft defender for endpoint offboarding, windows atp offboarding
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Onboard devices to the Microsoft Defender ATP service
|
||||
description: Onboard Windows 10 devices, servers, non-Windows devices and learn how to run a detection test.
|
||||
keywords: onboarding, microsoft defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
|
||||
keywords: onboarding, microsoft defender for endpoint onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Overview of attack surface reduction
|
||||
ms.reviewer:
|
||||
description: Learn about the attack surface reduction capabilities of Microsoft Defender ATP.
|
||||
keywords: asr, attack surface reduction, microsoft defender atp, microsoft defender advanced threat protection, microsoft defender, antivirus, av, windows defender
|
||||
keywords: asr, attack surface reduction, microsoft defender atp, microsoft defender for endpoint, microsoft defender, antivirus, av, windows defender
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Microsoft Defender Advanced Threat Protection portal overview
|
||||
title: Microsoft Defender for Endpoint portal overview
|
||||
description: Microsoft Defender Security Center can monitor your enterprise network and assist in responding to potential advanced persistent threats (APT) or data breaches.
|
||||
keywords: Microsoft Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, devices list, settings, device management, advanced attacks
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Submit or Update Indicator API
|
||||
description: Learn how to use the Submit or Update Indicator API to submit or update a new Indicator entity in Microsoft Defender Advanced Threat Protection.
|
||||
description: Learn how to use the Submit or Update Indicator API to submit or update a new Indicator entity in Microsoft Defender for Endpoint.
|
||||
keywords: apis, graph api, supported apis, submit, ti, indicator, update
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Turn on the preview experience in Microsoft Defender ATP
|
||||
description: Turn on the preview experience in Microsoft Defender Advanced Threat Protection to try upcoming features.
|
||||
description: Turn on the preview experience in Microsoft Defender for Endpoint to try upcoming features.
|
||||
keywords: advanced features, settings, block file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Microsoft Defender ATP preview features
|
||||
description: Learn how to access Microsoft Defender Advanced Threat Protection preview features.
|
||||
keywords: preview, preview experience, Microsoft Defender Advanced Threat Protection, features, updates
|
||||
description: Learn how to access Microsoft Defender for Endpoint preview features.
|
||||
keywords: preview, preview experience, Microsoft Defender for Endpoint, features, updates
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Stream Microsoft Defender Advanced Threat Protection events to Azure Event Hubs
|
||||
title: Stream Microsoft Defender for Endpoint events to Azure Event Hubs
|
||||
description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Event Hub.
|
||||
keywords: raw data export, streaming API, API, Azure Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Stream Microsoft Defender Advanced Threat Protection events to your Storage account
|
||||
title: Stream Microsoft Defender for Endpoint events to your Storage account
|
||||
description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Storage account.
|
||||
keywords: raw data export, streaming API, API, Event Hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Stream Microsoft Defender Advanced Threat Protection event
|
||||
title: Stream Microsoft Defender for Endpoint event
|
||||
description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to Event Hubs or Azure storage account
|
||||
keywords: raw data export, streaming API, API, Event hubs, Azure storage, storage account, Advanced Hunting, raw data sharing
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Review alerts in Microsoft Defender Advanced Threat Protection
|
||||
title: Review alerts in Microsoft Defender for Endpoint
|
||||
description: Review alert information, including a visualized alert story and details for each step of the chain.
|
||||
keywords: incident, incidents, machines, devices, users, alerts, alert, investigation, graph, evidence
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Advanced Hunting API
|
||||
ms.reviewer:
|
||||
description: Learn to use the advanced hunting API to run advanced queries on Microsoft Defender Advanced Threat Protection. Find out about limitations and see an example.
|
||||
description: Learn to use the advanced hunting API to run advanced queries on Microsoft Defender for Endpoint. Find out about limitations and see an example.
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Advanced Hunting with PowerShell API Basics
|
||||
ms.reviewer:
|
||||
description: Learn the basics of querying the Microsoft Defender Advanced Threat Protection API, using PowerShell.
|
||||
description: Learn the basics of querying the Microsoft Defender for Endpoint API, using PowerShell.
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Advanced Hunting with Python API Guide
|
||||
ms.reviewer:
|
||||
description: Learn how to query using the Microsoft Defender Advanced Threat Protection API, by using Python, with examples.
|
||||
description: Learn how to query using the Microsoft Defender for Endpoint API, by using Python, with examples.
|
||||
keywords: apis, supported apis, advanced hunting, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Run a detection test on a newly onboarded Microsoft Defender ATP device
|
||||
description: Run the detection script on a newly onboarded device to verify that it is properly onboarded to the Microsoft Defender ATP service.
|
||||
keywords: detection test, detection, powershell, script, verify, onboarding, microsoft defender advanced threat protection onboarding, clients, servers, test
|
||||
keywords: detection test, detection, powershell, script, verify, onboarding, microsoft defender for endpoint onboarding, clients, servers, test
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -68,7 +68,7 @@ This tile shows you a list of devices with the highest number of active alerts.
|
||||
|
||||
|
||||
|
||||
Click the name of the device to see details about that device. For more information see, [Investigate devices in the Microsoft Defender Advanced Threat Protection Devices list](investigate-machines.md).
|
||||
Click the name of the device to see details about that device. For more information see, [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md).
|
||||
|
||||
You can also click **Devices list** at the top of the tile to go directly to the **Devices list**, sorted by the number of active alerts. For more information see, [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md).
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Set device value API
|
||||
description: Learn how to specify the value of a device using a Microsoft Defender Advanced Threat Protection API.
|
||||
description: Learn how to specify the value of a device using a Microsoft Defender for Endpoint API.
|
||||
keywords: apis, graph api, supported apis, tags, machine tags
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Stop and quarantine file API
|
||||
description: Learn how to stop running a file on a device and delete the file in Microsoft Defender Advanced Threat Protection. See an example.
|
||||
description: Learn how to stop running a file on a device and delete the file in Microsoft Defender for Endpoint. See an example.
|
||||
keywords: apis, graph api, supported apis, stop and quarantine file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -67,7 +67,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
|
||||
|Operating system |Guidance |
|
||||
|---------|---------|
|
||||
|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
|
||||
|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). |
|
||||
|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). |
|
||||
|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender ATP for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
|
||||
|
||||
## Uninstall your non-Microsoft solution
|
||||
|
||||
@ -67,7 +67,7 @@ To verify that your onboarded devices are properly connected to Microsoft Defend
|
||||
|Operating system |Guidance |
|
||||
|---------|---------|
|
||||
|- Windows 10 <br/>- Windows Server 2019 <br/>- Windows Server, version 1803 <br/>- Windows Server 2016 <br/>- Windows Server 2012 R2 |See [Run a detection test](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). <br/><br/>Visit the Microsoft Defender for Endpoint demo scenarios site ([https://demo.wd.microsoft.com](https://demo.wd.microsoft.com)) and try one or more of the scenarios. For example, try the **Cloud-delivered protection** demo scenario. |
|
||||
|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender Advanced Threat Protection for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). |
|
||||
|macOS<br/>- 10.15 (Catalina)<br/>- 10.14 (Mojave)<br/>- 10.13 (High Sierra) |Download and use the DIY app at [https://aka.ms/mdatpmacosdiy](https://aka.ms/mdatpmacosdiy). <br/><br/>For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). |
|
||||
|Linux:<br/>- RHEL 7.2+<br/>- CentOS Linux 7.2+<br/>- Ubuntu 16 LTS, or higher LTS<br/>- SLES 12+<br/>- Debian 9+<br/>- Oracle Linux 7.2 |1. Run the following command, and look for a result of **1**: <br/>`mdatp health --field real_time_protection_enabled`. <br/><br/>2. Open a Terminal window, and run the following command: <br/>`curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt`. <br/><br/>3. Run the following command to list any detected threats: <br/>`mdatp threat list`. <br/><br/>For more information, see [Microsoft Defender for Endpoint for Linux](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). |
|
||||
|
||||
## Uninstall Symantec
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Event timeline in threat and vulnerability management
|
||||
description: Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it.
|
||||
keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender Advanced Threat Protection
|
||||
keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender for Endpoint
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Understand threat intelligence concepts in Microsoft Defender ATP
|
||||
description: Create custom threat alerts for your organization and learn the concepts around threat intelligence in Microsoft Defender Advanced Threat Protection.
|
||||
title: Understand threat intelligence concepts in Microsoft Defender for Endpoint
|
||||
description: Create custom threat alerts for your organization and learn the concepts around threat intelligence in Microsoft Defender for Endpoint
|
||||
keywords: threat intelligence, alert definitions, indicators of compromise, ioc
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Indicator resource type
|
||||
description: Specify the entity details and define the expiration of the indicator using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
description: Specify the entity details and define the expiration of the indicator using Microsoft Defender for Endpoint.
|
||||
keywords: apis, supported apis, get, TiIndicator, Indicator, recent
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Troubleshoot problems with attack surface reduction rules
|
||||
description: Resources and sample code to troubleshoot issues with attack surface reduction rules in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection
|
||||
description: Resources and sample code to troubleshoot issues with attack surface reduction rules in Microsoft Defender for Endpoint.
|
||||
keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender for endpoint, microsoft defender advanced threat protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.pagetype: security
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Troubleshoot Microsoft Defender Advanced Threat Protection service issues
|
||||
title: Troubleshoot Microsoft Defender for Endpoint service issues
|
||||
description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
|
||||
keywords: troubleshoot Microsoft Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, allow, event viewer
|
||||
keywords: troubleshoot microsoft defender for endpoint, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, allow, event viewer
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Troubleshoot problems with Network protection
|
||||
description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
|
||||
keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection
|
||||
description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender for Endpoint.
|
||||
keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender for endpoint, microsoft defender advanced threat protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
ms.mktglfcycl: manage
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Troubleshoot onboarding issues and error messages
|
||||
description: Troubleshoot onboarding issues and error message while completing setup of Microsoft Defender Advanced Threat Protection.
|
||||
keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, microsoft defender atp
|
||||
description: Troubleshoot onboarding issues and error message while completing setup of Microsoft Defender for Endpoint.
|
||||
keywords: troubleshoot, troubleshooting, Azure Active Directory, onboarding, error message, error messages, microsoft defender for endpoint
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Exposure score in threat and vulnerability management
|
||||
description: The threat and vulnerability management exposure score reflects how vulnerable your organization is to cybersecurity threats.
|
||||
keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender Advanced Threat Protection
|
||||
keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender for Endpoint
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: m365-security
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: User resource type
|
||||
description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to users.
|
||||
description: Retrieve recent Microsoft Defender for Endpoint alerts related to users.
|
||||
keywords: apis, graph api, supported apis, get, alerts, recent
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: m365-security
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user