mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 05:07:23 +00:00
Beth Levin
GitHub
commit
b722ea5079
@ -1727,6 +1727,21 @@
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-defender-atp/overview-secure-score.md",
|
||||
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-defender-atp/secure-score-dashboard.md",
|
||||
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/threat-protection/windows-defender-atp/microsoft-defender-atp/enable-secure-score.md",
|
||||
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configuration-score",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
{
|
||||
"source_path": "windows/security/threat-protection/windows-defender-atp/partner-applications.md",
|
||||
"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/partner-applications",
|
||||
"redirect_document_id": true
|
||||
@ -15705,6 +15720,6 @@
|
||||
"source_path": "windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md",
|
||||
"redirect_url": "https://docs.microsoft.com/configmgr/desktop-analytics/overview",
|
||||
"redirect_document_id": false
|
||||
},
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -108,7 +108,6 @@
|
||||
#### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
|
||||
#### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
|
||||
|
||||
### [Secure score](microsoft-defender-atp/overview-secure-score.md)
|
||||
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
|
||||
|
||||
### [Advanced hunting]()
|
||||
@ -342,9 +341,6 @@
|
||||
#### [Privacy](microsoft-defender-atp/mac-privacy.md)
|
||||
#### [Resources](microsoft-defender-atp/mac-resources.md)
|
||||
|
||||
|
||||
### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
|
||||
|
||||
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
|
||||
|
||||
### [Management and API support]()
|
||||
@ -561,7 +557,6 @@
|
||||
#### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
|
||||
#### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
|
||||
#### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
|
||||
#### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
|
||||
#### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
|
||||
|
||||
### [Permissions]()
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Threat Protection (Windows 10)
|
||||
description: Learn how Microsoft Defender ATP helps protect against threats.
|
||||
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting, cyber threat hunting, web threat protection
|
||||
keywords: threat protection, Microsoft Defender Advanced Threat Protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, configuration score, advanced hunting, cyber threat hunting, web threat protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -105,14 +105,12 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
|
||||
|
||||
<a name="ss"></a>
|
||||
|
||||
**[Secure score](microsoft-defender-atp/overview-secure-score.md)**<br>
|
||||
**[Configuration Score](microsoft-defender-atp/configuration-score.md)**<br>
|
||||
>[!NOTE]
|
||||
> Secure score is now part of [Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) as [Configuration score](microsoft-defender-atp/configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
|
||||
> Secure score is now part of [Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) as [Configuration score](microsoft-defender-atp/configuration-score.md).
|
||||
|
||||
Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
|
||||
- [Asset inventory](microsoft-defender-atp/secure-score-dashboard.md)
|
||||
- [Recommended improvement actions](microsoft-defender-atp/secure-score-dashboard.md)
|
||||
- [Secure score](microsoft-defender-atp/overview-secure-score.md)
|
||||
Microsoft Defender ATP includes a configuration score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
|
||||
- [Configuration score](microsoft-defender-atp/configuration-score.md)
|
||||
- [Threat analytics](microsoft-defender-atp/threat-analytics.md)
|
||||
|
||||
<a name="mte"></a>
|
||||
|
||||
@ -108,6 +108,10 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct
|
||||
>[!NOTE]
|
||||
>You'll need to have the appropriate license to enable this feature.
|
||||
|
||||
## Microsoft Secure Score
|
||||
|
||||
Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning this feature on gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
|
||||
|
||||
### Enable the Microsoft Defender ATP integration from the Azure ATP portal
|
||||
|
||||
To receive contextual machine integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
|
||||
@ -185,4 +189,3 @@ You'll have access to upcoming features which you can provide feedback on to hel
|
||||
- [Update data retention settings](data-retention-settings.md)
|
||||
- [Configure alert notifications](configure-email-notifications.md)
|
||||
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
|
||||
- [Enable Secure Score security controls](enable-secure-score.md)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Overview of Configuration score in Microsoft Defender Security Center
|
||||
description: Expand your visibility into the overall security configuration posture of your organization
|
||||
description: Your configuration score shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls
|
||||
keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
@ -8,45 +8,50 @@ ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: dolmont
|
||||
author: DulceMontemayor
|
||||
ms.author: ellevin
|
||||
author: levinec
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/11/2019
|
||||
---
|
||||
# Configuration score
|
||||
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
>[!NOTE]
|
||||
> Secure score is now part of Threat & Vulnerability Management as Configuration score. The secure score page will be available for a few weeks.
|
||||
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
|
||||
|
||||
The Microsoft Defender Advanced Threat Protection Configuration score gives you visibility and control over the security posture of your organization based on security best practices. High configuration score means your endpoints are more resilient from cybersecurity threat attacks.
|
||||
Your Configuration score is visible in the Threat & Vulnerability Management dashboard of the Microsoft Defender Security Center. It reflects the collective security configuration state of your machines across the following categories:
|
||||
|
||||
Your configuration score widget shows the collective security configuration state of your machines across the following categories:
|
||||
- Application
|
||||
- Operating system
|
||||
- Network
|
||||
- Accounts
|
||||
- Security controls
|
||||
|
||||
## How it works
|
||||
>[!NOTE]
|
||||
> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
|
||||
A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks.
|
||||
|
||||
## How it works
|
||||
|
||||
>[!NOTE]
|
||||
> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
|
||||
|
||||
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
|
||||
|
||||
The data in the configuration score widget is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
|
||||
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
|
||||
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction) by remediating the misconfiguration
|
||||
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
|
||||
- Collect and monitor changes of security control configuration state from all assets
|
||||
|
||||
From the widget, you'd be able to see which security aspect requires attention. You can click the configuration score categories and it will take you to the **Security recommendations** page to see more details and understand the context of the issue. From there, you can act on them based on security benchmarks.
|
||||
From the widget, you'd be able to see which security aspect requires attention. You can click the configuration score categories and it will take you to the **Security recommendations** page to see more details and understand the context of the issue. From there, you can act on them based on security benchmarks.
|
||||
|
||||
## Improve your configuration score
|
||||
|
||||
The goal is to remediate the issues in the security recommendations list to improve your configuration score. You can filter the view based on:
|
||||
|
||||
- **Related component** — **Accounts**, **Application**, **Network**, **OS**, or **Security controls**
|
||||
- **Remediation type** — **Configuration change** or **Software update**
|
||||
|
||||
@ -64,6 +69,7 @@ See how you can [improve your security configuration](https://docs.microsoft.com
|
||||
>2. Key-in the security update KB number that you need to download, then click **Search**.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
||||
@ -78,4 +84,3 @@ See how you can [improve your security configuration](https://docs.microsoft.com
|
||||
- [Software APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/software)
|
||||
- [Vulnerability APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
||||
- [Recommendation APIs](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/vulnerability)
|
||||
|
||||
|
||||
@ -100,5 +100,4 @@ This section lists various issues that you may encounter when using email notifi
|
||||
## Related topics
|
||||
- [Update data retention settings](data-retention-settings.md)
|
||||
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
|
||||
- [Enable Secure Score security controls](enable-secure-score.md)
|
||||
- [Configure advanced features](advanced-features.md)
|
||||
|
||||
@ -44,5 +44,4 @@ During the onboarding process, a wizard takes you through the general settings o
|
||||
- [Update data retention settings](data-retention-settings.md)
|
||||
- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
|
||||
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
|
||||
- [Enable Secure Score security controls](enable-secure-score.md)
|
||||
- [Configure advanced features](advanced-features.md)
|
||||
|
||||
@ -38,7 +38,7 @@ Set the baselines for calculating the score of security controls on the Secure S
|
||||
3. Click **Save preferences**.
|
||||
|
||||
## Related topics
|
||||
- [View the Secure Score dashboard](secure-score-dashboard.md)
|
||||
- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Update data retention settings for Microsoft Defender ATP](data-retention-settings.md)
|
||||
- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
|
||||
- [Enable and create Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
|
||||
|
||||
@ -78,7 +78,7 @@ Filter by machines that are well configured or require attention based on the se
|
||||
- **Well configured** - Machines have the security controls well configured.
|
||||
- **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization.
|
||||
|
||||
For more information, see [View the Secure Score dashboard](secure-score-dashboard.md).
|
||||
For more information, see [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md).
|
||||
|
||||
### Threat mitigation status
|
||||
|
||||
|
||||
@ -98,11 +98,11 @@ In conjunction with being able to quickly respond to advanced attacks, Microsoft
|
||||
|
||||
<a name="ss"></a>
|
||||
|
||||
**[Secure score](overview-secure-score.md)**<br>
|
||||
**[Configuration score](configuration-score.md)**<br>
|
||||
> [!NOTE]
|
||||
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
|
||||
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md).
|
||||
|
||||
Microsoft Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
|
||||
Microsoft Defender ATP includes a configuration score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
|
||||
|
||||
<a name="mte"></a>
|
||||
|
||||
|
||||
@ -95,9 +95,6 @@
|
||||
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
|
||||
|
||||
|
||||
### [Secure score](overview-secure-score.md)
|
||||
|
||||
|
||||
### [Threat analytics](threat-analytics.md)
|
||||
|
||||
|
||||
@ -298,8 +295,6 @@
|
||||
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
|
||||
|
||||
### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
|
||||
|
||||
|
||||
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
|
||||
|
||||
@ -481,7 +476,6 @@
|
||||
##### [Update data retention settings](data-retention-settings.md)
|
||||
##### [Configure alert notifications](configure-email-notifications.md)
|
||||
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
|
||||
##### [Enable Secure score security controls](enable-secure-score.md)
|
||||
##### [Configure advanced features](advanced-features.md)
|
||||
|
||||
#### [Permissions]()
|
||||
|
||||
@ -31,7 +31,6 @@ Topic | Description
|
||||
:---|:---
|
||||
[Configure attack surface reduction capabilities](configure-attack-surface-reduction.md) | By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
|
||||
[Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) | Configure next generation protection to catch all types of emerging threats.
|
||||
[Configure Secure score dashboard security controls](secure-score-dashboard.md) | Configure the security controls in Secure score to increase the security posture of your organization.
|
||||
[Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) | Configure and manage how you would like to get cybersecurity threat intelligence from Microsoft Threat Experts.
|
||||
[Configure Microsoft Threat Protection integration](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/threat-protection-integration)| Configure other solutions that integrate with Microsoft Defender ATP.
|
||||
[Management and API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/management-apis)| Pull alerts to your SIEM or use APIs to create custom alerts. Create and build Power BI reports.
|
||||
|
||||
@ -1,93 +0,0 @@
|
||||
---
|
||||
title: Overview of Secure score in Microsoft Defender Security Center
|
||||
description: Expand your visibility into the overall security posture of your organization
|
||||
keywords: secure score, security controls, improvement opportunities, security score over time, score, posture, baseline
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Overview of Secure score in Microsoft Defender Security Center
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
>[!NOTE]
|
||||
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks.
|
||||
|
||||
The Secure score dashboard expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. From there you can take action based on the recommended configuration baselines.
|
||||
|
||||
>[!IMPORTANT]
|
||||
> This feature is available for machines on Windows 10, version 1703 or later.
|
||||
|
||||
|
||||
The **Secure score dashboard** displays a snapshot of:
|
||||
- Microsoft secure score
|
||||
- Secure score over time
|
||||
- Top recommendations
|
||||
- Improvement opportunities
|
||||
|
||||
|
||||
|
||||
|
||||
## Microsoft secure score
|
||||
The Microsoft secure score tile is reflective of the sum of all the security controls that are configured according to the recommended Windows baseline and Office 365 controls. It allows you to drill down into each portal for further analysis. You can also improve this score by taking the steps in configuring each of the security controls in the optimal settings.
|
||||
|
||||
|
||||
|
||||
Each Microsoft security control contributes 100 points to the score. The total number is reflective of the score potential and calculated by multiplying the number of supported Microsoft security controls (security controls pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar).
|
||||
|
||||
The Office 365 Secure Score looks at your settings and activities and compares them to a baseline established by Microsoft. For more information, see [Introducing the Office 365 Secure Score](https://support.office.com/article/introducing-the-office-365-secure-score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef#howtoaccess).
|
||||
|
||||
In the example image, the total points for the security controls and Office 365 add up to 602 points.
|
||||
|
||||
You can set the baselines for calculating the security control scores on the Secure score dashboard through the **Settings**. For more information, see [Enable Secure score security controls](enable-secure-score.md).
|
||||
|
||||
## Secure score over time
|
||||
You can track the progression of your organizational security posture over time using this tile. It displays the overall score in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
|
||||
|
||||
|
||||
|
||||
You can mouse over specific date points to see the total score for that security control is on a specific date.
|
||||
|
||||
|
||||
## Top recommendations
|
||||
Reflects specific actions you can take to significantly increase the security stance of your organization and how many points will be added to the secure score if you take the recommended action.
|
||||
|
||||
|
||||
|
||||
## Improvement opportunities
|
||||
Improve your score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
|
||||
|
||||
Clicking on the affected machines link at the top of the table takes you to the Machines list. The list is filtered to reflect the list of machines where improvements can be made.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Within the tile, you can click on each control to see the recommended optimizations.
|
||||
|
||||
Clicking the link under the **Misconfigured machines** column opens up the **Machines list** with filters applied to show only the list of machines where the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
|
||||
|
||||
## Related topic
|
||||
- [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Remediation](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
- [Weaknesses](tvm-weaknesses.md)
|
||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
- [Threat analytics](threat-analytics.md)
|
||||
|
||||
@ -38,7 +38,7 @@ Topic | Description
|
||||
[Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) | Learn about the antivirus capabilities in Microsoft Defender ATP so you can protect desktops, portable computers, and servers.
|
||||
[Endpoint detection and response](overview-endpoint-detection-response.md) | Understand how Microsoft Defender ATP continuously monitors your organization for possible attacks against systems, networks, or users in your organization and the features you can use to mitigate and remediate threats.
|
||||
[Automated investigation and remediation](automated-investigations.md) | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
|
||||
[Secure score](overview-secure-score.md) | Quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to better protect your organization - all in one place.
|
||||
[Configuration score](configuration-score.md) | Your configuration score shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls.
|
||||
[Microsoft Threat Experts](microsoft-threat-experts.md) | Managed cybersecurity threat hunting service. Learn how you can get expert-driven insights and data through targeted attack notification and access to experts on demand. <p><p>**NOTE:** <p>Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.<p>If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a 90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on Demand subscription.
|
||||
[Advanced hunting](advanced-hunting-overview.md) | Use a powerful query-based threat-hunting tool to proactively find breach activity and create custom detection rules.
|
||||
[Management and APIs](management-apis.md) | Microsoft Defender ATP supports a wide variety of tools to help you manage and interact with the platform so that you can integrate the service into your existing workflows.
|
||||
|
||||
@ -122,5 +122,5 @@ Icon | Description
|
||||
## Related topics
|
||||
- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md)
|
||||
- [View the Security operations dashboard](security-operations-dashboard.md)
|
||||
- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md)
|
||||
- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)
|
||||
|
||||
@ -36,33 +36,33 @@ Capability | Description
|
||||
**Threat and Vulnerability Management** | This built-in capability uses a game-changing risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
|
||||
**Attack Surface Reduction** | The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
|
||||
**Next Generation Protection** | To further reinforce the security perimeter of the organizations network, Microsoft Defender ATP uses next generation protection designed to catch all types of emerging threats.
|
||||
**Endpoint Detection & Response** | Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
|
||||
**Auto Investigation & Remediation** | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
|
||||
**Endpoint Detection & Response** | Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
|
||||
**Auto Investigation & Remediation** | In conjunction with being able to quickly respond to advanced attacks, Microsoft Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
|
||||
**Microsoft Threat Experts** | Microsoft Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately.
|
||||
**Secure Score** | Microsoft Defender ATP includes a secure score to help dynamically assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organization.
|
||||
**Configuration Score** | Microsoft Defender ATP includes configuration score to help dynamically assess the security state of the enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of the organization.
|
||||
**Advance Hunting** | Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in the organization.
|
||||
**Management and API** | Integrate Microsoft Defender Advanced Threat Protection into existing workflows.
|
||||
**Microsoft Threat Protection** | Microsoft Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to the organization. | |
|
||||
|
||||
Microsoft Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
|
||||
|
||||
- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
|
||||
- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
|
||||
collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
|
||||
|
||||
|
||||
- **Cloud security analytics**: Leveraging big-data, machine-learning, and
|
||||
- **Cloud security analytics**: Leveraging big-data, machine-learning, and
|
||||
unique Microsoft optics across the Windows ecosystem,
|
||||
enterprise cloud products (such as Office 365), and online assets, behavioral signals
|
||||
are translated into insights, detections, and recommended responses
|
||||
to advanced threats.
|
||||
|
||||
- **Threat intelligence**: Generated by Microsoft hunters, security teams,
|
||||
- **Threat intelligence**: Generated by Microsoft hunters, security teams,
|
||||
and augmented by threat intelligence provided by partners, threat
|
||||
intelligence enables Microsoft Defender ATP to identify attacker
|
||||
tools, techniques, and procedures, and generate alerts when these
|
||||
are observed in collected sensor data.
|
||||
|
||||
## Licensing requirements
|
||||
|
||||
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
|
||||
|
||||
- Windows 10 Enterprise E5
|
||||
@ -71,4 +71,5 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
|
||||
- Microsoft 365 A5 (M365 A5)
|
||||
|
||||
## Related topic
|
||||
|
||||
- [Prepare deployment](prepare-deployment.md)
|
||||
@ -1,315 +0,0 @@
|
||||
---
|
||||
title: Configure the security controls in Secure score
|
||||
description: Configure the security controls in Secure score
|
||||
keywords: secure score, dashboard, security recommendations, security control state, security score, score improvement, microsoft secure score, security controls, security control, improvement opportunities, edr, antivirus, av, os security updates
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: dolmont
|
||||
author: DulceMontemayor
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Configure the security controls in Secure score
|
||||
|
||||
**Applies to:**
|
||||
|
||||
* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
> [!NOTE]
|
||||
> Secure score is now part of [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) as [Configuration score](configuration-score.md). The secure score page will be available for a few weeks. View the [Secure score](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-secure-score) page.
|
||||
|
||||
Each security control lists recommendations that you can take to increase the security posture of your organization.
|
||||
|
||||
### Endpoint detection and response (EDR) optimization
|
||||
|
||||
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for your Endpoint detection and response tool.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is available for machines on Windows 10, version 1607 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for EDR
|
||||
|
||||
* Microsoft Defender ATP sensor is on
|
||||
* Data collection is working correctly
|
||||
* Communication to Microsoft Defender ATP service is not impaired
|
||||
|
||||
##### Recommended actions
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
* Turn on sensor
|
||||
* Fix sensor data collection
|
||||
* Fix impaired communications
|
||||
|
||||
For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
|
||||
|
||||
### Windows Defender Antivirus (Windows Defender AV) optimization
|
||||
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Windows Defender AV.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is available for machines on Windows 10, version 1607 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for Windows Defender AV:
|
||||
A well-configured machine for Windows Defender AV meets the following requirements:
|
||||
|
||||
- Windows Defender AV is reporting correctly
|
||||
- Windows Defender AV is turned on
|
||||
- Security intelligence is up-to-date
|
||||
- Real-time protection is on
|
||||
- Potentially Unwanted Application (PUA) protection is enabled
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
>[!NOTE]
|
||||
> For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the machine.
|
||||
|
||||
- Fix antivirus reporting
|
||||
- This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
|
||||
- Turn on antivirus
|
||||
- Update antivirus Security intelligence
|
||||
- Turn on real-time protection
|
||||
- Turn on PUA protection
|
||||
|
||||
For more information, see [Configure Windows Defender Antivirus](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md).
|
||||
|
||||
### OS security updates optimization
|
||||
|
||||
This tile shows you the number of machines that require the latest security updates. It also shows machines that are running on the latest Windows Insider preview build and serves as a reminder to ensure that users should run the latest builds.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This feature is available for machines on Windows 10, version 1607 or later.
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
* Install the latest security updates
|
||||
* Fix sensor data collection
|
||||
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
|
||||
|
||||
For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/help/4027322/windows-windows-update-troubleshooter).
|
||||
|
||||
### Windows Defender Exploit Guard (Windows Defender EG) optimization
|
||||
<!-- Should we delete this section? When is the GUI getting updated? -->
|
||||
|
||||
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on machines to meet the minimum baseline configuration setting for Microsoft Defender EG. When endpoints are configured according to the baseline the Microsoft Defender EG events shows on the Microsoft Defender ATP Machine timeline.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This security control is only applicable for machines with Windows 10, version 1709 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for Windows Defender EG
|
||||
|
||||
Machines are considered "well configured" for Microsoft Defender EG if the following requirements are met:
|
||||
|
||||
* System level protection settings are configured correctly
|
||||
* Attack Surface Reduction rules are configured correctly
|
||||
* Controlled Folder Access setting is configured correctly
|
||||
|
||||
##### System level protection
|
||||
|
||||
The following system level configuration settings must be set to **On or Force On**:
|
||||
|
||||
1. Control Flow Guard
|
||||
2. Data Execution Prevention (DEP)
|
||||
3. Randomize memory allocations (Bottom-up ASLR)
|
||||
4. Validate exception chains (SEHOP)
|
||||
5. Validate heap integrity
|
||||
|
||||
> [!NOTE]
|
||||
> The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
|
||||
> Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
|
||||
|
||||
##### Attack Surface Reduction (ASR) rules
|
||||
|
||||
The following ASR rules must be configured to **Block mode**:
|
||||
|
||||
Rule description | GUIDs
|
||||
-|-
|
||||
Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
|
||||
Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
|
||||
Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
|
||||
Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
|
||||
Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
|
||||
Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
|
||||
|
||||
> [!NOTE]
|
||||
> The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
|
||||
> Consider enabling this rule in **Audit** or **Block mode** for better protection.
|
||||
|
||||
##### Controlled Folder Access
|
||||
|
||||
The Controlled Folder Access setting must be configured to **Audit mode** or **Enabled**.
|
||||
|
||||
> [!NOTE]
|
||||
> Audit mode, allows you to see audit events in the Microsoft Defender ATP Machine timeline however it does not block suspicious applications.
|
||||
> Consider enabling Controlled Folder Access for better protection.
|
||||
|
||||
##### Recommended actions
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
- Turn on all system-level Exploit Protection settings
|
||||
- Set all ASR rules to enabled or audit mode
|
||||
- Turn on Controlled Folder Access
|
||||
- Turn on Windows Defender Antivirus on compatible machines
|
||||
|
||||
### Windows Defender Application Guard (Windows Defender AG) optimization
|
||||
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Windows Defender AG. When endpoints are configured according to the baseline, Windows Defender AG events shows on the Microsoft Defender ATP Machine timeline.
|
||||
|
||||
A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender AG. When endpoints are configured according to the baseline, Microsoft Defender AG events shows on the Microsoft Defender ATP Machine timeline.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This security control is only applicable for machines with Windows 10, version 1709 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for Windows Defender AG:
|
||||
A well-configured machine for Windows Defender AG meets the following requirements:
|
||||
|
||||
- Hardware and software prerequisites are met
|
||||
- Windows Defender AG is turned on compatible machines
|
||||
- Managed mode is turned on
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
* Ensure hardware and software prerequisites are met
|
||||
|
||||
> [!NOTE]
|
||||
> This improvement item does not contribute to the security score in itself because it's not a prerequisite for Microsoft Defender AG. It gives an indication of a potential reason why Microsoft Defender AG is not turned on.
|
||||
|
||||
* Turn on Microsoft Defender AG on compatible machines
|
||||
* Turn on managed mode
|
||||
|
||||
For more information, see [Microsoft Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
|
||||
|
||||
### Windows Defender SmartScreen optimization
|
||||
|
||||
A well-configured machine complies to a minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender SmartScreen.
|
||||
|
||||
> [!WARNING]
|
||||
> Data collected by Microsoft Defender SmartScreen might be stored and processed outside of the storage location you have selected for your Microsoft Defender ATP data.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This security control is only applicable for machines with Windows 10, version 1709 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for Windows Defender SmartScreen:
|
||||
|
||||
The following settings must be configured with the following settings:
|
||||
|
||||
* Check apps and files: **Warn** or **Block**
|
||||
* Microsoft Defender SmartScreen for Microsoft Edge: **Warn** or **Block**
|
||||
* Microsoft Defender SmartScreen for Microsoft store apps: **Warn** or **Off**
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
- Set **Check app and files** to **Warn** or **Block**
|
||||
- Set **Windows Defender SmartScreen for Microsoft Edge** to **Warn** or **Block**
|
||||
- Set **Windows Defender SmartScreen for Microsoft store apps** to **Warn** or **Off**
|
||||
|
||||
For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
|
||||
|
||||
* Set **Check app and files** to **Warn** or **Block**
|
||||
* Set **Windows Defender SmartScreen for Microsoft Edge** to **Warn** or **Block**
|
||||
* Set **Windows Defender SmartScreen for Microsoft store apps** to **Warn** or **Off**
|
||||
|
||||
For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
|
||||
|
||||
### Windows Defender Firewall optimization
|
||||
|
||||
A well-configured machine must have Microsoft Defender Firewall turned on and enabled for all profiles so that inbound connections are blocked by default. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Microsoft Defender Firewall.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This security control is only applicable for machines with Windows 10, version 1709 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for Windows Defender Firewall
|
||||
|
||||
* Microsoft Defender Firewall is turned on for all network connections
|
||||
* Secure domain profile by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
|
||||
* Secure private profile by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
|
||||
* Secure public profile is configured by enabling Microsoft Defender Firewall and ensure that Inbound connections are set to Blocked
|
||||
|
||||
For more information on Windows Defender Firewall settings, see [Planning settings for a basic firewall policy](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy).
|
||||
|
||||
> [!NOTE]
|
||||
> If Windows Defender Firewall is not your primary firewall, consider excluding it from the security score calculations and make sure that your third-party firewall is configured in a securely.
|
||||
|
||||
##### Recommended actions
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
* Turn on firewall
|
||||
* Secure domain profile
|
||||
* Secure private profile
|
||||
* Secure public profile
|
||||
* Verify secure configuration of third-party firewall
|
||||
* Fix sensor data collection
|
||||
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
|
||||
|
||||
For more information, see [Windows Defender Firewall with Advanced Security](https://docs.microsoft.com/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security).
|
||||
|
||||
### BitLocker optimization
|
||||
|
||||
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for BitLocker.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This security control is only applicable for machines with Windows 10, version 1803 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for BitLocker
|
||||
|
||||
* Ensure all supported drives are encrypted
|
||||
* Ensure that all suspended protection on drives resume protection
|
||||
* Ensure that drives are compatible
|
||||
|
||||
##### Recommended actions
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
* Encrypt all supported drives
|
||||
* Resume protection on all drives
|
||||
* Ensure drive compatibility
|
||||
* Fix sensor data collection
|
||||
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
|
||||
|
||||
For more information, see [Bitlocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview).
|
||||
|
||||
### Windows Defender Credential Guard optimization
|
||||
A well-configured machine complies to the minimum baseline configuration setting. This tile shows you a list of actions to apply on endpoints to meet the minimum baseline configuration setting for Windows Defender Credential Guard.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> This security control is only applicable for machines with Windows 10, version 1709 or later.
|
||||
|
||||
#### Minimum baseline configuration setting for Windows Defender Credential Guard:
|
||||
Well-configured machines for Windows Defender Credential Guard meets the following requirements:
|
||||
|
||||
- Hardware and software prerequisites are met
|
||||
- Windows Defender Credential Guard is turned on compatible machines
|
||||
|
||||
##### Recommended actions
|
||||
|
||||
You can take the following actions to increase the overall security score of your organization:
|
||||
|
||||
* Ensure hardware and software prerequisites are met
|
||||
* Turn on Credential Guard
|
||||
* Fix sensor data collection
|
||||
* The Microsoft Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. It's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealthy-sensors.md).
|
||||
|
||||
For more information, see [Manage Windows Defender Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-manage).
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink)
|
||||
|
||||
## Related topics
|
||||
|
||||
* [Overview of Secure score](overview-secure-score.md)
|
||||
* [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
||||
* [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)
|
||||
* [Exposure score](tvm-exposure-score.md)
|
||||
* [Configuration score](configuration-score.md)
|
||||
* [Security recommendations](tvm-security-recommendation.md)
|
||||
* [Remediation](tvm-remediation.md)
|
||||
* [Software inventory](tvm-software-inventory.md)
|
||||
* [Weaknesses](tvm-weaknesses.md)
|
||||
* [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
@ -121,5 +121,5 @@ Click the user account to see details about the user account. For more informati
|
||||
## Related topics
|
||||
- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md)
|
||||
- [Portal overview](portal-overview.md)
|
||||
- [View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md)
|
||||
- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)
|
||||
|
||||
@ -85,8 +85,9 @@ To lower down your threat and vulnerability exposure:
|
||||
6. Review the machine **Security recommendation** tab again. The recommendation you've chosen to remediate is removed from the security recommendation list, and the exposure score decreases.
|
||||
|
||||
## Improve your security configuration
|
||||
|
||||
>[!NOTE]
|
||||
> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md). The secure score page is available for a few weeks. View the [secure score](https://securitycenter.windows.com/securescore) page.
|
||||
> Secure score is now part of Threat & Vulnerability Management as [configuration score](configuration-score.md).
|
||||
|
||||
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
|
||||
|
||||
|
||||
@ -66,10 +66,10 @@ When you submit a remediation request from Threat & Vulnerability Management, it
|
||||
|
||||
It creates a security task which will be tracked in Threat & Vulnerability Management **Remediation** page, and it also creates a remediation ticket in Microsoft Intune.
|
||||
|
||||
The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
|
||||
The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the **Remediation** page. You can mark the remediation activity as completed after the IT administration team remediates the task.
|
||||
|
||||
## When to file for exception instead of remediating issues
|
||||
You can file exceptions to exclude certain recommendation from showing up in reports and affecting risk scores or secure scores.
|
||||
You can file exceptions to exclude certain recommendation from showing up in reports and affecting your configuration score.
|
||||
|
||||
When you select a security recommendation, it opens up a flyout screen with details and options for your next step. You can either **Open software page**, choose from **Remediation options**, go through **Exception options** to file for exceptions, or **Report inaccuracy**.
|
||||
|
||||
@ -113,10 +113,10 @@ Clicking the link opens up to the **Security recommendations** page, where you c
|
||||
- **In effect** - The exception that you've filed is in progress
|
||||
|
||||
### Exception impact on scores
|
||||
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Secure Score (for configurations) of your organization in the following manner:
|
||||
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Configuration Score (for configurations) of your organization in the following manner:
|
||||
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
|
||||
- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
|
||||
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Secure Score results out of the exception option that you made
|
||||
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Configuration Score results out of the exception option that you made
|
||||
|
||||
The exception impact shows on both the Security recommendations page column and in the flyout pane.
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ Microsoft Defender Security Center is the portal where you can access Microsoft
|
||||
|
||||
Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network.
|
||||
|
||||
Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
|
||||
Use the **Threat & Vulnerability Management** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization.
|
||||
|
||||
Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown.
|
||||
|
||||
@ -39,5 +39,5 @@ Topic | Description
|
||||
:---|:---
|
||||
[Portal overview](portal-overview.md) | Understand the portal layout and area descriptions.
|
||||
[View the Security operations dashboard](security-operations-dashboard.md) | The Microsoft Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
|
||||
[View the Secure Score dashboard and improve your secure score](secure-score-dashboard.md) | The **Secure Score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
|
||||
[View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) | The **Threat & Vulnerability Management dashboard** lets you view exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines.
|
||||
[View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to threats. Use the charts to quickly identify machines for the presence or absence of mitigations.
|
||||
@ -34,7 +34,7 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender
|
||||
| |Advantage |Why it matters |
|
||||
|--|--|--|
|
||||
|1|Antivirus signal sharing |Microsoft applications and services share signals across your enterprise organization, providing a stronger single platform. See [Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP](https://www.microsoft.com/security/blog/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). |
|
||||
|2|Threat analytics and your secure score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [secure score](../microsoft-defender-atp/overview-secure-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|
||||
|2|Threat analytics and your configuration score |Windows Defender Antivirus collects underlying system data used by [threat analytics](../microsoft-defender-atp/threat-analytics.md) and [configuration score](../microsoft-defender-atp/configuration-score.md). This provides your organization's security team with more meaningful information, such as recommendations and opportunities to improve your organization's security posture. |
|
||||
|3|Performance |Microsoft Defender ATP is designed to work with Windows Defender Antivirus, so you get better performance when you use these offerings together. [Evaluate Windows Defender Antivirus](evaluate-windows-defender-antivirus.md) and [Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md).|
|
||||
|4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).|
|
||||
|5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).|
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user