From ad385bcfd4fa4a9481026976ae0de72c4b12e17a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 13 Jul 2020 15:51:13 -0700 Subject: [PATCH 1/8] insider risk --- .../microsoft-defender-atp/advanced-features.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index fc9bf5c636..820db96ff5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -175,6 +175,22 @@ When you enable Intune integration, Intune will automatically create a classic C >[!NOTE] > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. + + +### Insider risk management integration + +Enabling Insider risk management integration gives you the ability to share Microsoft Defender ATP alerts and their triage status with insider risk management user alerts. This helps link Microsoft Defender ATP activities with other risky user activities identified by insider risk management security violation policies. + +### Enable the Microsoft Defender ATP integration for insider risk management from the Azure ATP portal + +1. Log in to the Azure portal with a Global Administrator or Security Administrator role. + +2. Click . + +3. Toggle the Integration setting to **On** and click **Save**. + +After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. + ## Preview features Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. From f1b1eae8e6555d18dd05b54c70aabafd80b5deeb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 13 Jul 2020 16:15:00 -0700 Subject: [PATCH 2/8] header --- .../microsoft-defender-atp/advanced-features.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 820db96ff5..7d241ed7e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -176,8 +176,7 @@ When you enable Intune integration, Intune will automatically create a classic C > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. - -### Insider risk management integration +## Insider risk management integration Enabling Insider risk management integration gives you the ability to share Microsoft Defender ATP alerts and their triage status with insider risk management user alerts. This helps link Microsoft Defender ATP activities with other risky user activities identified by insider risk management security violation policies. From 398bc635b3a1fee0ed6aa3ac8cea62ae0e058e51 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Jul 2020 14:35:19 -0700 Subject: [PATCH 3/8] update to insider risk toggle description --- .../microsoft-defender-atp/advanced-features.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 7d241ed7e3..ac64db9e82 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -176,9 +176,9 @@ When you enable Intune integration, Intune will automatically create a classic C > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. -## Insider risk management integration +## Share endpoint alerts with Microsoft Compliance Center -Enabling Insider risk management integration gives you the ability to share Microsoft Defender ATP alerts and their triage status with insider risk management user alerts. This helps link Microsoft Defender ATP activities with other risky user activities identified by insider risk management security violation policies. +Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. ### Enable the Microsoft Defender ATP integration for insider risk management from the Azure ATP portal From cda1eabccfcf69f766ca326567ff4ec6a21dd37d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Jul 2020 15:13:18 -0700 Subject: [PATCH 4/8] typo --- .../microsoft-defender-atp/advanced-features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index ac64db9e82..93bad18ef6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -184,7 +184,7 @@ Forwards endpoint security alerts and their triage status to Microsoft Complianc 1. Log in to the Azure portal with a Global Administrator or Security Administrator role. -2. Click . +2. Click . 3. Toggle the Integration setting to **On** and click **Save**. From c047bcb691a38b2164f211d468eb07ff6942b541 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 17 Jul 2020 10:13:05 -0700 Subject: [PATCH 5/8] remove --- .../microsoft-defender-atp/advanced-features.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index 93bad18ef6..d3ada4e5ae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -180,14 +180,6 @@ When you enable Intune integration, Intune will automatically create a classic C Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. -### Enable the Microsoft Defender ATP integration for insider risk management from the Azure ATP portal - -1. Log in to the Azure portal with a Global Administrator or Security Administrator role. - -2. Click . - -3. Toggle the Integration setting to **On** and click **Save**. - After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. ## Preview features From 113acf01bc1a4275c41992e870ab922be968a10f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 20 Jul 2020 16:37:52 -0700 Subject: [PATCH 6/8] Added lightbox to one screen shot --- windows/deployment/windows-autopilot/white-glove.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index 7e1e22ef2e..d37fb49c75 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -57,7 +57,7 @@ If these scenarios cannot be completed, Windows Autopilot for white glove deploy To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility: - ![allow white glove](images/allow-white-glove-oobe.png) +[ ![allow white glove](images/allow-white-glove-oobe.png) ](images/allow-white-glove-oobe.png#lightbox) The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. Please make sure not to target both win32 and LOB apps to the same device, as this can make troubleshooting difficult if there are app installation failures. For more information, see [Add a Windows line-of-business app to Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/lob-apps-windows). From d07cb57ce2110239001bfaf0287aa17a8c95c3c5 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 20 Jul 2020 16:49:03 -0700 Subject: [PATCH 7/8] =?UTF-8?q?Removed=20lightbox=20from=20screenshot?= =?UTF-8?q?=E2=80=94image=20is=20too=20small=20to=20benefit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- windows/deployment/windows-autopilot/white-glove.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/white-glove.md b/windows/deployment/windows-autopilot/white-glove.md index d37fb49c75..95c0f4f5d7 100644 --- a/windows/deployment/windows-autopilot/white-glove.md +++ b/windows/deployment/windows-autopilot/white-glove.md @@ -57,7 +57,7 @@ If these scenarios cannot be completed, Windows Autopilot for white glove deploy To enable white glove deployment, an additional Autopilot profile setting must be configured by the customer or IT Admin via their Intune account, prior to beginning the white glove process in the provisioning service facility: -[ ![allow white glove](images/allow-white-glove-oobe.png) ](images/allow-white-glove-oobe.png#lightbox) +![allow white glove](images/allow-white-glove-oobe.png) The Windows Autopilot for white glove deployment pre-provisioning process will apply all device-targeted policies from Intune. That includes certificates, security templates, settings, apps, and more – anything targeting the device. Additionally, any apps (Win32 or LOB) that are configured to install in the device context and targeted to the user that has been pre-assigned to the Autopilot device will also be installed. Please make sure not to target both win32 and LOB apps to the same device, as this can make troubleshooting difficult if there are app installation failures. For more information, see [Add a Windows line-of-business app to Microsoft Intune](https://docs.microsoft.com/mem/intune/apps/lob-apps-windows). From 0d733e441487824216d16d3030ec1cad0a4655cb Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Jul 2020 19:18:22 -0700 Subject: [PATCH 8/8] update endpoint alerts section location --- .../microsoft-defender-atp/advanced-features.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md index d3ada4e5ae..d5802d8faf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md @@ -176,18 +176,18 @@ When you enable Intune integration, Intune will automatically create a classic C > The classic CA policy created by Intune is distinct from modern [Conditional Access policies](https://docs.microsoft.com/azure/active-directory/conditional-access/overview/), which are used for configuring endpoints. -## Share endpoint alerts with Microsoft Compliance Center - -Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. - -After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. - ## Preview features Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. You'll have access to upcoming features, which you can provide feedback on to help improve the overall experience before features are generally available. +## Share endpoint alerts with Microsoft Compliance Center + +Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data. + +After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users. + ## Enable advanced features 1. In the navigation pane, select **Preferences setup** > **Advanced features**.