deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

update rbac and add note to restrict app action

Browse Source
This commit is contained in:
Joey Caparas 2018-11-28 14:01:18 -08:00
parent 369040fc8f
commit b2e1c32d38
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 09/03/2018
ms.date: 11/28/2018
---
# Assign user access to Windows Defender Security Center
@ -31,7 +31,7 @@ Windows Defender ATP supports two ways to manage permissions:
> [!NOTE]
>If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
>- Users with full access (Security Administrators) are automatically assigned the default **Global administrator** role, which also has full access. Only global administrators can manage permissions using RBAC.
>- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Windows Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Windows Defender ATP administrator role after switching to RBAC. Only users assigned to the Windows Defender ATP administrator role can manage permissions using RBAC.
>- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
>- After switching to RBAC, you will not be able to switch back to using basic permissions management.

3
windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
ms.date: 11/05/2018
ms.date: 11/28/2018
---
# Take response actions on a machine
@ -122,6 +122,7 @@ In addition to the ability of containing an attack by stopping malicious process
>[!IMPORTANT]
> - This action is available for machines on Windows 10, version 1709 or later.
> - This feature is available if your organization uses Windows Defender Antivirus.
> - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing).