mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-20 17:27:23 +00:00
fix-suggestions
To fix suggestions
This commit is contained in:
Lovina Saldanha
parent
573509864c
commit
b1ff74d359
@ -66,39 +66,39 @@ Follow the steps below to onboard endpoints using Microsoft Endpoint Configurati
|
||||
|
||||
1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Right Click **Device Collection** and select **Create Device Collection**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Provide a **Name** and **Limiting Collection**, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Select **Add Rule** and choose **Query Rule**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Select **Criteria** and then choose the star icon.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Select **Next** and **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
9. Select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment.
|
||||
|
||||
@ -123,22 +123,22 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
2. Under Deployment method select the supported version of **Microsoft Endpoint Configuration Manager**.
|
||||
|
||||
|
||||
|
||||
|
||||
3. Select **Download package**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Save the package to an accessible location.
|
||||
5. In Microsoft Endpoint Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**.
|
||||
|
||||
6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Enter the name and description, verify **Onboarding** is selected, then select **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
8. Click **Browse**.
|
||||
|
||||
@ -147,25 +147,25 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
10. Click **Next**.
|
||||
11. Configure the Agent with the appropriate samples (**None** or **All file types**).
|
||||
|
||||
|
||||
|
||||
|
||||
12. Select the appropriate telemetry (**Normal** or **Expedited**) then click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
14. Verify the configuration, then click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
15. Click **Close** when the Wizard completes.
|
||||
|
||||
16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
17. On the right panel, select the previously created collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Previous versions of Windows Client (Windows 7 and Windows 8.1)
|
||||
@ -257,11 +257,11 @@ needs on how Antivirus is configured.
|
||||
|
||||
3. Right-click on the newly created antimalware policy and select **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Target the new antimalware policy to your Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured Windows
|
||||
Defender Antivirus.
|
||||
@ -284,26 +284,26 @@ To set ASR rules in Audit mode:
|
||||
|
||||
3. Set rules to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured ASR rules in audit mode.
|
||||
|
||||
@ -321,11 +321,11 @@ endpoints. (This may take few minutes)
|
||||
|
||||
4. Click **Configuration** tab in Attack surface reduction rules reports. It shows ASR rules configuration overview and ASR rules status on each devices.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Click each device shows configuration details of ASR rules.
|
||||
|
||||
|
||||
|
||||
|
||||
See [Optimize ASR rule deployment and
|
||||
detections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr) for more details.
|
||||
@ -334,29 +334,29 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros
|
||||
#### Set Network Protection rules in Audit mode:
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Network protection**.
|
||||
|
||||
3. Set the setting to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard Policy by clicking **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click on **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Select the policy to the newly created Windows 10 collection and choose **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
After completing this task, you now have successfully configured Network
|
||||
Protection in audit mode.
|
||||
@ -365,29 +365,29 @@ Protection in audit mode.
|
||||
|
||||
1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**.
|
||||
|
||||
|
||||
|
||||
|
||||
2. Select **Controlled folder access**.
|
||||
|
||||
3. Set the configuration to **Audit** and click **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
4. Confirm the new Exploit Guard Policy by clicking on **Next**.
|
||||
|
||||
|
||||
|
||||
|
||||
5. Once the policy is created click on **Close**.
|
||||
|
||||
|
||||
|
||||
|
||||
6. Right-click on the newly created policy and choose **Deploy**.
|
||||
|
||||
|
||||
|
||||
|
||||
7. Target the policy to the newly created Windows 10 collection and click **OK**.
|
||||
|
||||
|
||||
|
||||
|
||||
You have now successfully configured Controlled folder access in audit mode.
|
||||
|
||||
|
||||
@ -80,12 +80,12 @@ needs.<br>
|
||||
2. Open **Groups > New Group**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
3. Enter details and create a new group.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
4. Add your test user or device.
|
||||
|
||||
@ -96,7 +96,7 @@ needs.<br>
|
||||
7. Find your test user or device and select it.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
8. Your testing group now has a member to test.
|
||||
|
||||
@ -122,7 +122,7 @@ different types of endpoint security policies:
|
||||
on **Create Profile**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection
|
||||
and response > Create**.
|
||||
@ -130,39 +130,39 @@ different types of endpoint security policies:
|
||||
4. Enter a name and description, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
5. Select settings as required, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
> [!NOTE]
|
||||
> In this instance, this has been auto populated as Defender for Endpoint has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender for Endpoint in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp).
|
||||
>
|
||||
> The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune:
|
||||
>
|
||||
> 
|
||||
> 
|
||||
|
||||
6. Add scope tags if necessary, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
7. Add test group by clicking on **Select groups to include** and choose your group, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
8. Review and accept, then select **Create**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
9. You can view your completed policy.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
### Next-generation protection
|
||||
|
||||
@ -171,7 +171,7 @@ different types of endpoint security policies:
|
||||
2. Navigate to **Endpoint security > Antivirus > Create Policy**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
3. Select **Platform - Windows 10 and Later - Windows and Profile – Microsoft
|
||||
Defender Antivirus > Create**.
|
||||
@ -179,34 +179,34 @@ different types of endpoint security policies:
|
||||
4. Enter name and description, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
5. In the **Configuration settings page**: Set the configurations you require for
|
||||
Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time
|
||||
Protection, and Remediation).
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
6. Add scope tags if necessary, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
7. Select groups to include, assign to your test group, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
8. Review and create, then select **Create**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
9. You'll see the configuration policy you created.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
### Attack Surface Reduction – Attack surface reduction rules
|
||||
|
||||
@ -220,12 +220,12 @@ different types of endpoint security policies:
|
||||
rules > Create**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
5. Enter a name and description, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
6. In the **Configuration settings page**: Set the configurations you require for
|
||||
Attack surface reduction rules, then select **Next**.
|
||||
@ -236,27 +236,27 @@ different types of endpoint security policies:
|
||||
> For more information, see [Attack surface reduction rules](attack-surface-reduction.md).
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
7. Add Scope Tags as required, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
8. Select groups to include and assign to test group, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
9. Review the details, then select **Create**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
10. View the policy.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
### Attack Surface Reduction – Web Protection
|
||||
|
||||
@ -269,12 +269,12 @@ different types of endpoint security policies:
|
||||
4. Select **Windows 10 and Later – Web protection > Create**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
5. Enter a name and description, then select **Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
6. In the **Configuration settings page**: Set the configurations you require for
|
||||
Web Protection, then select **Next**.
|
||||
@ -285,27 +285,27 @@ different types of endpoint security policies:
|
||||
> For more information, see [Web Protection](web-protection-overview.md).
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
7. Add **Scope Tags as required > Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
8. Select **Assign to test group > Next**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
9. Select **Review and Create > Create**.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
10. View the policy.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
## Validate configuration settings
|
||||
|
||||
@ -323,22 +323,22 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
steps above. The following example shows the next generation protection settings.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox)
|
||||
> [  ](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox)
|
||||
|
||||
2. Select the **Configuration Policy** to view the policy status.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox)
|
||||
> [  ](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox)
|
||||
|
||||
3. Select **Device Status** to see the status.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox)
|
||||
> [  ](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox)
|
||||
|
||||
4. Select **User Status** to see the status.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/4e965749ff71178af8873bc91f9fe525.png#lightbox)
|
||||
> [  ](images/4e965749ff71178af8873bc91f9fe525.png#lightbox)
|
||||
|
||||
5. Select **Per-setting status** to see the status.
|
||||
|
||||
@ -346,7 +346,7 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
>This view is very useful to identify any settings that conflict with another policy.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox)
|
||||
> [  ](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox)
|
||||
|
||||
### Endpoint detection and response
|
||||
|
||||
@ -355,13 +355,13 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
Protection service should not be started.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox)
|
||||
> [  ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox)
|
||||
|
||||
2. After the configuration has been applied, the Defender for Endpoint
|
||||
Protection Service should be started.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> [  ](images/a621b699899f1b41db211170074ea59e.png#lightbox)
|
||||
> [  ](images/a621b699899f1b41db211170074ea59e.png#lightbox)
|
||||
|
||||
3. After the services are running on the device, the device appears in Microsoft
|
||||
Defender Security Center.
|
||||
@ -375,7 +375,7 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
manage the settings as shown below.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
2. After the policy has been applied, you should not be able to manually manage
|
||||
the settings.
|
||||
@ -385,7 +385,7 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
> **Turn on real-time protection** are being shown as managed.
|
||||
|
||||
> [!div class="mx-imgBorder"]
|
||||
> 
|
||||
> 
|
||||
|
||||
### Attack Surface Reduction – Attack surface reduction rules
|
||||
|
||||
@ -400,13 +400,13 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
>
|
||||
> AttackSurfaceReductionRules_Ids:
|
||||
|
||||
|
||||
|
||||
|
||||
3. After applying the policy on a test device, open a PowerShell Windows and type `Get-MpPreference`.
|
||||
|
||||
4. This should respond with the following lines with content as shown below:
|
||||
|
||||
|
||||
|
||||
|
||||
### Attack Surface Reduction – Web Protection
|
||||
|
||||
@ -415,11 +415,11 @@ To confirm that the configuration policy has been applied to your test device, f
|
||||
|
||||
2. This should respond with a 0 as shown below.
|
||||
|
||||
|
||||
|
||||
|
||||
3. After applying the policy, open a PowerShell Windows and type
|
||||
`(Get-MpPreference).EnableNetworkProtection`.
|
||||
|
||||
4. This should respond with a 1 as shown below.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -181,8 +181,8 @@ You'll need to have access to:
|
||||
11. Under **Condition**, add the following expression: "length(body('Get_items')?['value'])" and set the condition to equal to 0.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## Alert notification
|
||||
|
||||
@ -81,7 +81,7 @@ Icon | Description
|
||||
| Alert – Indication of an activity correlated with advanced attacks.
|
||||
| Detection – Indication of a malware threat detection.
|
||||
| Active threat – Threats actively executing at the time of detection.
|
||||
| Remediated – Threat removed from the device.
|
||||
| Remediated – Threat removed from the device.
|
||||
| Not remediated – Threat not removed from the device.
|
||||
| Indicates events that triggered an alert in the **Alert process tree**.
|
||||
| Device icon
|
||||
@ -116,7 +116,7 @@ Icon | Description
|
||||
 | Automated investigation - terminated by system
|
||||
 | Automated investigation - pending
|
||||
 | Automated investigation - running
|
||||
 | Automated investigation - remediated
|
||||
 | Automated investigation - remediated
|
||||
 | Automated investigation - partially remediated
|
||||
 | Threat & Vulnerability Management - threat insights
|
||||
 | Threat & Vulnerability Management - possible active alert
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user