mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 22:07:22 +00:00
remove duplicate content
This commit is contained in:
Beth Levin
parent
f9a21f66db
commit
c1c986e8bd
@ -149,86 +149,7 @@ Select a security recommendation you would like create an exception for, and the
|
||||
|
||||
Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab.
|
||||
|
||||
### Exception scope
|
||||
|
||||
Exceptions can either be created for selected device groups, or for all device groups past and present.
|
||||
|
||||
#### Exception by device group
|
||||
|
||||
Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups.
|
||||
|
||||
|
||||
|
||||
##### Filtered
|
||||
|
||||
If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options.
|
||||
|
||||
Button to filter by device group on any of the threat and vulnerability management pages:
|
||||
|
||||
|
||||
|
||||
Exception view with filtered device groups:
|
||||
|
||||
|
||||
|
||||
##### Large number of device groups
|
||||
|
||||
If your organization has more than 20 device groups, select **Edit** next to the filtered device group option.
|
||||
|
||||
|
||||
|
||||
A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all.
|
||||
|
||||
|
||||
|
||||
#### Global exceptions
|
||||
|
||||
If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.”
|
||||
|
||||
|
||||
|
||||
Some things to keep in mind:
|
||||
|
||||
- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire.
|
||||
- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires.
|
||||
|
||||
### Justification
|
||||
|
||||
Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration.
|
||||
|
||||
The following list details the justifications behind the exception options:
|
||||
|
||||
- **Third party control** - A third party product or software already addresses this recommendation
|
||||
- Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
|
||||
- **Alternate mitigation** - An internal tool already addresses this recommendation
|
||||
- Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced
|
||||
- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive
|
||||
- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
|
||||
|
||||
### View and cancel exceptions
|
||||
|
||||
Navigate to the **[Exceptions](tvm-exception.md)** tab in the **Remediation** page.
|
||||
|
||||
|
||||
|
||||
Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception.
|
||||
|
||||
### View impact after exceptions are applied
|
||||
|
||||
In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**.
|
||||
|
||||
|
||||
|
||||
The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed.
|
||||
|
||||
The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change.
|
||||
|
||||
|
||||
If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating.
|
||||
|
||||
1. Select the recommendation and **Open software page**
|
||||
2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md)
|
||||
3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request.
|
||||
[Learn more about exceptions](tvm-exception.md)
|
||||
|
||||
## Report inaccuracy
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user