diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index 3a0c5a024b..bb86535c49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -66,39 +66,39 @@ Follow the steps below to onboard endpoints using Microsoft Endpoint Configurati 1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-device-collections.png) + ![Image of Microsoft Endpoint Configuration Manager wizard1](images/configmgr-device-collections.png) 2. Right Click **Device Collection** and select **Create Device Collection**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-create-device-collection.png) + ![Image of Microsoft Endpoint Configuration Manager wizard2](images/configmgr-create-device-collection.png) 3. Provide a **Name** and **Limiting Collection**, then select **Next**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-limiting-collection.png) + ![Image of Microsoft Endpoint Configuration Manager wizard3](images/configmgr-limiting-collection.png) 4. Select **Add Rule** and choose **Query Rule**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-query-rule.png) + ![Image of Microsoft Endpoint Configuration Manager wizard4](images/configmgr-query-rule.png) 5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-direct-membership.png) + ![Image of Microsoft Endpoint Configuration Manager wizard5](images/configmgr-direct-membership.png) 6. Select **Criteria** and then choose the star icon. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-criteria.png) + ![Image of Microsoft Endpoint Configuration Manager wizard6](images/configmgr-criteria.png) 7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-simple-value.png) + ![Image of Microsoft Endpoint Configuration Manager wizard7](images/configmgr-simple-value.png) 8. Select **Next** and **Close**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-membership-rules.png) + ![Image of Microsoft Endpoint Configuration Manager wizard8](images/configmgr-membership-rules.png) 9. Select **Next**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-confirm.png) + ![Image of Microsoft Endpoint Configuration Manager wizard9](images/configmgr-confirm.png) After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. @@ -123,22 +123,22 @@ Manager and deploy that policy to Windows 10 devices. 2. Under Deployment method select the supported version of **Microsoft Endpoint Configuration Manager**. - ![Image of Microsoft Defender for Endpoint onboarding wizard](images/mdatp-onboarding-wizard.png) + ![Image of Microsoft Defender for Endpoint onboarding wizard10](images/mdatp-onboarding-wizard.png) 3. Select **Download package**. - ![Image of Microsoft Defender for Endpoint onboarding wizard](images/mdatp-download-package.png) + ![Image of Microsoft Defender for Endpoint onboarding wizard11](images/mdatp-download-package.png) 4. Save the package to an accessible location. 5. In Microsoft Endpoint Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. 6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-create-policy.png) + ![Image of Microsoft Endpoint Configuration Manager wizard12](images/configmgr-create-policy.png) 7. Enter the name and description, verify **Onboarding** is selected, then select **Next**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-policy-name.png) + ![Image of Microsoft Endpoint Configuration Manager wizard13](images/configmgr-policy-name.png) 8. Click **Browse**. @@ -147,25 +147,25 @@ Manager and deploy that policy to Windows 10 devices. 10. Click **Next**. 11. Configure the Agent with the appropriate samples (**None** or **All file types**). - ![Image of configuration settings](images/configmgr-config-settings.png) + ![Image of configuration settings1](images/configmgr-config-settings.png) 12. Select the appropriate telemetry (**Normal** or **Expedited**) then click **Next**. - ![Image of configuration settings](images/configmgr-telemetry.png) + ![Image of configuration settings2](images/configmgr-telemetry.png) 14. Verify the configuration, then click **Next**. - ![Image of configuration settings](images/configmgr-verify-configuration.png) + ![Image of configuration settings3](images/configmgr-verify-configuration.png) 15. Click **Close** when the Wizard completes. 16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**. - ![Image of configuration settings](images/configmgr-deploy.png) + ![Image of configuration settings4](images/configmgr-deploy.png) 17. On the right panel, select the previously created collection and click **OK**. - ![Image of configuration settings](images/configmgr-select-collection.png) + ![Image of configuration settings5](images/configmgr-select-collection.png) #### Previous versions of Windows Client (Windows 7 and Windows 8.1) @@ -257,11 +257,11 @@ needs on how Antivirus is configured. 3. Right-click on the newly created antimalware policy and select **Deploy**. - ![Image of next generation protection pane](images/f5508317cd8c7870627cb4726acd5f3d.png) + ![Image of next generation protection pane1](images/f5508317cd8c7870627cb4726acd5f3d.png) 4. Target the new antimalware policy to your Windows 10 collection and click **OK**. - ![Image of next generation protection pane](images/configmgr-select-collection.png) + ![Image of next generation protection pane2](images/configmgr-select-collection.png) After completing this task, you now have successfully configured Windows Defender Antivirus. @@ -284,26 +284,26 @@ To set ASR rules in Audit mode: 3. Set rules to **Audit** and click **Next**. - ![Image of Microsoft Endpoint Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png) + ![Image of Microsoft Endpoint Configuration Manager console1](images/d18e40c9e60aecf1f9a93065cb7567bd.png) 4. Confirm the new Exploit Guard policy by clicking on **Next**. - ![Image of Microsoft Endpoint Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png) + ![Image of Microsoft Endpoint Configuration Manager console2](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click **Close**. - ![Image of Microsoft Endpoint Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png) + ![Image of Microsoft Endpoint Configuration Manager console3](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![Image of Microsoft Endpoint Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![Image of Microsoft Endpoint Configuration Manager console4](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Target the policy to the newly created Windows 10 collection and click **OK**. - ![Image of Microsoft Endpoint Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![Image of Microsoft Endpoint Configuration Manager console5](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured ASR rules in audit mode. @@ -321,11 +321,11 @@ endpoints. (This may take few minutes) 4. Click **Configuration** tab in Attack surface reduction rules reports. It shows ASR rules configuration overview and ASR rules status on each devices. - ![A screenshot of attack surface reduction rules reports](images/f91f406e6e0aae197a947d3b0e8b2d0d.png) + ![A screenshot of attack surface reduction rules reports1](images/f91f406e6e0aae197a947d3b0e8b2d0d.png) 5. Click each device shows configuration details of ASR rules. - ![A screenshot of attack surface reduction rules reports](images/24bfb16ed561cbb468bd8ce51130ca9d.png) + ![A screenshot of attack surface reduction rules reports2](images/24bfb16ed561cbb468bd8ce51130ca9d.png) See [Optimize ASR rule deployment and detections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr) for more details. @@ -334,29 +334,29 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros #### Set Network Protection rules in Audit mode: 1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![A screenshot System Center Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![A screenshot System Center Configuration Manager1](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Network protection**. 3. Set the setting to **Audit** and click **Next**. - ![A screenshot System Center Confirugatiom Manager](images/c039b2e05dba1ade6fb4512456380c9f.png) + ![A screenshot System Center Confirugatiom Manager2](images/c039b2e05dba1ade6fb4512456380c9f.png) 4. Confirm the new Exploit Guard Policy by clicking **Next**. - ![A screenshot Exploit GUard policy](images/0a6536f2c4024c08709cac8fcf800060.png) + ![A screenshot Exploit GUard policy1](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click on **Close**. - ![A screenshot Exploit GUard policy](images/95d23a07c2c8bc79176788f28cef7557.png) + ![A screenshot Exploit GUard policy2](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![A screenshot Microsoft Endpoint Configuration Manager ](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![A screenshot Microsoft Endpoint Configuration Manager1](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Select the policy to the newly created Windows 10 collection and choose **OK**. - ![A screenshot Microsoft Endpoint Configuration Manager ](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![A screenshot Microsoft Endpoint Configuration Manager2](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured Network Protection in audit mode. @@ -365,29 +365,29 @@ Protection in audit mode. 1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![A screenshot of Microsoft Endpoint Configuration Manager3](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Controlled folder access**. 3. Set the configuration to **Audit** and click **Next**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) + ![A screenshot of Microsoft Endpoint Configuration Manager4](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) 4. Confirm the new Exploit Guard Policy by clicking on **Next**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/0a6536f2c4024c08709cac8fcf800060.png) + ![A screenshot of Microsoft Endpoint Configuration Manager5](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click on **Close**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/95d23a07c2c8bc79176788f28cef7557.png) + ![A screenshot of Microsoft Endpoint Configuration Manager6](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![A screenshot of Microsoft Endpoint Configuration Manager7](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Target the policy to the newly created Windows 10 collection and click **OK**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![A screenshot of Microsoft Endpoint Configuration Manager8](images/0ccfe3e803be4b56c668b220b51da7f7.png) You have now successfully configured Controlled folder access in audit mode. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 6a93ffde91..aa5a567499 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -80,12 +80,12 @@ needs.
2. Open **Groups > New Group**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/66f724598d9c3319cba27f79dd4617a4.png) + > ![Image of Microsoft Endpoint Manager portal1](images/66f724598d9c3319cba27f79dd4617a4.png) 3. Enter details and create a new group. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/b1e0206d675ad07db218b63cd9b9abc3.png) + > ![Image of Microsoft Endpoint Manager portal2](images/b1e0206d675ad07db218b63cd9b9abc3.png) 4. Add your test user or device. @@ -96,7 +96,7 @@ needs.
7. Find your test user or device and select it. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/149cbfdf221cdbde8159d0ab72644cd0.png) + > ![Image of Microsoft Endpoint Manager portal3](images/149cbfdf221cdbde8159d0ab72644cd0.png) 8. Your testing group now has a member to test. @@ -122,7 +122,7 @@ different types of endpoint security policies: on **Create Profile**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/58dcd48811147feb4ddc17212b7fe840.png) + > ![Image of Microsoft Endpoint Manager portal4](images/58dcd48811147feb4ddc17212b7fe840.png) 3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection and response > Create**. @@ -130,39 +130,39 @@ different types of endpoint security policies: 4. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/a5b2d23bdd50b160fef4afd25dda28d4.png) + > ![Image of Microsoft Endpoint Manager portal5](images/a5b2d23bdd50b160fef4afd25dda28d4.png) 5. Select settings as required, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/cea7e288b5d42a9baf1aef0754ade910.png) + > ![Image of Microsoft Endpoint Manager portal6](images/cea7e288b5d42a9baf1aef0754ade910.png) > [!NOTE] > In this instance, this has been auto populated as Defender for Endpoint has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender for Endpoint in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp). > > The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune: > - > ![Image of Microsoft Endpoint Manager portal](images/2466460812371ffae2d19a10c347d6f4.png) + > ![Image of Microsoft Endpoint Manager portal7](images/2466460812371ffae2d19a10c347d6f4.png) 6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/ef844f52ec2c0d737ce793f68b5e8408.png) + > ![Image of Microsoft Endpoint Manager portal8](images/ef844f52ec2c0d737ce793f68b5e8408.png) 7. Add test group by clicking on **Select groups to include** and choose your group, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/fc3525e20752da026ec9f46ab4fec64f.png) + > ![Image of Microsoft Endpoint Manager portal9](images/fc3525e20752da026ec9f46ab4fec64f.png) 8. Review and accept, then select **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/289172dbd7bd34d55d24810d9d4d8158.png) + > ![Image of Microsoft Endpoint Manager portal10](images/289172dbd7bd34d55d24810d9d4d8158.png) 9. You can view your completed policy. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/5a568b6878be8243ea2b9d82d41ed297.png) + > ![Image of Microsoft Endpoint Manager portal11](images/5a568b6878be8243ea2b9d82d41ed297.png) ### Next-generation protection @@ -171,7 +171,7 @@ different types of endpoint security policies: 2. Navigate to **Endpoint security > Antivirus > Create Policy**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6b728d6e0d71108d768e368b416ff8ba.png) + > ![Image of Microsoft Endpoint Manager portal12](images/6b728d6e0d71108d768e368b416ff8ba.png) 3. Select **Platform - Windows 10 and Later - Windows and Profile – Microsoft Defender Antivirus > Create**. @@ -179,34 +179,34 @@ different types of endpoint security policies: 4. Enter name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/a7d738dd4509d65407b7d12beaa3e917.png) + > ![Image of Microsoft Endpoint Manager portal13](images/a7d738dd4509d65407b7d12beaa3e917.png) 5. In the **Configuration settings page**: Set the configurations you require for Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time Protection, and Remediation). > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/3840b1576d6f79a1d72eb14760ef5e8c.png) + > ![Image of Microsoft Endpoint Manager portal14](images/3840b1576d6f79a1d72eb14760ef5e8c.png) 6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/2055e4f9b9141525c0eb681e7ba19381.png) + > ![Image of Microsoft Endpoint Manager portal15](images/2055e4f9b9141525c0eb681e7ba19381.png) 7. Select groups to include, assign to your test group, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/48318a51adee06bff3908e8ad4944dc9.png) + > ![Image of Microsoft Endpoint Manager portal16](images/48318a51adee06bff3908e8ad4944dc9.png) 8. Review and create, then select **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/dfdadab79112d61bd3693d957084b0ec.png) + > ![Image of Microsoft Endpoint Manager portal17](images/dfdadab79112d61bd3693d957084b0ec.png) 9. You'll see the configuration policy you created. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/38180219e632d6e4ec7bd25a46398da8.png) + > ![Image of Microsoft Endpoint Manager portal18](images/38180219e632d6e4ec7bd25a46398da8.png) ### Attack Surface Reduction – Attack surface reduction rules @@ -220,12 +220,12 @@ different types of endpoint security policies: rules > Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/522d9bb4288dc9c1a957392b51384fdd.png) + > ![Image of Microsoft Endpoint Manager portal19](images/522d9bb4288dc9c1a957392b51384fdd.png) 5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png) + > ![Image of Microsoft Endpoint Manager portal20](images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png) 6. In the **Configuration settings page**: Set the configurations you require for Attack surface reduction rules, then select **Next**. @@ -236,27 +236,27 @@ different types of endpoint security policies: > For more information, see [Attack surface reduction rules](attack-surface-reduction.md). > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/dd0c00efe615a64a4a368f54257777d0.png) + > ![Image of Microsoft Endpoint Manager portal21](images/dd0c00efe615a64a4a368f54257777d0.png) 7. Add Scope Tags as required, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png) + > ![Image of Microsoft Endpoint Manager portal22](images/6daa8d347c98fe94a0d9c22797ff6f28.png) 8. Select groups to include and assign to test group, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png) + > ![Image of Microsoft Endpoint Manager portal23](images/45cefc8e4e474321b4d47b4626346597.png) 9. Review the details, then select **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/2c2e87c5fedc87eba17be0cdeffdb17f.png) + > ![Image of Microsoft Endpoint Manager portal24](images/2c2e87c5fedc87eba17be0cdeffdb17f.png) 10. View the policy. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/7a631d17cc42500dacad4e995823ffef.png) + > ![Image of Microsoft Endpoint Manager portal25](images/7a631d17cc42500dacad4e995823ffef.png) ### Attack Surface Reduction – Web Protection @@ -269,12 +269,12 @@ different types of endpoint security policies: 4. Select **Windows 10 and Later – Web protection > Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png) + > ![Image of Microsoft Endpoint Manager portal26](images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png) 5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/5be573a60cd4fa56a86a6668b62dd808.png) + > ![Image of Microsoft Endpoint Manager portal27](images/5be573a60cd4fa56a86a6668b62dd808.png) 6. In the **Configuration settings page**: Set the configurations you require for Web Protection, then select **Next**. @@ -285,27 +285,27 @@ different types of endpoint security policies: > For more information, see [Web Protection](web-protection-overview.md). > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6104aa33a56fab750cf30ecabef9f5b6.png) + > ![Image of Microsoft Endpoint Manager portal28](images/6104aa33a56fab750cf30ecabef9f5b6.png) 7. Add **Scope Tags as required > Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png) + > ![Image of Microsoft Endpoint Manager portal29](images/6daa8d347c98fe94a0d9c22797ff6f28.png) 8. Select **Assign to test group > Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png) + > ![Image of Microsoft Endpoint Manager portal30](images/45cefc8e4e474321b4d47b4626346597.png) 9. Select **Review and Create > Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/8ee0405f1a96c23d2eb6f737f11c1ae5.png) + > ![Image of Microsoft Endpoint Manager portal31](images/8ee0405f1a96c23d2eb6f737f11c1ae5.png) 10. View the policy. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/e74f6f6c150d017a286e6ed3dffb7757.png) + > ![Image of Microsoft Endpoint Manager portal32](images/e74f6f6c150d017a286e6ed3dffb7757.png) ## Validate configuration settings @@ -323,22 +323,22 @@ To confirm that the configuration policy has been applied to your test device, f steps above. The following example shows the next generation protection settings. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/43ab6aa74471ee2977e154a4a5ef2d39.png) ](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal33](images/43ab6aa74471ee2977e154a4a5ef2d39.png) ](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox) 2. Select the **Configuration Policy** to view the policy status. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/55ecaca0e4a022f0e29d45aeed724e6c.png) ](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal34](images/55ecaca0e4a022f0e29d45aeed724e6c.png) ](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox) 3. Select **Device Status** to see the status. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/18a50df62cc38749000dbfb48e9a4c9b.png) ](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal35](images/18a50df62cc38749000dbfb48e9a4c9b.png) ](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox) 4. Select **User Status** to see the status. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/4e965749ff71178af8873bc91f9fe525.png) ](images/4e965749ff71178af8873bc91f9fe525.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal36](images/4e965749ff71178af8873bc91f9fe525.png) ](images/4e965749ff71178af8873bc91f9fe525.png#lightbox) 5. Select **Per-setting status** to see the status. @@ -346,7 +346,7 @@ To confirm that the configuration policy has been applied to your test device, f >This view is very useful to identify any settings that conflict with another policy. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/42acc69d0128ed09804010bdbdf0a43c.png) ](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal37](images/42acc69d0128ed09804010bdbdf0a43c.png) ](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox) ### Endpoint detection and response @@ -355,13 +355,13 @@ To confirm that the configuration policy has been applied to your test device, f Protection service should not be started. > [!div class="mx-imgBorder"] - > [ ![Image of Services panel](images/b418a232a12b3d0a65fc98248dbb0e31.png) ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox) + > [ ![Image of Services panel1](images/b418a232a12b3d0a65fc98248dbb0e31.png) ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox) 2. After the configuration has been applied, the Defender for Endpoint Protection Service should be started. > [!div class="mx-imgBorder"] - > [ ![Image of Services panel](images/a621b699899f1b41db211170074ea59e.png) ](images/a621b699899f1b41db211170074ea59e.png#lightbox) + > [ ![Image of Services panel2](images/a621b699899f1b41db211170074ea59e.png) ](images/a621b699899f1b41db211170074ea59e.png#lightbox) 3. After the services are running on the device, the device appears in Microsoft Defender Security Center. @@ -375,7 +375,7 @@ To confirm that the configuration policy has been applied to your test device, f manage the settings as shown below. > [!div class="mx-imgBorder"] - > ![Image of setting page](images/88efb4c3710493a53f2840c3eac3e3d3.png) + > ![Image of setting page1](images/88efb4c3710493a53f2840c3eac3e3d3.png) 2. After the policy has been applied, you should not be able to manually manage the settings. @@ -385,7 +385,7 @@ To confirm that the configuration policy has been applied to your test device, f > **Turn on real-time protection** are being shown as managed. > [!div class="mx-imgBorder"] - > ![Image of setting page](images/9341428b2d3164ca63d7d4eaa5cff642.png) + > ![Image of setting page2](images/9341428b2d3164ca63d7d4eaa5cff642.png) ### Attack Surface Reduction – Attack surface reduction rules @@ -400,13 +400,13 @@ To confirm that the configuration policy has been applied to your test device, f > > AttackSurfaceReductionRules_Ids: - ![Image of command line](images/cb0260d4b2636814e37eee427211fe71.png) + ![Image of command line1](images/cb0260d4b2636814e37eee427211fe71.png) 3. After applying the policy on a test device, open a PowerShell Windows and type `Get-MpPreference`. 4. This should respond with the following lines with content as shown below: - ![Image of command line](images/619fb877791b1fc8bc7dfae1a579043d.png) + ![Image of command line2](images/619fb877791b1fc8bc7dfae1a579043d.png) ### Attack Surface Reduction – Web Protection @@ -415,11 +415,11 @@ To confirm that the configuration policy has been applied to your test device, f 2. This should respond with a 0 as shown below. - ![Image of command line](images/196a8e194ac99d84221f405d0f684f8c.png) + ![Image of command line3](images/196a8e194ac99d84221f405d0f684f8c.png) 3. After applying the policy, open a PowerShell Windows and type `(Get-MpPreference).EnableNetworkProtection`. 4. This should respond with a 1 as shown below. - ![Image of command line](images/c06fa3bbc2f70d59dfe1e106cd9a4683.png) + ![Image of command line4](images/c06fa3bbc2f70d59dfe1e106cd9a4683.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index af1d86243f..5ace4fefd0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -181,8 +181,8 @@ You'll need to have access to: 11. Under **Condition**, add the following expression: "length(body('Get_items')?['value'])" and set the condition to equal to 0. ![Image of apply to each condition](images/apply-to-each-value.png) - ![Image of condition](images/conditions-2.png) - ![Image of condition](images/condition3.png) + ![Image of condition1](images/conditions-2.png) + ![Image of condition2](images/condition3.png) ![Image of send email](images/send-email.png) ## Alert notification diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index fcf3f127d0..5719fa1a32 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -81,7 +81,7 @@ Icon | Description ![Alert icon](images/alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks. ![Detection icon](images/detection-icon.png)| Detection – Indication of a malware threat detection. ![Active threat icon](images/active-threat-icon.png)| Active threat – Threats actively executing at the time of detection. -![Remediated icon](images/remediated-icon.png)| Remediated – Threat removed from the device. +![Remediated icon1](images/remediated-icon.png)| Remediated – Threat removed from the device. ![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the device. ![Thunderbolt icon](images/atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. ![Device icon](images/atp-machine-icon.png)| Device icon @@ -116,7 +116,7 @@ Icon | Description ![Terminated by system](images/terminated-by-system.png) | Automated investigation - terminated by system ![Pending icon](images/pending.png) | Automated investigation - pending ![Running icon](images/running.png) | Automated investigation - running -![Remediated icon](images/remediated.png) | Automated investigation - remediated +![Remediated icon2](images/remediated.png) | Automated investigation - remediated ![Partially investigated icon](images/partially_remediated.png) | Automated investigation - partially remediated ![Threat insights icon](images/tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights ![Possible active alert icon](images/tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert