mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-22 18:27:23 +00:00
microsoft secure score for devices
This commit is contained in:
Beth Levin
parent
3daed87d85
commit
c40333e920
@ -98,7 +98,7 @@ Ensure that your machines:
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Threat & Vulnerability Management dashboard overview
|
||||
description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
|
||||
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
|
||||
keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
|
||||
search.appverid: met150
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
@ -32,13 +32,13 @@ Threat & Vulnerability Management is a component of Microsoft Defender ATP, and
|
||||
|
||||
You can use the Threat & Vulnerability Management capability in [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
|
||||
|
||||
- View exposure and configuration scores side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines
|
||||
- View exposure and Microsoft Secure Score for Devices side-by-side with top security recommendations, software vulnerability, remediation activities, and exposed machines
|
||||
- Correlate EDR insights with endpoint vulnerabilities and process them
|
||||
- Select remediation options, triage and track the remediation tasks
|
||||
- Select exception options and track active exceptions
|
||||
|
||||
> [!NOTE]
|
||||
> Machines that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and configuration score.
|
||||
> Machines that are not active in the last 30 days are not factored in on the data that reflects your organization's Threat & Vulnerability Management exposure score and Microsoft Secure Score for Devices.
|
||||
|
||||
Watch this video for a quick overview of what is in the Threat & Vulnerability Management dashboard.
|
||||
|
||||
@ -62,7 +62,7 @@ You can navigate through the portal using the menu options available in all sect
|
||||
|
||||
Area | Description
|
||||
:---|:---
|
||||
**Dashboard** | Get a high-level view of the organization exposure score, organization configuration score, machine exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed machines data.
|
||||
**Dashboard** | Get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, machine exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed machines data.
|
||||
[**Security recommendations**](tvm-remediation.md) | See the list of security recommendations, their related components, whether software or software versions in your network have reached end-of-support, insights, number or exposed devices, impact, and request for remediation. When you select an item from the list, a flyout panel opens with vulnerability details, a link to open the software page, and remediation and exception options. You can also open a ticket in Intune if your machines are joined through Azure Active Directory and you have enabled your Intune connections in Microsoft Defender ATP.
|
||||
[**Remediation**](tvm-remediation.md) | See the remediation activity, related component, remediation type, status, due date, option to export the remediation and process data to CSV, and active exceptions.
|
||||
[**Software inventory**](tvm-software-inventory.md) | See the list of software, versions, weaknesses, whether there's an exploit found on the software, whether the software or software version has reached end-of-support, prevalence in the organization, how many were installed, how many exposed devices there are, and the numerical value of the impact. You can select each item in the list and opt to open the software page which shows the associated vulnerabilities, misconfigurations, affected machine, version distribution details, and missing KBs or security updates.
|
||||
@ -74,7 +74,7 @@ Area | Description
|
||||
:---|:---
|
||||
**Selected machine groups (#/#)** | Filter the Threat & Vulnerability Management data you want to see in the dashboard and cards by machine groups. What you select in the filter applies throughout the Threat & Vulnerability management pages.
|
||||
[**Exposure score**](tvm-exposure-score.md) | See the current state of your organization's device exposure to threats and vulnerabilities. Several factors affect your organization's exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower the exposure score of your organization to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations.
|
||||
[**Configuration score**](configuration-score.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your configuration score. Selecting the bars will take you to the **Security recommendation** page.
|
||||
[**Microsoft Secure Score for Devices**](tvm-microsoft-secure-score-devices.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your score for devices. Selecting the bars will take you to the **Security recommendation** page.
|
||||
**Machine exposure distribution** | See how many machines are exposed based on their exposure level. Select a section in the doughnut chart to go to the **Machines list** page and view the affected machine names, exposure level, risk level, and other details such as domain, operating system platform, its health state, when it was last seen, and its tags.
|
||||
**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization's risk exposure and the urgency that it requires. Select **Show more** to see the rest of the security recommendations in the list or **Show exceptions** for the list of recommendations that have an exception.
|
||||
**Top vulnerable software** | Get real-time visibility into your organization's software inventory with a stack-ranked list of vulnerable software installed on your network's devices and how they impact your organizational exposure score. Select an item for details or **Show more** to see the rest of the vulnerable software list in the **Software inventory** page.
|
||||
@ -88,7 +88,7 @@ See [Microsoft Defender ATP icons](portal-overview.md#microsoft-defender-atp-ico
|
||||
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
|
||||
@ -75,7 +75,7 @@ To lower your threat and vulnerability exposure, follow these steps.
|
||||
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
|
||||
@ -0,0 +1,95 @@
|
||||
---
|
||||
title: Overview of Configuration score in Microsoft Defender Security Center
|
||||
description: Your configuration score shows the collective security configuration state of your machines across application, operating system, network, accounts, and security controls
|
||||
keywords: configuration score, mdatp configuration score, secure score, security controls, improvement opportunities, security configuration score over time, security posture, baseline
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: ellevin
|
||||
author: levinec
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
---
|
||||
# Configuration score
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
>[!NOTE]
|
||||
> Secure score is now part of Threat & Vulnerability Management as Configuration score.
|
||||
|
||||
Your Configuration score is visible in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) of the Microsoft Defender Security Center. A higher configuration score means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your machines across the following categories:
|
||||
|
||||
- Application
|
||||
- Operating system
|
||||
- Network
|
||||
- Accounts
|
||||
- Security controls
|
||||
|
||||
Select a category to go to the [**Security recommendations**](tvm-security-recommendation.md) page and view the relevant recommendations.
|
||||
|
||||
## How it works
|
||||
|
||||
>[!NOTE]
|
||||
> Configuration score currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
|
||||
|
||||
The data in the configuration score card is the product of meticulous and ongoing vulnerability discovery process aggregated with configuration discovery assessments that continuously:
|
||||
|
||||
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
|
||||
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
|
||||
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
|
||||
- Collect and monitor changes of security control configuration state from all assets
|
||||
|
||||
## Improve your security configuration
|
||||
|
||||
You can improve your security configuration when you remediate issues from the security recommendations list. As you do so, your Configuration score improves, which means your organization becomes more resilient against cybersecurity threats and vulnerabilities.
|
||||
|
||||
1. From the Configuration score card in the Threat & Vulnerability Management dashboard, select the one of the categories to view the list of recommendations related to that category. It will take you to the [**Security recommendations**](tvm-security-recommendation.md) page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
|
||||
|
||||
2. Select an item on the list. The flyout panel will open with details related to the recommendation. Select **Remediation options**.
|
||||
|
||||
|
||||
|
||||
3. Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up.
|
||||
|
||||
4. **Submit request**. You will see a confirmation message that the remediation task has been created.
|
||||
>
|
||||
|
||||
5. Save your CSV file.
|
||||
|
||||
|
||||
6. Send a follow-up email to your IT Administrator and allow the time that you have allotted for the remediation to propagate in the system.
|
||||
|
||||
7. Review the **Configuration score** card again on the dashboard. The number of security controls recommendations will decrease. When you select **Security controls** to go back to the **Security recommendations** page, the item that you have addressed will not be listed there anymore, and your configuration score should increase.
|
||||
|
||||
>[!IMPORTANT]
|
||||
>To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
|
||||
>- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
|
||||
>- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
|
||||
>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
|
||||
>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
|
||||
>
|
||||
>To download the security updates:
|
||||
>1. Go to [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/home.aspx).
|
||||
>2. Key-in the security update KB number that you need to download, then click **Search**.
|
||||
|
||||
## Related topics
|
||||
|
||||
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
- [Weaknesses](tvm-weaknesses.md)
|
||||
- [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
- [APIs](threat-and-vuln-mgt-scenarios.md#apis)
|
||||
- [Configure data access for Threat & Vulnerability Management roles](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
|
||||
@ -56,7 +56,7 @@ Once you are in the Remediation page, select the remediation activity that you w
|
||||
|
||||
## Exceptions
|
||||
|
||||
When you [file for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
|
||||
When you [file for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md).
|
||||
|
||||
The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status.
|
||||
|
||||
@ -77,11 +77,11 @@ The following statuses will be a part of an exception:
|
||||
|
||||
### Exception impact on scores
|
||||
|
||||
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Configuration Score (for configurations) of your organization in the following manner:
|
||||
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner:
|
||||
|
||||
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores
|
||||
- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores.
|
||||
- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
|
||||
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Configuration Score results out of the exception option that you made
|
||||
- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made.
|
||||
|
||||
The exception impact shows on both the Security recommendations page column and in the flyout pane.
|
||||
|
||||
@ -99,7 +99,7 @@ Select **Show exceptions** at the bottom of the **Top security recommendations**
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
- [Weaknesses](tvm-weaknesses.md)
|
||||
|
||||
@ -59,7 +59,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit
|
||||
|
||||
### Top security recommendations in the Threat & Vulnerability Management dashboard
|
||||
|
||||
In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
|
||||
In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's device security to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal.
|
||||
|
||||
|
||||
|
||||
@ -67,7 +67,7 @@ The top security recommendations lists the improvement opportunities prioritized
|
||||
|
||||
## Security recommendations overview
|
||||
|
||||
View recommendations, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags.
|
||||
View recommendations, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure score and Microsoft Secure Score for Devices, and associated tags.
|
||||
|
||||
The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green.
|
||||
|
||||
@ -125,8 +125,6 @@ As an alternative to a remediation request, you can create exceptions for recomm
|
||||
|
||||
There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons.
|
||||
|
||||
Exceptions can be created for both Security update and Configuration change recommendations.
|
||||
|
||||
When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list.
|
||||
|
||||
1. Select a security recommendation you would like create an exception for, and then **Exception options**.
|
||||
@ -167,7 +165,7 @@ You can report a false positive when you see any vague, inaccurate, incomplete,
|
||||
- [Supported operating systems and platforms](tvm-supported-os.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
- [Weaknesses](tvm-weaknesses.md)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Threat & Vulnerability Management supported operating systems and platforms
|
||||
description: Before you begin, ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your all devices are properly accounted for.
|
||||
keywords: threat & vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, configuration score, exposure score
|
||||
keywords: threat & vulnerability management, operating system, platform requirements, prerequisites, mdatp-tvm supported os, mdatp-tvm, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
|
||||
search.appverid: met150
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
@ -48,7 +48,7 @@ Some of the above prerequisites might be different from the [Minimum requirement
|
||||
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
|
||||
- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
|
||||
- [Exposure score](tvm-exposure-score.md)
|
||||
- [Configuration score](configuration-score.md)
|
||||
- [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md)
|
||||
- [Security recommendations](tvm-security-recommendation.md)
|
||||
- [Remediation and exception](tvm-remediation.md)
|
||||
- [Software inventory](tvm-software-inventory.md)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user