diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index 348d00243a..c2c7870398 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -65,6 +66,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Screenshots and Snips have an unnatural orange tint
Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed

See details >		OS Build 18362.356

September 10, 2019
KB4516115		Resolved External
September 11, 2019
08:54 PM PT
Windows Desktop Search may not return any results and may have high CPU usage
Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.

See details >		OS Build 18362.329

August 30, 2019
KB4512941		Resolved
KB4515384		September 10, 2019
10:00 AM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4512941		August 30, 2019
10:00 AM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4512941		August 30, 2019
10:00 AM PT
+
DetailsOriginating updateStatusHistory
Screenshots and Snips have an unnatural orange tint
When creating screenshots or using similar tools (such as Snipping Tool or Snip & Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage. This issue started on or around September 5, 2019. 

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: None
Resolution: For guidance on this issue, see the Lenovo support article Screenshots and Snips have an unnatural orange tint. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.356

September 10, 2019
KB4516115		Resolved External
Last updated:
September 11, 2019
08:54 PM PT

Opened:
September 11, 2019
08:54 PM PT
Windows Desktop Search may not return any results and may have high CPU usage
Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing KB4512941. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been disabled.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4515384.

Back to top		OS Build 18362.329

August 30, 2019
KB4512941		Resolved
KB4515384		Resolved:
September 10, 2019
10:00 AM PT

Opened:
September 04, 2019
02:25 PM PT
" diff --git a/windows/release-information/status-windows-10-1803.yml b/windows/release-information/status-windows-10-1803.yml index a227eb41e0..1fe49fd40a 100644 --- a/windows/release-information/status-windows-10-1803.yml +++ b/windows/release-information/status-windows-10-1803.yml @@ -65,6 +65,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -86,6 +87,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not respond to \"wake up\" from sleep.

See details >		OS Build 17134.950

August 13, 2019
KB4512501		Mitigated
September 11, 2019
05:32 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17134.915

July 16, 2019
KB4507466		Resolved
KB4512501		August 13, 2019
10:00 AM PT
Notification issue: \"Your device is missing important security and quality fixes.\"
Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes.\"

See details >		N/A

Resolved
September 03, 2019
12:32 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17134.829

June 11, 2019
KB4503286		Resolved
KB4512509		August 19, 2019
02:00 PM PT
+
DetailsOriginating updateStatusHistory
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
After installing KB4512501, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803
Workaround: To mitigate the issue, use the following steps:
  1. Close the Windows Mixed Reality Portal, if it is running.
  2. Open Task Manager by selecting the Start button and typing Task Manager.
  3. In Task Manager under the Processes tab, right click or long press on “Windows Explorer” and select restart.
  4. You can now open the Windows Mixed Reality Portal.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17134.950

August 13, 2019
KB4512501		Mitigated
Last updated:
September 11, 2019
05:32 PM PT

Opened:
September 11, 2019
05:32 PM PT
Notification issue: \"Your device is missing important security and quality fixes.\"
Some users may have incorrectly received the notification \"Your device is missing important security and quality fixes\" in the Windows Update dialog and a red \"!\" in the task tray on the Windows Update tray icon. This notification is intended for devices that are 90 days or more out of date, but some users with installed updates released in June or July also saw this notification.

Affected platforms:
  • Client: Windows 10, version 1803
  • Server: Windows Server, version 1803
Resolution: This issue was resolved on the server side on August 30, 2019. Only devices that are out of date by 90 days or more should now see the notification. No action is required by the user to resolve this issue. If you are still seeing the \"Your device is missing important security and quality fixes\" notification, we recommend selecting Check for Updates in the Windows Update dialog. For instructions, see Update Windows 10. Microsoft always recommends trying to keep your devices up to date, as the monthly updates contain important security fixes. 

Back to top		N/A

Resolved
Resolved:
September 03, 2019
12:32 PM PT

Opened:
September 03, 2019
12:32 PM PT
" diff --git a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml index d0f9c241ed..5543553734 100644 --- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml @@ -64,6 +64,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ @@ -81,6 +82,15 @@ sections:
" +- title: September 2019 +- items: + - type: markdown + text: " +
SummaryOriginating updateStatusLast updated
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
You may receive a 15-5 error code in Windows Mixed Reality Portal and your headset may not respond to \"wake up\" from sleep.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Mitigated
September 11, 2019
05:32 PM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 17763.652

July 22, 2019
KB4505658		Resolved
KB4511553		August 13, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 17763.557

June 11, 2019
KB4503327		Resolved
KB4512534		August 17, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		OS Build 17763.678

August 13, 2019
KB4511553		Resolved
KB4512534		August 17, 2019
02:00 PM PT
+ +
DetailsOriginating updateStatusHistory
Windows Mixed Reality Portal users may intermittently receive a 15-5 error code
After installing KB4511553, Windows Mixed Reality Portal users may intermittently receive a 15-5 error code. In some cases, Windows Mixed Reality Portal may report that the headset is sleeping and pressing “Wake up” may appear to produce no action.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10, version 1803
Workaround: To mitigate the issue, use the following steps:
  1. Close the Windows Mixed Reality Portal, if it is running.
  2. Open Task Manager by selecting the Start button and typing Task Manager.
  3. In Task Manager under the Processes tab, right click or long press on “Windows Explorer” and select restart.
  4. You can now open the Windows Mixed Reality Portal.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 17763.678

August 13, 2019
KB4511553		Mitigated
Last updated:
September 11, 2019
05:32 PM PT

Opened:
September 11, 2019
05:32 PM PT
+ " + - title: August 2019 - items: - type: markdown diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index d203f071d7..a33834cce2 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -65,6 +65,8 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

+ + @@ -94,6 +96,8 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Screenshots and Snips have an unnatural orange tint
Users have reported an orange tint on Screenshots and Snips with the Lenovo Vantage app installed

See details >		OS Build 18362.356

September 10, 2019
KB4516115		Resolved External
September 11, 2019
08:54 PM PT
Some users report issues related to the Start menu and Windows Desktop Search
Microsoft has received reports that some users are having issues related to the Start menu and Windows Desktop Search.

See details >		OS Build 18362.356

September 10, 2019
KB4515384		Acknowledged
September 11, 2019
05:18 PM PT
Windows Desktop Search may not return any results and may have high CPU usage
Windows Desktop Search may not return any results and SearchUI.exe may have high CPU usage after installing KB4512941.

See details >		OS Build 18362.329

August 30, 2019
KB4512941		Resolved
KB4515384		September 10, 2019
10:00 AM PT
Domain connected devices that use MIT Kerberos realms will not start up
Devices connected to a domain that is configured to use MIT Kerberos realms will not start up or may continue to restart after updating.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4512941		August 30, 2019
10:00 AM PT
Issues updating when certain versions of Intel storage drivers are installed
Certain versions of Intel Rapid Storage Technology (Intel RST) drivers may cause updating to Windows 10, version 1903 to fail.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4512941		August 30, 2019
10:00 AM PT
+ +
DetailsOriginating updateStatusHistory
Screenshots and Snips have an unnatural orange tint
When creating screenshots or using similar tools (such as Snipping Tool or Snip & Sketch), the resulting images may have an unnatural orange tint. This issue is caused by the Eye Care mode feature of Lenovo Vantage. This issue started on or around September 5, 2019. 

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: None
Resolution: For guidance on this issue, see the Lenovo support article Screenshots and Snips have an unnatural orange tint. There is no update for Windows needed for this issue.

Back to top		OS Build 18362.356

September 10, 2019
KB4516115		Resolved External
Last updated:
September 11, 2019
08:54 PM PT

Opened:
September 11, 2019
08:54 PM PT
Some users report issues related to the Start menu and Windows Desktop Search
Microsoft has received reports that some users are having issues related to the Start menu and Windows Desktop Search.

Affected platforms:
  • Client: Windows 10, version 1903
Next steps: We are presently investigating and will provide an update when more information is available.

Back to top		OS Build 18362.356

September 10, 2019
KB4515384		Acknowledged
Last updated:
September 11, 2019
05:18 PM PT

Opened:
September 11, 2019
05:18 PM PT
Windows Desktop Search may not return any results and may have high CPU usage
Microsoft is getting reports that a small number of users may not receive results when using Windows Desktop Search and may see high CPU usage from SearchUI.exe when searching after installing KB4512941. This issue is only encountered on devices in which searching the web from Windows Desktop Search has been disabled.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4515384.

Back to top		OS Build 18362.329

August 30, 2019
KB4512941		Resolved
KB4515384		Resolved:
September 10, 2019
10:00 AM PT

Opened:
September 04, 2019
02:25 PM PT
" diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index 5722012e0f..33d09744bd 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -81,7 +81,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

See details >		August 13, 2019
KB4512506		Investigating
September 10, 2019
09:48 AM PT
You may receive an error when opening or using the Toshiba Qosmio AV Center
Toshiba Qosmio AV Center may error when opening and you may also receive an error in Event Log related to cryptnet.dll.

See details >		August 13, 2019
KB4512506		Investigating
September 11, 2019
08:58 PM PT
Windows updates that are SHA-2 signed may not be offered for Symantec and Norton AV
Windows updates that are SHA-2 signed are not available with Symantec or Norton antivirus program installed

See details >		August 13, 2019
KB4512506		Resolved External
August 27, 2019
02:29 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		June 11, 2019
KB4503292		Resolved
KB4512514		August 17, 2019
02:00 PM PT
Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error
Applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and VBScript may stop responding and you may receive an error.

See details >		August 13, 2019
KB4512506		Resolved
KB4517297		August 16, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
You may receive an error when opening or using the Toshiba Qosmio AV Center
After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.

Affected platforms:
  • Client: Windows 7 SP1
Next steps: Microsoft is working with Toshiba to resolve this issue and will provide an update in an upcoming release.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
September 10, 2019
09:48 AM PT

Opened:
September 10, 2019
09:48 AM PT
You may receive an error when opening or using the Toshiba Qosmio AV Center
After installing KB4512506, you may receive an error when opening or using the Toshiba Qosmio AV Center. You may also receive an error in Event Log related to cryptnet.dll.

Affected platforms:
  • Client: Windows 7 SP1
Next steps: Microsoft is working with Dynabook to resolve this issue and will provide an update in an upcoming release.

Back to top		August 13, 2019
KB4512506		Investigating
Last updated:
September 11, 2019
08:58 PM PT

Opened:
September 10, 2019
09:48 AM PT
" diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 73a3a396b1..76ea17db0e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -103,6 +103,7 @@ ### [Advanced hunting]() #### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) #### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) +#### [Stream Advanced hunting events to Azure Event Hubs](microsoft-defender-atp/raw-data-export-event-hub.md) #### [Advanced hunting schema reference]() ##### [All tables in the Advanced hunting schema](microsoft-defender-atp/advanced-hunting-reference.md) ##### [AlertEvents table](microsoft-defender-atp/advanced-hunting-alertevents-table.md) @@ -117,6 +118,7 @@ ##### [RegistryEvents table](microsoft-defender-atp/advanced-hunting-registryevents-table.md) #### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) + #### [Custom detections]() ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) ##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md index b8a49e500b..584f376ee3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md @@ -26,8 +26,6 @@ ms.topic: article [!include[Prerelease information](prerelease.md)] ## Before you begin -To experience the full Microsoft Threat Experts targeted attack notification capability in Microsoft Defender ATP, or try the the experts-on-demand capability, you need to have a valid Premier customer service and support account. Premier charges are not incurred during for the capability in trial, but for the generally available capability, there will be charges. - Ensure that you have Microsoft Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. ## Register to Microsoft Threat Experts managed threat hunting service @@ -36,13 +34,13 @@ If you're already a Microsoft Defender ATP customer, you can apply through the M 1. From the navigation pane, go to **Settings > General > Advanced features > Microsoft Threat Experts**. 2. Click **Apply**. -![Image of Microsoft Threat Experts settings](images/MTE_collaboratewithmte.png) +![Image of Microsoft Threat Experts settings](images/mte-collaboratewithmte.png) 3. Enter your name and email address so that Microsoft can get back to you on your application. -![Image of Microsoft Threat Experts application](images/MTE_apply.png) +![Image of Microsoft Threat Experts application](images/mte-apply.png) 4. Read the privacy statement, then click **Submit** when you're done. You will receive a welcome email once your application is approved. -![Image of Microsoft Threat Experts application confirmation](images/MTE_applicationconfirmation.png) +![Image of Microsoft Threat Experts application confirmation](images/mte-applicationconfirmation.png) 6. From the navigation pane, go to **Settings** > **General** > **Advanced features** to turn the **Threat Experts** toggle on. Click **Save preferences**. @@ -77,11 +75,11 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w 2. From the upper right-hand menu, click **?**. Then, select **Consult a threat expert**. ->![Image of Microsoft Threat Experts Experts on Demand from the menu](images/MTE_EOD_Menu.png) +>![Image of Microsoft Threat Experts Experts on Demand from the menu](images/mte-eod-menu.png) >A flyout screen opens. ->![Image of Microsoft Threat Experts Experts on Demand screen](images/MTE_EOD.png) +>![Image of Microsoft Threat Experts Experts on Demand screen](images/mte-eod.png) >The **Inquiry topic** field is pre-populated with the link to the relevant page for your investigation request. For example, a link to the incident, alert, or machine details page that you were at when you made the request. diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-applicationconfirmation.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-applicationconfirmation.png new file mode 100644 index 0000000000..2c04ad2fc8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-applicationconfirmation.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-apply.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-apply.png new file mode 100644 index 0000000000..a7096ee4aa Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-apply.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-collaboratewithmte.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-collaboratewithmte.png new file mode 100644 index 0000000000..862c5ffbd7 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-collaboratewithmte.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-alerts.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-alerts.png new file mode 100644 index 0000000000..895a4973e6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-alerts.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-file.png new file mode 100644 index 0000000000..ec891e1e3a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-file.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-machines.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-machines.png new file mode 100644 index 0000000000..5d227c08c3 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-machines.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-menu.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-menu.png new file mode 100644 index 0000000000..455de5a2ab Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod-menu.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod.png b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod.png new file mode 100644 index 0000000000..2bd08bd9fa Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mte-eod.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md index f7bcff5265..7578bad95e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -57,9 +57,6 @@ Learn how to use data sensitivity labels to prioritize incident investigation. ![Image of machine timeline with narrowed down search results based on label](images/machine-timeline-labels.png) ->[!NOTE] -> The event side pane now provides additional insight to the WIP and AIP protection status. - >[!TIP] >These data points are also exposed through the ‘FileCreationEvents’ in advanced hunting, allowing advanced queries and schedule detection to take into account sensitivity labels and file protection status. \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md index 549441bb72..71b44a53e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-threat-experts.md @@ -49,16 +49,16 @@ Customers can engage our security experts directly from within Microsoft Defende The option to **Consult a threat expert** is available in several places in the portal so you can engage with experts in the context of your investigation: - **Help and support menu**
-![Screenshot of MTE-EOD menu option](images/MTE_EOD_Menu.png) +![Screenshot of MTE-EOD menu option](images/mte-eod-menu.png) - **Machine page actions menu**
-![Screenshot of MTE-EOD machine page action menu option](images/MTE_EOD_machines.png) +![Screenshot of MTE-EOD machine page action menu option](images/mte-eod-machines.png) -- **Alerts page Actions menu**
-![Screenshot of MTE-EOD alert page action menu option](images/MTE_EOD_alerts.png) +- **Alerts page actions menu**
+![Screenshot of MTE-EOD alert page action menu option](images/mte-eod-alerts.png) - **File page actions menu**
-![Screenshot of MTE-EOD file page action menu option](images/MTE_EOD_file.png) +![Screenshot of MTE-EOD file page action menu option](images/mte-eod-file.png) ## Related topic - [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md index 35737ea931..22be565559 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md @@ -36,6 +36,7 @@ Response actions run along the top of the file page, and include: - Stop and Quarantine File - Add Indicator - Download file +- Consult a threat expert - Action center You can also submit files for deep analysis, to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file. You can submit files for deep analysis and read past reports by selecting the **Deep analysis** tab. It's located below the file information cards. @@ -173,7 +174,7 @@ If a file is not already stored by Microsoft Defender ATP, you cannot download i You can consult a Microsoft threat expert for more insights regarding a potentially compromised machine or already compromised ones. Microsoft Threat Experts can be engaged directly from within the Microsoft Defender Security Center for timely and accurate response. Experts provide insights not just regarding a potentially compromised machine, but also to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, or a threat intelligence context that you see on your portal dashboard. -See [Consult a Microsoft Threat Expert](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#consult-a-microsoft-threat-expert-about-suspicious-cybersecurity-activities-in-your-organization) for details. +See [Consult a Microsoft Threat Expert](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#consult-a-microsoft-threat-expert-about-suspicious-cybersecurity-activities-in-your-organization) for details. ## Check activity details in Action center diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md index ed0f28f577..60e3dbd5ac 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md @@ -178,7 +178,7 @@ When a machine is being isolated, the following notification is displayed to inf You can consult a Microsoft threat expert for more insights regarding a potentially compromised machine or already compromised ones. Microsoft Threat Experts can be engaged directly from within the Microsoft Defender Security Center for timely and accurate response. Experts provide insights not just regarding a potentially compromised machine, but also to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, or a threat intelligence context that you see on your portal dashboard. -See [Consult a Microsoft Threat Expert](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#consult-a-microsoft-threat-expert-about-suspicious-cybersecurity-activities-in-your-organization) for details. +See [Consult a Microsoft Threat Expert](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts#consult-a-microsoft-threat-expert-about-suspicious-cybersecurity-activities-in-your-organization) for details. ## Check activity details in Action center