mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 14:57:23 +00:00
multiple updates everywhere
This commit is contained in:
Joey Caparas
parent
fd80319dc0
commit
c948c7138f
@ -15,7 +15,7 @@
|
||||
##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||
#### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
#### [Configure non-Windows endpoints](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
#### [Configure proxy and Internet settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
#### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
#### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||
### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
|
||||
### [Use the Windows Defender ATP portal](windows-defender-atp\use-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -120,8 +120,8 @@ Select multiple alerts (Ctrl or Shift select) and manage or edit alerts together
|
||||
- [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate an IP address associated with a Windows Defender ATP alert](investigate-ip-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate a domain associated with a Windows Defender ATP alert](investigate-domain-windows-defender-advanced-threat-protection.md)
|
||||
- [View and organize the Windows Defender ATP Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate machines in the Windows Defender ATP Machines view](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||
- [View and organize the Windows Defender ATP Machines list](machines-view-overview-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate machines in the Windows Defender ATP Machines list](investigate-machines-windows-defender-advanced-threat-protection.md)
|
||||
- [Investigate a user account in Windows Defender ATP](investigate-user-windows-defender-advanced-threat-protection.md)
|
||||
- [Manage Windows Defender Advanced Threat Protection alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
|
||||
- [Take response actions in Windows Defender ATP](response-actions-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -109,7 +109,7 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V
|
||||
|
||||
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
|
||||
|
||||
a. Select **Endpoint management** > **Client management** on the **Navigation pane**.
|
||||
a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
|
||||
|
||||
b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
|
||||
|
||||
|
||||
@ -22,13 +22,13 @@ ms.date: 09/01/2017
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Windows Defender Security Center provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. This experience leverages on a third-party security products’ sensor data.
|
||||
Windows Defender Security Center provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data.
|
||||
|
||||
You'll need to know the exact Linux distros and Mac OS X versions that are compatible with Windows Defender ATP for the integration to work.
|
||||
|
||||
## Onboard non-Windows endpoints
|
||||
|
||||
1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows endpoints**. Make sure the third-party solution is listed.
|
||||
1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed.
|
||||
|
||||
2. Toggle the Bitdefender switch button to turn on the third-party solution integration.
|
||||
|
||||
@ -41,15 +41,21 @@ You'll need to know the exact Linux distros and Mac OS X versions that are compa
|
||||
>[!WARNING]
|
||||
>The access token has a limited validity period. If needed, regenerate the token close to the time you need to share it with the third-party solution.
|
||||
|
||||
## Offboard non-Windows endpoints
|
||||
### Offboard non-Windows endpoints
|
||||
To effectively offboard the endpoints from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
|
||||
|
||||
|
||||
1. Follow the third-party documentation to opt-out on the third-party service side.
|
||||
|
||||
2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows endpoint management**.
|
||||
2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
|
||||
|
||||
3. Toggle the Bitdefender switch button to turn stop telemetry from endpoints with Bitdefender antivirus.
|
||||
|
||||
>[!WARNING]
|
||||
>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints.
|
||||
|
||||
## Related topics
|
||||
- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||
@ -81,3 +81,8 @@ For more information, see [To disable an agent](https://docs.microsoft.com/en-us
|
||||
>[!NOTE]
|
||||
>Offboarding causes the server to stop sending sensor data to the portal but data from the server, including reference to any alerts it has had will be retained for up to 6 months.
|
||||
|
||||
## Related topics
|
||||
- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 52 KiB After Width: | Height: | Size: 54 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 155 KiB After Width: | Height: | Size: 146 KiB |
@ -29,26 +29,29 @@ Investigate the details of a file associated with a specific alert, behavior, or
|
||||
You can get information from the following sections in the file view:
|
||||
|
||||
- File details, Malware detection, Prevalence worldwide
|
||||
- Deep analysis
|
||||
- Alerts related to this file
|
||||
- File in organization
|
||||
- Most recent observed machines with file
|
||||
|
||||
- Deep analysis
|
||||
- Alerts related to this file
|
||||
- File in organization
|
||||
- Most recent observed machines with file
|
||||
|
||||
## File worldwide and Deep analysis
|
||||
The file details, malware detection, and prevalence worldwide sections display various attributes about the file. You’ll see actions you can take on the file. For more information on how to take action on a file, see [Take response action on a file](respond-file-alerts-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
You'll also see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
|
||||
You'll see details such as the file’s MD5, the VirusTotal detection ratio and Windows Defender AV detection if available, and the file’s prevalence worldwide. You'll also be able to [submit a file for deep analysis](respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis).
|
||||
|
||||
|
||||
|
||||
## Alerts related to this file
|
||||
The **Alerts related to this file** section provides a list of alerts that are associated with the file. This list is a simplified version of the Alerts queue, and shows the date when the last activity was detected, a short description of the alert, the user associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
|
||||
|
||||
|
||||
|
||||
## File in organization
|
||||
The **File in organization** section provides details on the prevalence of the file, prevalence in email inboxes and the name observed in the organization.
|
||||
|
||||
|
||||
|
||||
## Most recent observed machinew with the file
|
||||
The **Most recent observed machines with the file** section allows you to specify a date range to see which machines have been observed with the file.
|
||||
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ Use the Machines list in these main scenarios:
|
||||
## Sort, filter, and download the list of machines from the Machines list
|
||||
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
|
||||
|
||||
Filter the **Machines list** by time period, **OS Platform**, **Health**, or **Malware category alerts** to focus on certain sets of machines, according to the desired criteria.
|
||||
Filter the **Machines list** by time period, **OS Platform**, **Health**, **Security state**, **Malware category alerts**, or **Groups** to focus on certain sets of machines, according to the desired criteria.
|
||||
|
||||
You can also download the entire list in CSV format using the **Export to CSV** feature.
|
||||
|
||||
@ -56,8 +56,16 @@ You can use the following filters to limit the list of machines displayed during
|
||||
- Windows 10
|
||||
- Windows Server 2012 R2
|
||||
- Windows Server 2016
|
||||
- Linux
|
||||
- Mac OS
|
||||
- Other
|
||||
|
||||
**Health**</br>
|
||||
- All
|
||||
- Well configure
|
||||
- Requires attention - Depending on the Windows Defender security controls configured in your enterprise, you'll see various available filters.
|
||||
|
||||
|
||||
**Sensor health state**</br>
|
||||
Filter the list to view specific machines grouped together by the following machine health states:
|
||||
|
||||
|
||||
@ -41,6 +41,8 @@ For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us
|
||||
## In this section
|
||||
Topic | Description
|
||||
:---|:---
|
||||
[Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
|
||||
[Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
|
||||
[Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP
|
||||
[Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Configure Mac OS X and Linux endpoints to see alerts in the Windows Defender ATP portal.
|
||||
[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
|
||||
[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
|
||||
|
||||
@ -62,7 +62,7 @@ The numbers beside the green triangle icon on each recommended action represents
|
||||
|
||||
Recommendations that do not display a green action are informational only and no action is required.
|
||||
|
||||
Clicking **View machines** in a specific recommendation opens up the **Machines view** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
|
||||
Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice.
|
||||
|
||||
The following image shows an example list of machines where the EDR sensor is not turned on.
|
||||
|
||||
|
||||
@ -43,6 +43,7 @@ Teams can monitor the overall status of enterprise endpoints from the **Security
|
||||
Topic | Description
|
||||
:---|:---
|
||||
[View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the endpoints on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines.
|
||||
[View the Windows Defender Advanced Threat Protection Security analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Security Analytics dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place.
|
||||
[View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) | You can sort and filter alerts across your network, and drill down on individual alert queues such as new, in progress, or resolved queues.
|
||||
[Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization.
|
||||
[Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user