diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6568445c8a..47d3a0ac90 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -851,21 +851,11 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -981,16 +971,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1001,171 +981,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1196,21 +1011,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1281,11 +1081,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1301,16 +1096,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1331,16 +1116,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1376,21 +1151,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -13909,6 +13669,245 @@ "source_path": "windows/privacy/manage-windows-endpoints.md", "redirect_url": "/windows/privacy/manage-windows-1809-endpoints", "redirect_document_id": true -} +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +},{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, ] } diff --git a/browsers/edge/edge-technical-demos.md b/browsers/edge/edge-technical-demos.md new file mode 100644 index 0000000000..b401556fed --- /dev/null +++ b/browsers/edge/edge-technical-demos.md @@ -0,0 +1,36 @@ +--- +title: Microsoft Edge training and demonstrations +ms.prod: browser-edge +layout: article +ms.topic: article +ms.manager: elizapo +author: lizap +ms.author: elizapo +ms.localizationpriority: high +--- + +# Microsoft Edge training and demonstrations + +Explore security and compatibility features of Microsoft Edge, and get tips to increase manageability, productivity, and support for legacy apps. + +## Virtual labs + +Microsoft Hands-On Labs let you experience a software product or technology using a cloud-based private virtual machine environment. Get free access to one or more virtual machines, with no additional software or setup required. + +Check out the **Use Internet Explorer Enterprise Mode to fix compatibility issues (WS00137)" on the [self-paced labs site](https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02). + +## Features and functionality + +Find out more about new and improved features of Microsoft Edge, and how you can leverage them to bring increased productivity, security, manageability, and support for legacy apps to your secure, modern desktop. + +### Building a faster browser: Behind the scenes improvements in Microsoft Edge + +Get a behind the scenes look at Microsoft Edge and the improvements we've made to make it faster and more efficient. + +![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es14] + +### Building a safer browser: Four guards to keep users safe + +Learn about our security strategy and how we use the Four Guards to keep your users safe while they browse the Internet. + +![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es03] \ No newline at end of file diff --git a/browsers/edge/images/compat1.png b/browsers/edge/images/compat1.png new file mode 100644 index 0000000000..35634d70b5 Binary files /dev/null and b/browsers/edge/images/compat1.png differ diff --git a/browsers/edge/images/compat2.png b/browsers/edge/images/compat2.png new file mode 100644 index 0000000000..e52f7d6c2d Binary files /dev/null and b/browsers/edge/images/compat2.png differ diff --git a/browsers/edge/images/compat3.png b/browsers/edge/images/compat3.png new file mode 100644 index 0000000000..f67fad2e8f Binary files /dev/null and b/browsers/edge/images/compat3.png differ diff --git a/browsers/edge/images/deploy-enduser.png b/browsers/edge/images/deploy-enduser.png new file mode 100644 index 0000000000..2a313013a9 Binary files /dev/null and b/browsers/edge/images/deploy-enduser.png differ diff --git a/browsers/edge/images/deploy-land.png b/browsers/edge/images/deploy-land.png new file mode 100644 index 0000000000..c8fd9a1ba9 Binary files /dev/null and b/browsers/edge/images/deploy-land.png differ diff --git a/browsers/edge/images/edgeblog.png b/browsers/edge/images/edgeblog.png new file mode 100644 index 0000000000..544ad83db6 Binary files /dev/null and b/browsers/edge/images/edgeblog.png differ diff --git a/browsers/edge/images/enduser-land.png b/browsers/edge/images/enduser-land.png new file mode 100644 index 0000000000..61958be866 Binary files /dev/null and b/browsers/edge/images/enduser-land.png differ diff --git a/browsers/edge/images/land-compat.png b/browsers/edge/images/land-compat.png new file mode 100644 index 0000000000..f709974ced Binary files /dev/null and b/browsers/edge/images/land-compat.png differ diff --git a/browsers/edge/images/land-security.png b/browsers/edge/images/land-security.png new file mode 100644 index 0000000000..468354869f Binary files /dev/null and b/browsers/edge/images/land-security.png differ diff --git a/browsers/edge/images/land1.png b/browsers/edge/images/land1.png new file mode 100644 index 0000000000..b47bbd5b30 Binary files /dev/null and b/browsers/edge/images/land1.png differ diff --git a/browsers/edge/images/new1.png b/browsers/edge/images/new1.png new file mode 100644 index 0000000000..bfa51b83f4 Binary files /dev/null and b/browsers/edge/images/new1.png differ diff --git a/browsers/edge/images/new2.png b/browsers/edge/images/new2.png new file mode 100644 index 0000000000..dee2d7eb15 Binary files /dev/null and b/browsers/edge/images/new2.png differ diff --git a/browsers/edge/images/new3.png b/browsers/edge/images/new3.png new file mode 100644 index 0000000000..59f83920fb Binary files /dev/null and b/browsers/edge/images/new3.png differ diff --git a/browsers/edge/images/new4.png b/browsers/edge/images/new4.png new file mode 100644 index 0000000000..070a4f9a11 Binary files /dev/null and b/browsers/edge/images/new4.png differ diff --git a/browsers/edge/images/security1.png b/browsers/edge/images/security1.png new file mode 100644 index 0000000000..f4d8b0421e Binary files /dev/null and b/browsers/edge/images/security1.png differ diff --git a/browsers/edge/images/security2.png b/browsers/edge/images/security2.png new file mode 100644 index 0000000000..23ae998b39 Binary files /dev/null and b/browsers/edge/images/security2.png differ diff --git a/browsers/edge/images/security3.png b/browsers/edge/images/security3.png new file mode 100644 index 0000000000..3ee5d56354 Binary files /dev/null and b/browsers/edge/images/security3.png differ diff --git a/browsers/edge/images/twitter.png b/browsers/edge/images/twitter.png new file mode 100644 index 0000000000..3b30a9a1cc Binary files /dev/null and b/browsers/edge/images/twitter.png differ diff --git a/browsers/edge/images/wipinsider.png b/browsers/edge/images/wipinsider.png new file mode 100644 index 0000000000..a1f1f0b0fe Binary files /dev/null and b/browsers/edge/images/wipinsider.png differ diff --git a/browsers/edge/microsoft-edge-forrester.md b/browsers/edge/microsoft-edge-forrester.md new file mode 100644 index 0000000000..af5edc25e9 --- /dev/null +++ b/browsers/edge/microsoft-edge-forrester.md @@ -0,0 +1,37 @@ +--- +title: Microsoft Edge - Forrester Total Economic Impact +description: Review the results of the Microsoft Edge study carried out by Forrester Research +ms.prod: browser-edge +layout: article +ms.topic: article +ms.manager: elizapo +author: lizap +ms.author: elizapo +ms.localizationpriority: high +--- + +# Measuring the impact of Microsoft Edge - Total Economic Impact (TEI) of Microsoft Edge + +Forrester Research measures the return on investment (ROI) of Microsoft Edge in its latest TEI report and survey. Browse and download these free resources to learn about the impact Microsoft Edge can have in your organization, including significant cost savings in reduced browser help desk tickets and improved browser security, to increased speed, performance, and user productivity. + +## Forrester report video summary +View a brief overview of the Forrester TEI case study that Microsoft commissioned to examine the value your organization can achieve by utilizing Microsoft Edge: + +>![VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE26zQm] + +## Forrester Study report + +Forrester interviewed several customers with more than six months of experience using Microsoft Edge – all customers reported improvements in browser security, increased user productivity, and efficiencies gained in supporting the software. + +[Download the full report](https://www.microsoft.com/download/details.aspx?id=55847) + +## Forrester Study report infographic +Get a graphical summary of the TEI of Microsoft Edge Forrester Study report and highlights of the three-year financial impact of Microsoft Edge. + +[Download the report infographic](https://www.microsoft.com/download/details.aspx?id=55956) + +## Forrester survey infographic + +Forrester surveyed 168 customers using Microsoft Edge form the US, Germany, UK, and Japan, ranging in size from 500 to over 100,000 employees. This document is an abridged version of this survey commissioned by Microsoft and delivery by Forrester consulting. + +[Download the survey infographic](https://www.microsoft.com/download/details.aspx?id=53892) \ No newline at end of file diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml new file mode 100644 index 0000000000..c1c094727a --- /dev/null +++ b/browsers/edge/microsoft-edge.yml @@ -0,0 +1,61 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Microsoft Edge +metadata: + document_id: + title: Microsoft Edge + description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. + keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. + " +- title: What's new +- items: + - type: markdown + text: " + Find out the latest and greatest news on Microsoft Edge.
+ +

**The latest in Microsoft Edge**
See what's new for users and developers in the next update to Microsoft Edge - now available with the Windows 10 April 2018 update!
Find out more
**Evaluate the impact**
Review the latest Forrester Total Economic Impact (TEI) report to learn about the impact Microsoft Edge can have in your organization.
Download the reports

**Microsoft Edge for iOS and Android**
Microsoft Edge brings familiar features across your PC and phone, which allows browsing to go with you, no matter what device you use.
Learn more
**Application Guard**
Microsoft Edge with Windows Defender Application Guard is the most secure browser on Windows 10 Enterprise.
Learn more
+ " +- title: Compatibility +- items: + - type: markdown + text: " + Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
+ +

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprse mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more
+ " +- title: Security +- items: + - type: markdown + text: " + Microsoft Edge uses Windows Hello and SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
+ +

**NSS Labs web browser security reports**
See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks.
Download the reports
**Microsoft Edge sandbox**
See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.
Find out more
**Windows Defender SmartScreen**
Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely.
Read the docs
+ " +- title: Deployment and end user readiness +- items: + - type: markdown + text: " + Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.
+ +

**Deployment**
Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.
Microsoft Edge deployment guide
Microsoft Edge FAQ
System requirements and language support
Group Policy and MDM settings in Microsoft Edge
Download the Web Application Compatibility Lab Kit
Microsoft Edge training and demonstrations
**End user readiness**
Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.
Quick Start: Microsoft Edge (PDF, .98 MB)
Find it faster with Microsoft Edge (PDF, 605 KB)
Use Microsoft Edge to collaborate (PDF, 468 KB)
Import bookmarks
Password management
Microsoft Edge tips and tricks (video, 20:26)
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Sign up for the Windows IT Pro Insider**
Get the latest tools, tips, and expert guidance on deployment, management, security, and more.
Learn more
**Microsoft Edge Dev blog**
Keep up with the latest browser trends, security tips, and news for IT professionals.
Read the blog
**Microsoft Edge Dev on Twitter**
Get the latest news and updates from the Microsoft Web Platform team.
Visit Twitter
+ " diff --git a/browsers/edge/web-app-compat-toolkit.md b/browsers/edge/web-app-compat-toolkit.md new file mode 100644 index 0000000000..03ce172837 --- /dev/null +++ b/browsers/edge/web-app-compat-toolkit.md @@ -0,0 +1,55 @@ +--- +title: Web Application Compatibility lab kit +ms.prod: browser-edge +layout: article +ms.topic: article +ms.manager: elizapo +author: lizap +ms.author: elizapo +ms.localizationpriority: high +--- + +# Web Application Compatibility lab kit + +>Updated: October, 2017 + +Upgrading web applications to modern standards is the best long-term solution to ensure compatibility with today’s web browsers, but using backward compatibility can save time and money. Internet Explorer 11 has features that can ease your browser and operating system upgrades, reducing web application testing and remediation costs. On Windows 10, you can standardize on Microsoft Edge for faster, safer browsing and fall back to Internet Explorer 11 just for sites that need backward compatibility. + +The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. It walks you through how to configure and set up Enterprise Mode, leverage Enterprise Site Discovery, test web apps using the F12 developer tools, and manage the Enterprise Mode Site List. + +The Web Application Compatibility Lab Kit includes: + +- A pre-configured Windows 7 and Windows 10 virtual lab environment with: + - Windows 7 Enterprise Evaluation + - Windows 10 Enterprise Evaluation (version 1607) + - Enterprise Mode Site List Manager + - Enterprise Site Discovery Toolkit +- A "lite" lab option to run the lab on your own Windows 7 or Windows 10 operating system +- A step-by-step lab guide +- A web application compatibility overview video +- A white paper and IT Showcase studies + +Depending on your environment, your web apps may "just work” using the methods described below. Visit [Microsoft Edge Dev](https://developer.microsoft.com/microsoft-edge/) for tools and guidance for web developers. + +There are two versions of the lab kit available: + +- Full version (8 GB) - includes a complete virtual lab environment +- Lite version (400 MB) - includes guidance for running the Lab Kit on your own Windows 7 or Windows 10 operating system + +The Web Application Compatibility Lab Kit is also available in the following languages: + +- Chinese (Simplified) +- Chinese (Traditional) +- French +- German +- Italian +- Japanese +- Korean +- Portuguese (Brazil) +- Russian +- Spanish + +[DOWNLOAD THE LAB KIT](https://www.microsoft.com/evalcenter/evaluate-windows-10-web-application-compatibility-lab) + +>[!TIP] +>Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space. \ No newline at end of file diff --git a/browsers/internet-explorer/images/deploy1.png b/browsers/internet-explorer/images/deploy1.png new file mode 100644 index 0000000000..1e16c46e03 Binary files /dev/null and b/browsers/internet-explorer/images/deploy1.png differ diff --git a/browsers/internet-explorer/images/deploy2.png b/browsers/internet-explorer/images/deploy2.png new file mode 100644 index 0000000000..44b4aad41c Binary files /dev/null and b/browsers/internet-explorer/images/deploy2.png differ diff --git a/browsers/internet-explorer/images/explore1.png b/browsers/internet-explorer/images/explore1.png new file mode 100644 index 0000000000..3a956dc394 Binary files /dev/null and b/browsers/internet-explorer/images/explore1.png differ diff --git a/browsers/internet-explorer/images/explore2.png b/browsers/internet-explorer/images/explore2.png new file mode 100644 index 0000000000..c07bbd197b Binary files /dev/null and b/browsers/internet-explorer/images/explore2.png differ diff --git a/browsers/internet-explorer/images/explore3.png b/browsers/internet-explorer/images/explore3.png new file mode 100644 index 0000000000..4ea3adee19 Binary files /dev/null and b/browsers/internet-explorer/images/explore3.png differ diff --git a/browsers/internet-explorer/images/ie-deploy.png b/browsers/internet-explorer/images/ie-deploy.png new file mode 100644 index 0000000000..622d9e250b Binary files /dev/null and b/browsers/internet-explorer/images/ie-deploy.png differ diff --git a/browsers/internet-explorer/images/ie-explore.png b/browsers/internet-explorer/images/ie-explore.png new file mode 100644 index 0000000000..184cfdf381 Binary files /dev/null and b/browsers/internet-explorer/images/ie-explore.png differ diff --git a/browsers/internet-explorer/images/ie-manage.png b/browsers/internet-explorer/images/ie-manage.png new file mode 100644 index 0000000000..51c9cc4aa9 Binary files /dev/null and b/browsers/internet-explorer/images/ie-manage.png differ diff --git a/browsers/internet-explorer/images/ie-plan.png b/browsers/internet-explorer/images/ie-plan.png new file mode 100644 index 0000000000..9b158a815f Binary files /dev/null and b/browsers/internet-explorer/images/ie-plan.png differ diff --git a/browsers/internet-explorer/images/ie-support.png b/browsers/internet-explorer/images/ie-support.png new file mode 100644 index 0000000000..4152163abc Binary files /dev/null and b/browsers/internet-explorer/images/ie-support.png differ diff --git a/browsers/internet-explorer/images/informed1.png b/browsers/internet-explorer/images/informed1.png new file mode 100644 index 0000000000..a1f1f0b0fe Binary files /dev/null and b/browsers/internet-explorer/images/informed1.png differ diff --git a/browsers/internet-explorer/images/informed2.png b/browsers/internet-explorer/images/informed2.png new file mode 100644 index 0000000000..544ad83db6 Binary files /dev/null and b/browsers/internet-explorer/images/informed2.png differ diff --git a/browsers/internet-explorer/images/manage1.png b/browsers/internet-explorer/images/manage1.png new file mode 100644 index 0000000000..df84f05983 Binary files /dev/null and b/browsers/internet-explorer/images/manage1.png differ diff --git a/browsers/internet-explorer/images/manage2.png b/browsers/internet-explorer/images/manage2.png new file mode 100644 index 0000000000..94d111e32c Binary files /dev/null and b/browsers/internet-explorer/images/manage2.png differ diff --git a/browsers/internet-explorer/images/manage3.png b/browsers/internet-explorer/images/manage3.png new file mode 100644 index 0000000000..c0043c5a8e Binary files /dev/null and b/browsers/internet-explorer/images/manage3.png differ diff --git a/browsers/internet-explorer/images/manage4.png b/browsers/internet-explorer/images/manage4.png new file mode 100644 index 0000000000..20af91d5a5 Binary files /dev/null and b/browsers/internet-explorer/images/manage4.png differ diff --git a/browsers/internet-explorer/images/plan1.png b/browsers/internet-explorer/images/plan1.png new file mode 100644 index 0000000000..1bf8e4264e Binary files /dev/null and b/browsers/internet-explorer/images/plan1.png differ diff --git a/browsers/internet-explorer/images/plan2.png b/browsers/internet-explorer/images/plan2.png new file mode 100644 index 0000000000..95103ecc5b Binary files /dev/null and b/browsers/internet-explorer/images/plan2.png differ diff --git a/browsers/internet-explorer/images/support1.png b/browsers/internet-explorer/images/support1.png new file mode 100644 index 0000000000..e771ed999a Binary files /dev/null and b/browsers/internet-explorer/images/support1.png differ diff --git a/browsers/internet-explorer/images/support2.png b/browsers/internet-explorer/images/support2.png new file mode 100644 index 0000000000..9841cf1962 Binary files /dev/null and b/browsers/internet-explorer/images/support2.png differ diff --git a/browsers/internet-explorer/images/support3.png b/browsers/internet-explorer/images/support3.png new file mode 100644 index 0000000000..a3a0425c73 Binary files /dev/null and b/browsers/internet-explorer/images/support3.png differ diff --git a/browsers/internet-explorer/images/twitter.png b/browsers/internet-explorer/images/twitter.png new file mode 100644 index 0000000000..3b30a9a1cc Binary files /dev/null and b/browsers/internet-explorer/images/twitter.png differ diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml new file mode 100644 index 0000000000..c9b14b03a2 --- /dev/null +++ b/browsers/internet-explorer/internet-explorer.yml @@ -0,0 +1,69 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Internet Explorer 11 +metadata: + document_id: + title: Internet Explorer 11 + description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. + keywords: Internet Explorer 11. IE11 + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. + " +- title: Explore +- items: + - type: markdown + text: " + Find tools, step-by-step guides, updates, and other resources to help you get started.
+ +

**Get started**
Get information om tools, frequently asked questions, requirements, and guidelines.
IE11 features and tools
System requirements and language support
Frequently asked questions
Internet Explorer 11 deployment guide
Use Enterprise Mode to improve compatibility
Lifecycle FAQ - Internet Explorer
**Downloads and tools**
Find tools and resources to help you address compatibility and get up to date.
Download IE11 with Windows 10
Enterprise Mode Site List Manager (schema, v.2)
Web Application Compatibility Lab Kit
Cumulative security updates for Internet Explorer 11
**Find training**
Find online training and hands-on labs for common configuration and management tasks.
Getting started with Windows 10 for IT professionals
Windows 10: Top Features for IT Pros
Manage and modernize Internet Explorer with Enterprise Mode
Virtual Lab: Enterprise Mode
+ " +- title: Plan +- items: + - type: markdown + text: " + Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.
+ +

**Get started with compatibility**
Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.
What is Enterprise Mode?
Tips and tricks to manage Internet Explorer compatibility
Download the Enterprise Site Discovery Toolkit
Collect data using Enterprise Site Discovery
Manage Windows upgrades with Upgrade Readiness
Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness
**Using Enterprise Mode**
Learn how to avoid the commom compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.
Turn on Enterprise Mode and use a site list
Add sites to the Enterprise Mode site list
Edit the Enterprise Mode site list
Turn on local control and logging for Enterprise Mode
+ " +- title: Deploy +- items: + - type: markdown + text: " + Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
+ +

**Customize Internet Explorer 11**
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after deployment.
Download IEAK 11
IEAK 11 user's guide
Frequently asked questions about IEAK 11
Customization and distribution guidelines
**Install Internet Explorer 11**
Explore the different options for installation.
Through Automatic Updates (recommended)
As part of an operating system deployment
Over the network
With System Center 2012 R2 Configuration Manager
With Windows Server Update Services (WSUS)
With Microsoft Intune
With third-party tools
+ " +- title: Manage +- items: + - type: markdown + text: " + Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
+ +

**Enforce settings with Group Policy**
Learn how to use Group Policy to enforce settings on the computers in your organization.
Group Policy for beginners
New Group Policy settings for IE11
Administrative templates for IE11
**Standardize with Group Policy preferences**
Group Policy preferences simplify deployment and standardize configurations, but unlike Group Policy, they can later be changed by users.
Group Policy preferences for IE11
Configure Group Policy preferences

**Blocked out-of-date ActiveX controls**
Find out more about the out-of-date ActiveX control blocking security feature available in Internet Explorer.
Blocked out-of-date ActiveX controls
Out-of-date ActiveX control blocking
Update to block out-of-date ActiveX controls in Internet Explorer
**Scripts for IT professionals**
Find scripts to help you save time and automate common tasks.
Batch loop: Check is a process running, if yes, wait in loop
Script to join user to AD with automatic Local user Profile Migration
Find-IE Citrix receiver Version
See all scripts
+ " +- title: Support +- items: + - type: markdown + text: " + Get help from product specialists and community experts, and find solutions to commonly encountered issues.
+ +

**Troubleshoot common issues**
Find solutions to common issues and get tips from Microsoft product teams and community experts.
Change or reset Internet Explorer settings
Troubleshoot custom package and IEAK 11 problems
Troubleshoot problems with setup, installation, auto configuration, and more
Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
**Find answers and community support**
Find FAQs or visit the forums to ask a question or find answers.
Lifecycle FAQ - Internet Explorer
Frequently asked questions about IEAK 11
Microsoft Edge FAQ
Internet Explorer 8, 9, 10, 11 forum
Internet Explorer development forums
Windows 8.1 forums
Windows 10: General (includes Microsoft Edge)
**Contact Microsoft for additional help**
Explore the support options that are available from Microsoft.
Contact a Microsoft support professional
Support options for Microsoft Partners
Microsoft Services Premier Support
Microsoft Small Business Support Center
General support
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Sign up for the Windows IT Pro Insider**
Get the latest tools, tips, and expert guidance on deployment, management, security, and more.
Learn more
**Microsoft Edge Dev blog**
Keep up with the latest browser trends, security tips, and news for IT professionals.
Read the blog
**Microsoft Edge Dev on Twitter**
Get the latest news and updates from the Microsoft Web Platform team.
Visit Twitter
+ " diff --git a/devices/surface-hub/images/deploy1.png b/devices/surface-hub/images/deploy1.png new file mode 100644 index 0000000000..1c5c119303 Binary files /dev/null and b/devices/surface-hub/images/deploy1.png differ diff --git a/devices/surface-hub/images/deploy2.png b/devices/surface-hub/images/deploy2.png new file mode 100644 index 0000000000..2b035e979f Binary files /dev/null and b/devices/surface-hub/images/deploy2.png differ diff --git a/devices/surface-hub/images/deploy3.png b/devices/surface-hub/images/deploy3.png new file mode 100644 index 0000000000..56621a24dc Binary files /dev/null and b/devices/surface-hub/images/deploy3.png differ diff --git a/devices/surface-hub/images/getstarted.png b/devices/surface-hub/images/getstarted.png new file mode 100644 index 0000000000..e5b85dd8ae Binary files /dev/null and b/devices/surface-hub/images/getstarted.png differ diff --git a/devices/surface-hub/images/manage1.png b/devices/surface-hub/images/manage1.png new file mode 100644 index 0000000000..4caf53b809 Binary files /dev/null and b/devices/surface-hub/images/manage1.png differ diff --git a/devices/surface-hub/images/manage2.png b/devices/surface-hub/images/manage2.png new file mode 100644 index 0000000000..cb232cffa6 Binary files /dev/null and b/devices/surface-hub/images/manage2.png differ diff --git a/devices/surface-hub/images/manage3.png b/devices/surface-hub/images/manage3.png new file mode 100644 index 0000000000..9da88b808e Binary files /dev/null and b/devices/surface-hub/images/manage3.png differ diff --git a/devices/surface-hub/images/manage4.png b/devices/surface-hub/images/manage4.png new file mode 100644 index 0000000000..5c9553718e Binary files /dev/null and b/devices/surface-hub/images/manage4.png differ diff --git a/devices/surface-hub/images/plan1.png b/devices/surface-hub/images/plan1.png new file mode 100644 index 0000000000..891e1e43a6 Binary files /dev/null and b/devices/surface-hub/images/plan1.png differ diff --git a/devices/surface-hub/images/plan2.png b/devices/surface-hub/images/plan2.png new file mode 100644 index 0000000000..3ad1f2b9fc Binary files /dev/null and b/devices/surface-hub/images/plan2.png differ diff --git a/devices/surface-hub/images/plan3.png b/devices/surface-hub/images/plan3.png new file mode 100644 index 0000000000..1891d1d2b5 Binary files /dev/null and b/devices/surface-hub/images/plan3.png differ diff --git a/devices/surface-hub/images/surfaceblog.png b/devices/surface-hub/images/surfaceblog.png new file mode 100644 index 0000000000..ae996a918c Binary files /dev/null and b/devices/surface-hub/images/surfaceblog.png differ diff --git a/devices/surface-hub/images/surfacemechanics.png b/devices/surface-hub/images/surfacemechanics.png new file mode 100644 index 0000000000..ad674466fa Binary files /dev/null and b/devices/surface-hub/images/surfacemechanics.png differ diff --git a/devices/surface-hub/images/twitter.png b/devices/surface-hub/images/twitter.png new file mode 100644 index 0000000000..25143adcf6 Binary files /dev/null and b/devices/surface-hub/images/twitter.png differ diff --git a/devices/surface-hub/surface-hub.yml b/devices/surface-hub/surface-hub.yml new file mode 100644 index 0000000000..0a9e948ca5 --- /dev/null +++ b/devices/surface-hub/surface-hub.yml @@ -0,0 +1,62 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Surface Hub +metadata: + document_id: + title: Surface Hub + description: Find tools and resources to help you install, set up, and manage a Surface Hub in your organization. + keywords: Surface Hub, Windows 10 + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools and resources to help you install, set up, and manage a Surface Hub in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Discover how this all-in-one productivity device enables teams to better brainstorm, collaborate, and share ideas.
+
+ +
Explore the key features and product specifications of Surface Hub.
Get real-world examples of how you can increase productivity and improve collaboration.		Differences between Surface Hub and Windows 10 Enterprise
Surface Hub FAQ'
+ " +- title: Plan +- items: + - type: markdown + text: " + Prepare to deploy Surface Hub in your organization. Explore site readiness, assembly, configuration, and Exchange and ActiveSync policies.
+ +

**Get ready for Surface Hub**
Explore the steps you'll need to take to set up Surface Hub.
Surface Hub Site Readiness Guide (PDF, 1.48 MB)
Unpacking guides
**Assembly for Surface Hub**
Learn how to assemble your Surface Hub.
Surface Hub Setup Guide (PDF, 1.43 MB)
Mounting and assembling guides
**Prepare your environment**
Learn about setup dependencies and account requirements.
Prepare your environment
Create and test a device account
+ " +- title: Deploy +- items: + - type: markdown + text: " + Get information for setup, app management and installation, and network management of your Surface Hub.
+ +

**Set up your Surface Hub**
Review info needed to prepare for using the out-of-box experience to set up your Surface Hub.
Setup worksheet
First-run program
PowerShell scripts
**Install apps**
Options for installing and managing apps on your Surface Hub.
Install apps
Whiteboard to Whiteboard collaboration
Create provisioning packages
**Network your Surface Hub**
Network scenarios for your Surface Hub.
Wireless network management
Using a room control system
Connect other devices with Surface Hub.
+ " +- title: Manage +- items: + - type: markdown + text: " + Learn how to manage Surface Hub updates and maintain the security and integrity of corporate devices.
+ +

**Manage the device**
Monitoring for Surface Hub is performed through Microsoft Operations Management Suite (OMS).
Monitor your Surface Hub
Accessibility and Surface Hub
**Manage account**
Learn about options for managing accounts used with Surface Hub.
Change the Surface Hub device account
Admin account management
**Stay secure and up to date**
Learn how Surface Hub stays current.
Manage Windows updates
Surface Hub update history
Save your BitLocker key
**Training for your employees**
Find resources to help employees be productive with Surface Hub.
Surface Hub User Guide (PDF, 1.69 MB)
How-to videos
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Surface IT Pro Blog**
Get insight into new Surface products plus tips and tricks for IT professionals.
Learn more
**Surface on Microsoft Mechanics**
View technical demos and walkthroughs of Surface devices, features, and functionality.
Get started
**Follow us on Twitter**
Keep up with the latest news and see the latest product demonstrations.
Visit Twitter
+ " diff --git a/devices/surface/images/discovertools.png b/devices/surface/images/discovertools.png new file mode 100644 index 0000000000..2568398824 Binary files /dev/null and b/devices/surface/images/discovertools.png differ diff --git a/devices/surface/images/managefirmware.png b/devices/surface/images/managefirmware.png new file mode 100644 index 0000000000..392bcc601c Binary files /dev/null and b/devices/surface/images/managefirmware.png differ diff --git a/devices/surface/images/managesettings.png b/devices/surface/images/managesettings.png new file mode 100644 index 0000000000..0f0567f97c Binary files /dev/null and b/devices/surface/images/managesettings.png differ diff --git a/devices/surface/images/mdt.png b/devices/surface/images/mdt.png new file mode 100644 index 0000000000..e185c8c501 Binary files /dev/null and b/devices/surface/images/mdt.png differ diff --git a/devices/surface/images/preparewindowsdeployment.png b/devices/surface/images/preparewindowsdeployment.png new file mode 100644 index 0000000000..d7c04abc9e Binary files /dev/null and b/devices/surface/images/preparewindowsdeployment.png differ diff --git a/devices/surface/images/sccm.png b/devices/surface/images/sccm.png new file mode 100644 index 0000000000..754f2ef89f Binary files /dev/null and b/devices/surface/images/sccm.png differ diff --git a/devices/surface/images/sda.png b/devices/surface/images/sda.png new file mode 100644 index 0000000000..b9433dcd4a Binary files /dev/null and b/devices/surface/images/sda.png differ diff --git a/devices/surface/images/surfaceblog.png b/devices/surface/images/surfaceblog.png new file mode 100644 index 0000000000..d5bef3dc3d Binary files /dev/null and b/devices/surface/images/surfaceblog.png differ diff --git a/devices/surface/images/surfacebook.png b/devices/surface/images/surfacebook.png new file mode 100644 index 0000000000..d27cf05820 Binary files /dev/null and b/devices/surface/images/surfacebook.png differ diff --git a/devices/surface/images/surfacemechanics.png b/devices/surface/images/surfacemechanics.png new file mode 100644 index 0000000000..3d42daaed2 Binary files /dev/null and b/devices/surface/images/surfacemechanics.png differ diff --git a/devices/surface/images/surfacepro.png b/devices/surface/images/surfacepro.png new file mode 100644 index 0000000000..c036b2ad3a Binary files /dev/null and b/devices/surface/images/surfacepro.png differ diff --git a/devices/surface/images/surfacestudio.png b/devices/surface/images/surfacestudio.png new file mode 100644 index 0000000000..c41bbbf0f7 Binary files /dev/null and b/devices/surface/images/surfacestudio.png differ diff --git a/devices/surface/images/twitter.png b/devices/surface/images/twitter.png new file mode 100644 index 0000000000..c61827284e Binary files /dev/null and b/devices/surface/images/twitter.png differ diff --git a/devices/surface/images/windows10.png b/devices/surface/images/windows10.png new file mode 100644 index 0000000000..e48690853c Binary files /dev/null and b/devices/surface/images/windows10.png differ diff --git a/devices/surface/images/windows10upgradepath.png b/devices/surface/images/windows10upgradepath.png new file mode 100644 index 0000000000..c008e446ea Binary files /dev/null and b/devices/surface/images/windows10upgradepath.png differ diff --git a/devices/surface/surface.yml b/devices/surface/surface.yml new file mode 100644 index 0000000000..8287763c1e --- /dev/null +++ b/devices/surface/surface.yml @@ -0,0 +1,61 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Surface devices +metadata: + document_id: + title: Surface devices + description: Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. + keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Evaluate the Surface device portfolio, review the tools and technologies for management of your Surface devices, and learn about Surface technologies and devices with engineering walkthroughs.
+ +

**Surface Pro**
Light enough to take anywhere. Powerful enough to use as a full desktop workstation.
See spec
**Surface Book**
Built for extreme performance. Lightning fast access to apps. Up to 16 hours of battery life.
See spec
**Surface Studio**
Professional-grade power and performance. Use it upright or draw on it like a drafting table.
See spec
+ " +- title: Plan +- items: + - type: markdown + text: " + Explore essential concepts for the deployment of Windows 10 to Surface devices.
+ +

**Try Windows 10 Enterprise free for 90 days**
Try the latest features. Test your apps, hardware, and deployment strategies.
Get started
**Windows 10 upgrade paths**
Upgrade to Windows 10 from a previous version, or from one edition to another.
Explore paths
**Prepare for Windows 10 deployment**
Get familiar with current deployment options and best practices.
Review options
+ " +- title: Deploy +- items: + - type: markdown + text: " + Download deployment tools and get step-by-step guidance on how to upgrade a Surface device or deploy a new image.
+ +

**Microsoft Deployment Toolkit (MDT)**
Automate Windows 10 deployment, and more easily manage security and configurations.
Download the toolkit
**System Center Configuration Manager**
Use in tandem with MDT to deploy Windows 10 and manage PCs and devices moving forward.
Download an eval
**Surface Deployment Accelerator**
Automate the creation and configuration of Windows images for Surface devices.
Download the accelerator
+ " +- title: Manage +- items: + - type: markdown + text: " + Learn how to more easily manage and secure Surface devices in your organization.
+ +

**Manage Surface firmware and driver updates**
Download the latest firmware and drivers for Surface devices.
Manage Surface Dock Updater.
Surface update history
**Discover Surface tools for IT**
Surface Diagnostic Toolkit
Surface Data Eraser
Surface Enterprise Management Mode
Surface Pro 3 Asset Tag CLI Utility
**Manage settings and devices**
Manage Windows corporate devices
Manage Surface UEFI Settings
Bitlocker PIN on Surface Pro 3 and other tablets
Enroll and configure Surface devices with SEMM
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Surface IT Pro Blog**
Get insight into new Surface products plus tips and tricks for IT professionals.
Learn more
**Surface on Microsoft Mechanics**
View technical demos and walkthroughs of Surface devices, features, and functionality.
Get started
**Follow us on Twitter**
Keep up with the latest news and see the latest product demonstrations.
Visit Twitter
+ " diff --git a/windows/client-management/mdm/images/custom-profile-prevent-other-devices.png b/windows/client-management/mdm/images/custom-profile-prevent-other-devices.png new file mode 100644 index 0000000000..1c92a17f8c Binary files /dev/null and b/windows/client-management/mdm/images/custom-profile-prevent-other-devices.png differ diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index a4b7177795..61f823bd03 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -442,6 +442,12 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i <<< Section end 2018/11/15 12:26:41.751 <<< [Exit status: SUCCESS] ``` + +You can also block installation by using a custom profile in Intune. + +![Custom profile](images/custom-profile-prevent-other-devices.png) + +
@@ -539,7 +545,7 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i <<< [Exit status: SUCCESS] ``` -Windows Defender ATP also blocks installation and usage of prohibited peripherals by using a custom profile in Intune. +You can also block installation and usage of prohibited peripherals by using a custom profile in Intune. For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USB\Composite" and "USB\Class_FF", and applies to USB devices with matching hardware IDs that are already installed. diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md index 7cd746c7c7..c61e28a736 100644 --- a/windows/deployment/add-store-apps-to-image.md +++ b/windows/deployment/add-store-apps-to-image.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy -author: DaniHalfin -ms.author: daniha +author: greg-lindsay +ms.author: greglin ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md index 074861843d..f155f00f4c 100644 --- a/windows/deployment/update/waas-branchcache.md +++ b/windows/deployment/update/waas-branchcache.md @@ -4,9 +4,9 @@ description: Use BranchCache to optimize network bandwidth during update deploym ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md index 9897eb371d..a0e4e4886c 100644 --- a/windows/deployment/update/waas-integrate-wufb.md +++ b/windows/deployment/update/waas-integrate-wufb.md @@ -4,9 +4,9 @@ description: Use Windows Update for Business deployments with management tools s ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md index e51a60fb0d..b222321f5b 100644 --- a/windows/deployment/update/waas-manage-updates-configuration-manager.md +++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md @@ -4,9 +4,9 @@ description: System Center Configuration Manager provides maximum control over q ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 10/16/2017 --- diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index 45492a47f7..4f72bbeb5d 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -4,9 +4,9 @@ description: WSUS allows companies to defer, selectively approve, choose when de ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 10/16/2017 --- diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md index c87647a798..84d896d30a 100644 --- a/windows/deployment/update/waas-mobile-updates.md +++ b/windows/deployment/update/waas-mobile-updates.md @@ -4,9 +4,9 @@ description: tbd ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index 70cba0bcec..0045989a89 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -4,9 +4,9 @@ description: Two methods of peer-to-peer content distribution are available in W ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 09/24/2018 --- diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index d663aecf1c..3a9036f170 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -4,9 +4,9 @@ description: tbd ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md index a4042a9e10..aae22f0a1e 100644 --- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md @@ -4,9 +4,9 @@ description: tbd ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 10/13/2017 --- diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index bed1c38f39..b44107bdd2 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -4,9 +4,9 @@ description: Additional settings to control the behavior of Windows Update (WU) ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 49a13d74fc..c400740a30 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -4,9 +4,9 @@ description: Configure Windows Update for Business settings using Group Policy. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md index 7b60f589cb..f32cbbedeb 100644 --- a/windows/deployment/update/waas-wufb-intune.md +++ b/windows/deployment/update/waas-wufb-intune.md @@ -4,9 +4,9 @@ description: Configure Windows Update for Business settings using Microsoft Intu ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library -author: DaniHalfin +author: jaimeo ms.localizationpriority: medium -ms.author: daniha +ms.author: jaimeo ms.date: 07/27/2017 --- diff --git a/windows/hub/images/deploy1.png b/windows/hub/images/deploy1.png new file mode 100644 index 0000000000..1390683f78 Binary files /dev/null and b/windows/hub/images/deploy1.png differ diff --git a/windows/hub/images/deploy2.png b/windows/hub/images/deploy2.png new file mode 100644 index 0000000000..c26b6d87b2 Binary files /dev/null and b/windows/hub/images/deploy2.png differ diff --git a/windows/hub/images/deploy3.png b/windows/hub/images/deploy3.png new file mode 100644 index 0000000000..0705adb036 Binary files /dev/null and b/windows/hub/images/deploy3.png differ diff --git a/windows/hub/images/deploy4.png b/windows/hub/images/deploy4.png new file mode 100644 index 0000000000..10cbd54516 Binary files /dev/null and b/windows/hub/images/deploy4.png differ diff --git a/windows/hub/images/explore1.png b/windows/hub/images/explore1.png new file mode 100644 index 0000000000..60d8a8a5b4 Binary files /dev/null and b/windows/hub/images/explore1.png differ diff --git a/windows/hub/images/explore2.png b/windows/hub/images/explore2.png new file mode 100644 index 0000000000..a31096c8a4 Binary files /dev/null and b/windows/hub/images/explore2.png differ diff --git a/windows/hub/images/explore3.png b/windows/hub/images/explore3.png new file mode 100644 index 0000000000..2206e69d30 Binary files /dev/null and b/windows/hub/images/explore3.png differ diff --git a/windows/hub/images/faq.png b/windows/hub/images/faq.png new file mode 100644 index 0000000000..d5d90dee9e Binary files /dev/null and b/windows/hub/images/faq.png differ diff --git a/windows/hub/images/insider.png b/windows/hub/images/insider.png new file mode 100644 index 0000000000..ac22d5062d Binary files /dev/null and b/windows/hub/images/insider.png differ diff --git a/windows/hub/images/land-deploy.png b/windows/hub/images/land-deploy.png new file mode 100644 index 0000000000..10cbd54516 Binary files /dev/null and b/windows/hub/images/land-deploy.png differ diff --git a/windows/hub/images/land-explore.png b/windows/hub/images/land-explore.png new file mode 100644 index 0000000000..b23fb8d8c1 Binary files /dev/null and b/windows/hub/images/land-explore.png differ diff --git a/windows/hub/images/land-faq.png b/windows/hub/images/land-faq.png new file mode 100644 index 0000000000..d5d90dee9e Binary files /dev/null and b/windows/hub/images/land-faq.png differ diff --git a/windows/hub/images/land-informed.png b/windows/hub/images/land-informed.png new file mode 100644 index 0000000000..6c9f645da0 Binary files /dev/null and b/windows/hub/images/land-informed.png differ diff --git a/windows/hub/images/land-manage.png b/windows/hub/images/land-manage.png new file mode 100644 index 0000000000..37aa9c59c5 Binary files /dev/null and b/windows/hub/images/land-manage.png differ diff --git a/windows/hub/images/land-new.png b/windows/hub/images/land-new.png new file mode 100644 index 0000000000..884d953a7e Binary files /dev/null and b/windows/hub/images/land-new.png differ diff --git a/windows/hub/images/manage1.png b/windows/hub/images/manage1.png new file mode 100644 index 0000000000..37aa9c59c5 Binary files /dev/null and b/windows/hub/images/manage1.png differ diff --git a/windows/hub/images/manage2.png b/windows/hub/images/manage2.png new file mode 100644 index 0000000000..b52cbfd956 Binary files /dev/null and b/windows/hub/images/manage2.png differ diff --git a/windows/hub/images/plan1.png b/windows/hub/images/plan1.png new file mode 100644 index 0000000000..b52d775ed5 Binary files /dev/null and b/windows/hub/images/plan1.png differ diff --git a/windows/hub/images/plan2.png b/windows/hub/images/plan2.png new file mode 100644 index 0000000000..5bcfed0568 Binary files /dev/null and b/windows/hub/images/plan2.png differ diff --git a/windows/hub/images/plan3.png b/windows/hub/images/plan3.png new file mode 100644 index 0000000000..04c077b748 Binary files /dev/null and b/windows/hub/images/plan3.png differ diff --git a/windows/hub/images/twitter.png b/windows/hub/images/twitter.png new file mode 100644 index 0000000000..7cc7088229 Binary files /dev/null and b/windows/hub/images/twitter.png differ diff --git a/windows/hub/images/wip4biz.png b/windows/hub/images/wip4biz.png new file mode 100644 index 0000000000..6c9f645da0 Binary files /dev/null and b/windows/hub/images/wip4biz.png differ diff --git a/windows/hub/windows-10-landing.yml b/windows/hub/windows-10-landing.yml new file mode 100644 index 0000000000..03923fa63f --- /dev/null +++ b/windows/hub/windows-10-landing.yml @@ -0,0 +1,77 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Windows 10 +metadata: + document_id: + title: Windows 10 + description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.
+ +

**Download a free 90-day evaluation**
Try the latest features. Test your apps, hardware, and deployment strategies.
Start evaluation
**Get started with virtual labs**
Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.
See Windows 10 labs
**Conduct a proof of concept**
Download a lab environment with MDT, Configuration Manager, Windows 10, and more.
Get deployment kit
+ " +- title: What's new +- items: + - type: markdown + text: " + Learn about the latest releases and servicing options.
+ +
What's new in Windows 10, version 1809
What's new in Windows 10, version 1803
What's new in Windows 10, version 1709
Windows 10 release information
Windows 10 update history
Windows 10 roadmap
+ " +- title: Frequently asked questions +- items: + - type: markdown + text: " + Get answers to commom questions, or get help with a specific problem.
+ +
Windows 10 FAQ for IT Pros
Windows 10 forums
Windows 10 TechCommunity
Which edition is right for your organization?
Infrastructure requirements
What's Windows as a service?
Windows 10 Mobile deployment and management guide
+ " +- title: Plan +- items: + - type: markdown + text: " + Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options.
+ +

**Application compatibility**
Get best practices and tools to help you address compatibility issues prior to deployment.
Find apps that are ready for Windows 10.
Identify and prioritize apps with Upgrade Readiness
Test, validate, and implement with the Web Application Compatibility Lab Kit
**Upgrade options**
Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.
Manage Windows upgrades with Upgrade Readiness
Windows 10 upgrade paths
Windows 10 edition upgrades
**Windows as a service**
Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.
Explore
+ " +- title: Deploy +- items: + - type: markdown + text: " + Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
+ +

**In-place upgrade**
The simplest way to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
Upgrade to Windows 10 with Configuration Manager
Upgrade to Windows 10 with MDT
**Traditional deployment**
Some organizations may still need to opt for an image-based deployment of Windows 10.
Deploy Windows 10 with Configuration Manager
Deploy Windows 10 with MDT

**Dynamic provisioning**
With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
Provisioning packages for Windows 10
Build and apply a provisioning package
Customize Windows 10 start and the taskbar
**Other deployment scenarios**
Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.
Windows deployment for education environments
Set up a shared or guest PC with Windows 10
Sideload apps in Windows 10
+ " +- title: Management and security +- items: + - type: markdown + text: " + Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.
+ +

**Manage Windows 10 updates**
Get best practices and tools to help you manage clients and apps.
Manage clients in Windows 10
Manage apps and features in Windows 10
**Security**
Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.
Windows 10 enterprise security
Threat protection
Identity protection
Information protection
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Sign up for the Windows IT Pro Insider**
Find out about new resources and get expert tips and tricks on deployment, management, security, and more.
Learn more
**Follow us on Twitter**
Keep up with the latest desktop and device trends, Windows news, and events for IT pros.
Visit Twitter
**Join the Windows Insider Program for Business**
Get early access to new builds and provide feedback on the latest features and functionalities.
Get started
+ " diff --git a/windows/hub/windows-10.yml b/windows/hub/windows-10.yml new file mode 100644 index 0000000000..a981edf38a --- /dev/null +++ b/windows/hub/windows-10.yml @@ -0,0 +1,77 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Windows 10 +metadata: + document_id: + title: Windows 10 + description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.
+ +

**Download a free 90-day evaluation**
Try the latest features. Test your apps, hardware, and deployment strategies.
Start evaluation
**Get started with virtual labs**
Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.
See Windows 10 labs
**Conduct a proof of concept**
Download a lab environment with MDT, Configuration Manager, Windows 10, and more.
Get deployment kit
+ " +- title: What's new +- items: + - type: markdown + text: " + Learn about the latest releases and servicing options.
+ +
What's new in Windows 10, version 1809
What's new in Windows 10, version 1803
What's new in Windows 10, version 1709
Windows 10 release information
Windows 10 update history
Windows 10 roadmap
+ " +- title: Frequently asked questions +- items: + - type: markdown + text: " + Get answers to commom questions, or get help with a specific problem.
+ +
Windows 10 FAQ for IT Pros
Windows 10 forums
Windows 10 TechCommunity
Which edition is right for your organization?
Infrastructure requirements
What's Windows as a service?
Windows 10 Mobile deployment and management guide
+ " +- title: Plan +- items: + - type: markdown + text: " + Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options.
+ +

**Application compatibility**
Get best practices and tools to help you address compatibility issues prior to deployment.
Find apps that are ready for Windows 10.
Identify and prioritize apps with Upgrade Readiness
Test, validate, and implement with the Web Application Compatibility Lab Kit
**Upgrade options**
Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.
Manage Windows upgrades with Upgrade Readiness
Windows 10 upgrade paths
Windows 10 edition upgrades
**Windows as a service**
Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.
Explore
+ " +- title: Deploy +- items: + - type: markdown + text: " + Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
+ +

**In-place upgrade**
The simplest way to upgrade PCs that are currently running WIndows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
Upgrade to Windows 10 with Configuration Manager
Upgrade to Windows 10 with MDT
**Traditional deployment**
Some organizations may still need to opt for an image-based deployment of Windows 10.
Deploy Windows 10 with Configuration Manager
Deploy Windows 10 with MDT

**Dynamic provisioning**
With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
Provisioning packages for Windows 10
Build and apply a provisioning package
Customize Windows 10 start and the taskbar		Windows deployment for education environments
Set up a shared or guest PC with Windows 10
Sideload apps in Windows 10
+ " +- title: Management and security +- items: + - type: markdown + text: " + Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.
+ +

**Manage Windows 10 updates**
Get best practices and tools to help you manage clients and apps.
Manage clients in Windows 10
Manage apps and features in Windows 10
**Security**
Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.
Windows 10 enterprise security
Threat protection
Identity protection
Information protection
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Sign up for the Windows IT Pro Insider**
Find out about new resources and get expert tips and tricks on deployment, management, security, and more.
Learn more
**Follow us on Twitter**
Keep up with the latest desktop and device trends, Windows news, and events for IT pros.
Visit Twitter
**Join the Windows Insider Program for Business**
Get early access to new builds and provide feedback on the latest features and functionalities.
Get started
+ " diff --git a/windows/known-issues/breadcrumb/toc.yml b/windows/known-issues/breadcrumb/toc.yml deleted file mode 100644 index 61d8fca61e..0000000000 --- a/windows/known-issues/breadcrumb/toc.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / \ No newline at end of file diff --git a/windows/known-issues/docfx.json b/windows/known-issues/docfx.json index a11af85d90..102f32f826 100644 --- a/windows/known-issues/docfx.json +++ b/windows/known-issues/docfx.json @@ -35,9 +35,11 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "breadcrumb_path": "/windows/known-issues/breadcrumb/toc.json", - "extendBreadcrumb": true, - "feedback_system": "None" + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app" }, "fileMetadata": {}, "template": [], diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md index 4783ea80b2..2743a5eb64 100644 --- a/windows/security/identity-protection/access-control/access-control.md +++ b/windows/security/identity-protection/access-control/access-control.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 07/18/2017 --- diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index f1d45ad92f..f9fd22c432 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index b0fe4c8945..0b2f989db7 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md index 3a780b65c8..ee4a831edc 100644 --- a/windows/security/identity-protection/access-control/dynamic-access-control.md +++ b/windows/security/identity-protection/access-control/dynamic-access-control.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 548fb7d8a4..08a96a0f55 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 12/10/2018 --- diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md index 27e5a67167..38c26d9546 100644 --- a/windows/security/identity-protection/access-control/microsoft-accounts.md +++ b/windows/security/identity-protection/access-control/microsoft-accounts.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 10/13/2017 --- diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index cf302f81cd..f0034aa645 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/security-principals.md b/windows/security/identity-protection/access-control/security-principals.md index c5845d5f63..8442ef86cb 100644 --- a/windows/security/identity-protection/access-control/security-principals.md +++ b/windows/security/identity-protection/access-control/security-principals.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md index b26e3f92e0..1569d03c49 100644 --- a/windows/security/identity-protection/access-control/service-accounts.md +++ b/windows/security/identity-protection/access-control/service-accounts.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index 44dcfef806..86165f1bf1 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/change-history-for-access-protection.md b/windows/security/identity-protection/change-history-for-access-protection.md index c975a34e77..b2b7f6daf9 100644 --- a/windows/security/identity-protection/change-history-for-access-protection.md +++ b/windows/security/identity-protection/change-history-for-access-protection.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 08/11/2017 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index fcbb4c85e7..097b826fd6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -8,11 +8,11 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: danihalfin -ms.author: danihalf +ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -localizationpriority: medium +ms.localizationpriority: medium ms.date: 07/27/2017 --- # Windows Hello and password changes diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 6714648b3d..d392da1bd0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -9,11 +9,11 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: danihalfin -ms.author: danihalf +ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: troubleshooting -localizationpriority: medium +ms.localizationpriority: medium ms.date: 05/05/2018 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index 931335aba0..9de0743e58 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -9,11 +9,11 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: danihalfin -ms.author: danihalf +ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -localizationpriority: medium +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 1558fe403a..56c4b7a2a8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -9,11 +9,11 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: danihalfin -ms.author: danihalf +ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -localizationpriority: medium +ms.localizationpriority: medium ms.date: 10/18/2017 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 2d9ac5058a..388993c2d8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -9,11 +9,11 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: danihalfin -ms.author: danihalf +ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article -localizationpriority: medium +ms.localizationpriority: medium ms.date: 10/23/2017 --- diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index 27324b9f2d..b6001998ed 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 02/05/2018 --- diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index 6b8d985281..d4040d63f5 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 01/12/2018 --- # Protect Remote Desktop credentials with Windows Defender Remote Credential Guard diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index 5ad84f0acd..afcbf6f6a8 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index b6089dbdf2..89bbf2b1b7 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md index 1ee636098b..62c98ae6fb 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index 4799d410d7..e529dc00ea 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index 18e18418b3..8c99bb0570 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md index 5e7a95c1eb..facd8ddf40 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-events.md +++ b/windows/security/identity-protection/smart-cards/smart-card-events.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index f29978c298..bb6e5da969 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md index 5094cef3e3..ea407b1937 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md +++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md index eaf2095a74..34b355d1cd 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md index 1085c2c96f..634ec44834 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md index b2c80de568..5b0a21f2f9 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md index 2beebdb095..bf3020f5bd 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md +++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index 13e539022b..f478817d07 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -12,6 +12,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 11/16/2018 --- diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md index d59b92a77f..9f3048c408 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index 485cb1d9a4..786f8d9b6e 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -13,6 +13,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index 74ed925ef4..4b0bf32fe5 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -12,6 +12,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md index b98146f01b..766f4cf4a7 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md index 169c653f6f..65c4b4ded6 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md index fe4845066d..46c153bf96 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index 4a6fad06dd..e95e0215c2 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: conceptual +ms.localizationpriority: medium ms.date: 10/13/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md index 46404dc908..55a77a6140 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md index 3c46398424..a770e703ca 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md index 00602a7e77..9e9a8627c3 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md @@ -11,6 +11,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 10/13/2017 --- diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index 981ed888d6..13fc6ad9e2 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -12,6 +12,7 @@ ms.author: daniha manager: dansimp ms.collection: M365-identity-device-management ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index ed7d4a50ad..a30bed2776 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -6,9 +6,15 @@ ms.prod: w10 ms.mktglfcycl: explore ms.pagetype: security ms.sitesec: library -ms.author: justinha -ms.date: 05/30/2018 +ms.pagetype: security ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 7c0b4e23ef..137f60c277 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -5,9 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # How to collect Windows Information Protection (WIP) audit event logs diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 0743b419b6..752c36ecf3 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/31/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 06c6f03b54..b96fe95c7b 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index faaddea437..cd3a0e3848 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index addb2e2df0..e748a7ae20 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -5,10 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.localizationpriority: medium -ms.date: 09/19/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 6593dc47a3..6e09af0066 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 08/08/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index 1462462e93..1e940e8137 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -5,10 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 08/08/2018 -localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index e766991a5a..2783e1edb2 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 08/08/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 3ff66496cf..f76e952f71 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/15/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md index 6d41dd0d2a..6f1c74f23f 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 08/08/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 52503527a1..3de2479c2a 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/11/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index f02c43a630..437815bd4a 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # General guidance and best practices for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index b1005f382d..3b2125c461 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -6,12 +6,17 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 11/28/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- -# How Windows Information Protection protects files with a sensitivity label +# How Windows Information Protection (WIP) protects a file that has a sensitivity label **Applies to:** @@ -29,10 +34,12 @@ Microsoft information protection technologies include: - [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects local data at rest on endpoint devices, and manages apps to protect local data in use. Data that leaves the endpoint device, such as email attachment, is not protected by WIP. -- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps. +- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365. - [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. Azure Information Protection is applied directly to content, and roams with the content as it's moved between locations and cloud services. +- [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) is a cloud access security broker (CASB) solution that allows you to discover, classify, protect, and monitor user data in first-party and third-party Software-as-a-Service (SaaS) apps used by your organization. + End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps: ![Sensitivity labels](images/sensitivity-labels.png) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 2c82639fdb..787a6cfba1 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -6,10 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 12/18/2018 -ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Limitations while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 4005e8742f..ecb1b8af14 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md index 6baff2c026..b577d9e9e5 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/13/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index e160720d9f..eca0d84acb 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/13/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 49ed1d9865..5768cd40ed 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/11/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index ea566d653b..4af9ce947b 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/11/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index fda5027ad2..b00cdeb40f 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Testing scenarios for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 49ceafd5b2..4f4a47aff3 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/07/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index b971c3a054..13b9c07410 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 8bb9b2c5d5..6574cf15e2 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -8,10 +8,14 @@ ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.localizationpriority: medium -ms.date: 10/15/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Fine-tune Windows Information Protection (WIP) with WIP Learning diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7bd8b0766d..cb808fca31 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -304,66 +304,6 @@ ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) ####### [Using OData Queries](windows-defender-atp/exposed-apis-odata-samples.md) -##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) -#######Actor (deprecated) -######## [Get actor information (deprecated)](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md) -######## [Get actor related alerts (deprecated)](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -#######Alerts (deprecated) -######## [Get alerts (deprecated)](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md) -######## [Get alert information by ID (deprecated)](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -######## [Get alert related actor information (deprecated)](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related domain information (deprecated)](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related file information (deprecated)](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related IP information (deprecated)](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related machine information (deprecated)](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -#######Domain (deprecated) -######## [Get domain related alerts (deprecated)](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get domain related machines (deprecated)](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get domain statistics (deprecated)](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) -######## [Is domain seen in organization (deprecated)](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -#######File(deprecated) -######## [Block file (deprecated)](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) -######## [Get file information (deprecated)](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md) -######## [Get file related alerts (deprecated)](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get file related machines (deprecated)](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get file statistics (deprecated)](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md) -######## [Get FileActions collection (deprecated)](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md) -######## [Unblock file (deprecated)](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md) - -#######IP (deprecated) -######## [Get IP related alerts (deprecated)](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get IP related machines (deprecated)](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get IP statistics (deprecated)](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md) -######## [Is IP seen in organization (deprecated)](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md) -#######Machines (deprecated) -######## [Collect investigation package (deprecated)](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md) -######## [Find machine information by IP (deprecated)](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -######## [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -######## [Get FileMachineAction object (deprecated)](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -######## [Get FileMachineActions collection (deprecated)](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -######## [Get machine by ID (deprecated)](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md) -######## [Get machine log on users (deprecated)](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -######## [Get machine related alerts (deprecated)](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get MachineAction object (deprecated)](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md) -######## [Get MachineActions collection (deprecated)](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md) -######## [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -######## [Get package SAS URI (deprecated)](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md) -######## [Isolate machine (deprecated)](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md) -######## [Release machine from isolation (deprecated)](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md) -######## [Remove app restriction (deprecated)](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -######## [Request sample (deprecated)](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md) -######## [Restrict app execution (deprecated)](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) -######## [Run antivirus scan (deprecated)](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) -######## [Stop and quarantine file (deprecated)](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) - -#######User (deprecated) -######## [Get alert related user information (deprecated)](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -######## [Get user information (deprecated)](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md) -######## [Get user related alerts (deprecated)](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get user related machines (deprecated)](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) - #####Windows updates (KB) info ###### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) @@ -371,22 +311,14 @@ ###### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) - - - - - - - ##### API for custom alerts ###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -####### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) -####### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) -####### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) -####### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) -####### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) -####### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) +###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) +###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) +###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) @@ -400,6 +332,7 @@ ##### Reporting ###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) +###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md) ##### Role-based access control ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index e877d200de..c9c5b0b0c2 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -2,9 +2,13 @@ title: FIPS 140 Validation description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. ms.prod: w10 -ms.localizationpriority: medium -ms.author: daniha +audience: ITPro author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/03/2018 --- diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 028116204e..d81a0d9707 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -106,7 +106,7 @@ Create custom threat intelligence and use a powerful search and query tool to hu Integrate Windows Defender Advanced Threat Protection into your existing workflows. - [Onboarding](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md) - [API and SIEM integration](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) -- [Exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) +- [Exposed APIs](windows-defender-atp/use-apis.md) - [Role-based access control (RBAC)](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) - [Reporting and trends](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index d3ddc702eb..f89dbc8e24 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -298,98 +298,16 @@ ###### Multiple APIs ####### [PowerShell](exposed-apis-full-sample-powershell.md) ###### [Using OData Queries](exposed-apis-odata-samples.md) - -#### [Use the Windows Defender ATP exposed APIs (deprecated)](exposed-apis-windows-defender-advanced-threat-protection.md) -##### [Supported Windows Defender ATP APIs (deprecated)](supported-apis-windows-defender-advanced-threat-protection.md) -######Actor (deprecated) -####### [Get actor information (deprecated)](get-actor-information-windows-defender-advanced-threat-protection.md) -####### [Get actor related alerts (deprecated)](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -######Alerts (deprecated) -####### [Get alerts (deprecated)](get-alerts-windows-defender-advanced-threat-protection.md) -####### [Get alert information by ID (deprecated)](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -####### [Get alert related actor information (deprecated)](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related domain information (deprecated)](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related file information (deprecated)](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related IP information (deprecated)](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related machine information (deprecated)](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -######Domain (deprecated) -####### [Get domain related alerts (deprecated)](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines (deprecated)](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics (deprecated)](get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization (deprecated)](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -######File(deprecated) -####### [Block file (deprecated)](block-file-windows-defender-advanced-threat-protection.md) -####### [Get file information (deprecated)](get-file-information-windows-defender-advanced-threat-protection.md) -####### [Get file related alerts (deprecated)](get-file-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get file related machines (deprecated)](get-file-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get file statistics (deprecated)](get-file-statistics-windows-defender-advanced-threat-protection.md) -####### [Get FileActions collection (deprecated)](get-fileactions-collection-windows-defender-advanced-threat-protection.md) -####### [Unblock file (deprecated)](unblock-file-windows-defender-advanced-threat-protection.md) - -######IP (deprecated) -####### [Get IP related alerts (deprecated)](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get IP related machines (deprecated)](get-ip-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get IP statistics (deprecated)](get-ip-statistics-windows-defender-advanced-threat-protection.md) -####### [Is IP seen in organization (deprecated)](is-ip-seen-org-windows-defender-advanced-threat-protection.md) -######Machines (deprecated) -####### [Collect investigation package (deprecated)](collect-investigation-package-windows-defender-advanced-threat-protection.md) -####### [Find machine information by IP (deprecated)](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -####### [Get machines (deprecated)](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineAction object (deprecated)](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineActions collection (deprecated)](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machine by ID (deprecated)](get-machine-by-id-windows-defender-advanced-threat-protection.md) -####### [Get machine log on users (deprecated)](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -####### [Get machine related alerts (deprecated)](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get MachineAction object (deprecated)](get-machineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get MachineActions collection (deprecated)](get-machineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machines (deprecated)](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get package SAS URI (deprecated)](get-package-sas-uri-windows-defender-advanced-threat-protection.md) -####### [Isolate machine (deprecated)](isolate-machine-windows-defender-advanced-threat-protection.md) -####### [Release machine from isolation (deprecated)](unisolate-machine-windows-defender-advanced-threat-protection.md) -####### [Remove app restriction (deprecated)](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Request sample (deprecated)](request-sample-windows-defender-advanced-threat-protection.md) -####### [Restrict app execution (deprecated)](restrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Run antivirus scan (deprecated)](run-av-scan-windows-defender-advanced-threat-protection.md) -####### [Stop and quarantine file (deprecated)](stop-quarantine-file-windows-defender-advanced-threat-protection.md) - -######User (deprecated) -####### [Get alert related user information (deprecated)](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -####### [Get user information (deprecated)](get-user-information-windows-defender-advanced-threat-protection.md) -####### [Get user related alerts (deprecated)](get-user-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get user related machines (deprecated)](get-user-related-machines-windows-defender-advanced-threat-protection.md) - - - - - - - - - - - - - - - - - - - - - #### API for custom alerts ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) -###### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) -###### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) -###### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) -###### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) #### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) @@ -403,6 +321,7 @@ #### Reporting ##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md) #### Role-based access control ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 08d856647a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Block file API -description: Use this API to blocking files from being running in the organization. -keywords: apis, graph api, supported apis, block file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Block file API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Prevent a file from being executed in the organization using Windows Defender Antivirus. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/files/{sha1}/block -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - - -## Response -If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/block -Content-type: application/json -{ - "Comment": "Block file due to alert 32123" -} - - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6260351a2c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Collect investigation package API -description: Use this API to create calls related to the collecting an investigation package from a machine. -keywords: apis, graph api, supported apis, collect investigation package -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Collect investigation package API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Collect investigation package from a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/collectInvestigationPackage -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. Required. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | Text | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage -Content-type: application/json -{ - "Comment": "Collect forensics due to alert 1234" -} -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "c9042f9b-8483-4526-87b5-35e4c2532223", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@contoso.com ", - "requestorComment": " Collect forensics due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:09:24.1785079Z", - "lastUpdateTimeUtc": "2017-12-04T12:09:24.1785079Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5fd529d286..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Use the Windows Defender Advanced Threat Protection exposed APIs -description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/23/2017 ---- - -# Use the Windows Defender ATP exposed APIs (deprecated) - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - -Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). - -In general, you’ll need to take the following steps to use the APIs: -- Create an app -- Get an access token -- Run queries on the graph API - -### Before you begin -Before using the APIs, you’ll need to create an app that you’ll use to authenticate against the graph. You’ll need to create a native app to use for the adhoc queries. - -## Create an app - -1. Log on to [Azure](https://portal.azure.com). - -2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. - - ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) - -3. In the Create window, enter the following information then click **Create**. - - ![Image of Create application window](images/atp-azure-create.png) - - - **Name:** WinATPGraph - - **Application type:** Native - - **Redirect URI:** `https://localhost` - - -4. Navigate and select the newly created application. - ![Image of new app in Azure](images/atp-azure-atp-app.png) - -5. Click **All settings** > **Required permissions** > **Add**. - - ![Image of All settings, then required permissions](images/atp-azure-required-permissions.png) - -6. Click **Select an API** > **Microsoft Graph**, then click **Select**. - - ![Image of API access and API selection](images/atp-azure-api-access.png) - - -7. Click **Select permissions** and select **Sign in and read user profile** then click **Select**. - - ![Image of select permissions](images/atp-azure-select-permissions.png) - -You can now use the code snippets in the following sections to query the API using the created app ID. - -## Get an access token -1. Get the Client ID from the application you created. - -2. Use the **Client ID**. For example: - ``` - private const string authority = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - private const string resourceId = "https://graph.microsoft.com"; - private const string clientId = "{YOUR CLIENT ID/APP ID HERE}"; - private const string redirect = "https://localhost"; - HttpClient client = new HttpClient(); - AuthenticationContext auth = new AuthenticationContext(authority); - var token = auth.AcquireTokenAsync(resourceId, clientId, new Uri(redirect), new PlatformParameters(PromptBehavior.Auto)).Result; - client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token.AccessTokenType, token.AccessToken); - ``` - -## Query the graph -Once the bearer token is retrieved, you can easily invoke the graph APIs. For example: - -``` -client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); -// sample endpoint -string ep = @"https://graph.microsoft.com/{VERSION}/alerts?$top=5"; -HttpResponseMessage response = client.GetAsync(ep).Result; -string resp = response.Content.ReadAsStringAsync().Result; -Console.WriteLine($"response for: {ep} \r\n {resp}"); -``` - - -## Related topics -- [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 31dd495489..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Find machine information by internal IP API -description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP. -keywords: ip, apis, graph api, supported apis, find machine, machine information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 07/25/2018 ---- - -# Find machine information by internal IP API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Find a machine entity around a specific timestamp by internal IP. - ->[!NOTE] ->The timestamp must be within the last 30 days. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/find(timestamp={time},key={IP}) -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine exists - 200 OK. -If no machine found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61') -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - -The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp. - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb", - "computerDnsName": "", - "firstSeen": "2017-07-06T01:25:04.9480498Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9a091b8391..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get actor information API -description: Retrieves an actor information report. -keywords: apis, graph api, supported apis, get, actor, information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - - -# Get actor information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves an actor information report. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/actor/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and actor exists - 200 OK. -If actor does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/actors/zinc -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", - "id": "zinc", - "linkToReport": "link-to-pdf" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index bd46788176..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Get actor related alerts API -description: Retrieves all alerts related to a given actor. -keywords: apis, graph api, supported apis, get, actor, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get actor related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all alerts related to a given actor. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/actor/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert exists - 200 OK. -If actor does not exist or no related alerts - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 3, - "value": [ - { - "id": "636390437845006321_-1646055784", - "severity": "Medium", - "status": "Resolved", - "description": "Malware associated with ZINC has been detected.", - "recommendedAction": "1.\tContact your incident response team.", - "alertCreationTime": "2017-08-23T00:09:43.9057955Z", - "category": "Malware", - "title": "Malware associated with the activity group ZINC was discovered", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 99122fe355..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert information by ID API -description: Retrieves an alert by its ID. -keywords: apis, graph api, supported apis, get, alert, information, id -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert information by ID API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves an alert by its ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert exists - 200 OK. -If alert not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts/$entity", - "id": "636396039176847743_89954699", - "severity": "Informational", - "status": "New", - "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", - "recommendedAction": "Collect artifacts and determine scope.", - "alertCreationTime": "2017-08-29T11:45:17.5754165Z", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6fbf1c4597..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get alert related actor information API -description: Retrieves the actor information related to the specific alert. -keywords: apis, graph api, supported apis, get, alert, actor, information, related -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related actor information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves the actor information related to the specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/actor -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and actor exist - 200 OK. -If alert not found or actor not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/actor -Content-type: application/json - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", - "id": "zinc", - "linkToReport": "link-to-pdf" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 232626e443..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related domain information -description: Retrieves all domains related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related domain -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related domain information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - -[!include[Deprecatedinformation](deprecate.md)] - - - -Retrieves all domains related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/domains -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and domain exist - 200 OK. -If alert not found or domain not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains", - "value": [ - { - "host": "www.example.com" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index aac3ca91b8..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related files information -description: Retrieves all files related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related files -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related files information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all files related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/files -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and files exist - 200 OK. -If alert not found or files not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files", - "value": [ - { - "sha1": "121c7060dada38275d7082a4b9dc62641b255c36", - "sha256": "c815e0abb8273ba4ea6ca92d430d9e4d065dbb52877a9ce6a8371e5881bd7a94", - "md5": "776c970dfd92397b3c7d74401c85cd40", - "globalPrevalence": null, - "globalFirstObserved": null, -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index c90e325cd2..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related IP information -description: Retrieves all IPs related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related ip -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related IP information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all IPs related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/ips -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and an IP exist - 200 OK. -If alert not found or IPs not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips", -"value": [ - { - "id": "104.80.104.128" - }, - { - "id": "23.203.232.228 -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9d2b5d8a54..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get alert related machine information -description: Retrieves all machines related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related machine -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related machine information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all machines related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/machine -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and machine exist - 200 OK. -If alert not found or machine not found - 404 Not Found. - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", - "id": "207575116e44741d2b22b6a81429b3ca4fd34608", - "computerDnsName": "machine1-corp.contoso.com", - "firstSeen": "2015-12-01T11:31:53.7016691Z", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0f7a062536..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Get alert related user information -description: Retrieves the user associated to a specific alert. -keywords: apis, graph api, supported apis, get, alert, information, related, user -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related user information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves the user associated to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/user -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and a user exists - 200 OK. -If alert not found or user not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", - "id": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4\\DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", - "accountSid": null, - "accountName": "DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", - "accountDomainName": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4fd7bfe798..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Get alerts API -description: Retrieves top recent alerts. -keywords: apis, graph api, supported apis, get, alerts, recent -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves top recent alerts. - - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alerts exists - 200 OK. -If no recent alerts found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 5000, - "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/alerts?$skip=5000", - "value": [ - { - "id": "636396039176847743_89954699", - "severity": "Informational", - "status": "New", - "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", - "recommendedAction": "Collect artifacts and determine scope", - "alertCreationTime": "2017-08-29T11:45:17.5754165Z", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 056e7fcffd..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Get domain related alerts API -description: Retrieves a collection of alerts related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of alerts related to a given domain address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain and alert exists - 200 OK. -If domain or alert does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 45f5bbd0c4..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get domain related machines API -description: Retrieves a collection of machines related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of machines related to a given domain address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain and machine exists - 200 OK. -If domain or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index ad4cf3a27b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get domain statistics API -description: Retrieves the prevalence for the given domain. -keywords: apis, graph api, supported apis, get, domain, domain related machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain statistics API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves the prevalence for the given domain. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.graph.InOrgDomainStats", - "host": "example.com", - "orgPrevalence": "4070", - "orgFirstSeen": "2017-07-30T13:23:48Z", - "orgLastSeen": "2017-08-29T13:09:05Z" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index ca11fae786..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Get file information API -description: Retrieves a file by identifier Sha1, Sha256, or MD5. -keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5 -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a file by identifier Sha1, Sha256, or MD5. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file exists - 200 OK. -If file does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files/$entity", - "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", - "sha256": "34fcb083cd01b1bd89fc467fd3c2cd292de92f915a5cb43a36edaed39ce2689a", - "md5": "d387a06cd4bf5fcc1b50c3882f41a44e", - "globalPrevalence": 40790196, -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index d1f066091d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get file related alerts API -description: Retrieves a collection of alerts related to a given file hash. -keywords: apis, graph api, supported apis, get, file, hash -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given file hash. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file and alert exists - 200 OK. -If file or alerts do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a8650d806c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get file related machines API -description: Retrieves a collection of machines related to a given file hash. -keywords: apis, graph api, supported apis, get, machines, hash -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of machines related to a given file hash. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file and machines exists - 200 OK. -If file or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0e85bdd5e1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get file statistics API -description: Retrieves the prevalence for the given file. -keywords: apis, graph api, supported apis, get, file, statistics -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file statistics API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Retrieves the prevalence for the given file. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file exists - 200 OK. -If file do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", - "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", - "orgPrevalence": "106398", - "orgFirstSeen": "2017-07-30T13:29:50Z", - "orgLastSeen": "2017-08-29T13:29:31Z", - "topFileNames": [ - "chrome.exe", - "old_chrome.exe" - ] -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 86719d8e4d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Get FileActions collection API -description: Use this API to create calls related to get fileactions collection -keywords: apis, graph api, supported apis, get, file, information, fileactions collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Gets collection of actions done on files. Get FileActions collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/fileactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of FileAction objects. - ->[!NOTE] ->Although Block and Unblock actions are under FileAction category, this API only returns the Block actions on files that are currently blocked. For example, a file that is blocked and then unblocked will not be seen on this API. - - - -## Example - -**Request** - -Here is an example of the request on an organization that has three FileActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/fileactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileActions", - "value": [ - { - "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" - }, - { - "fileIdentifier": "df708f0107c7cc75ba2e5aaadc88b8bcfa01071d", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T11:16:19.9209438Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "1316", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T11:16:19.9209438Z" - }, - { - "fileIdentifier": "f5bc0981641c8a1fb3ef03e4bf574d8adf7134cf", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T10:57:02.2430564Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test 1256 2017.11.05", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T10:57:02.2430564Z" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 16d879ad08..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Get FileMachineAction object API -description: Use this API to create calls related to get machineaction object -keywords: apis, graph api, supported apis, filemachineaction object -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileMachineAction object API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Gets file and machine actions. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/filemachineactions/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with the *FileMachineAction* object. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions/3dc88ce3-dd0c-40f7-93fc-8bd14317aab6 -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "3dc88ce3-dd0c-40f7-93fc-8bd14317aab6", - "sha1": "8908b4441a2cd7285fe9c82917f69041cd467cf7", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@contoso.com ", - "requestorComment": "1104", - "status": "Succeeded", - "fileId": "8908b4441a2cd7285fe9c82917f69041cd467cf7", - "machineId": "61a2d326d2190d048950406b54af23416118094a", - "creationDateTimeUtc": "2017-09-06T08:04:06.1994034Z", - "lastUpdateDateTimeUtc": "2017-09-06T08:05:46.9200942Z", - "fileInstances": [ - { - "filePath": "C:\\tools\\PE\\7f06a650-040b-4774-bb39-5264ea9e93fa.exe", - "status": "Succeeded" - } - ] -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6ff6b4a661..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -title: Get FileMachineActions collection API -description: Use this API to create calls related to get filemachineactions collection -keywords: apis, graph api, supported apis, filemachineactions collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileMachineActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Get collection of file and machine actions. Get FileMachineActions collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/filemachineactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of FileMachineAction objects since the Retention policy time of the organization. - - -## Example 1 - -**Request** - -Here is an example of the request on an organization that has three FileMachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileActions", - "value": [ - { - "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" - }, - { - "fileIdentifier": "df708f0107c7cc75ba2e5aaadc88b8bcfa01071d", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T11:16:19.9209438Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "1316", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T11:16:19.9209438Z" - }, - { - "fileIdentifier": "f5bc0981641c8a1fb3ef03e4bf574d8adf7134cf", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T10:57:02.2430564Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test 1256 2017.11.05", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T10:57:02.2430564Z" - } - ] -} - - -``` - -##Example 2 - -**Request** - -Here is an example of a request that filters the FileMachineActions by machine ID and shows the latest two FileMachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 -``` - -**Response** - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions", - "value": [ - { - "id": "6f1d364c-680c-499a-b30c-dd9265ad4c9d", - "sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "fileId": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:13:26.2106524Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:15:07.1639963Z", - "fileInstances": [ - { - "filePath": "C:\\Users\\ testUser \\Downloads\\elma.exe", - "status": "Succeeded" - }, - { - "filePath": "C:\\Users\\ testUser \\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\elma (2).exe.xc9q785.partial", - "status": "Succeeded" - }, - ] - }, - { - "id": "c083f601-012f-4955-b4cc-fab50fb69d79", - "sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "type": "RequestSample", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "fileId": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:40:01.1094743Z", - "fileInstances": [ - { - "filePath": "C:\\Windows\\System32\\conhost.exe", - "status": "Succeeded" - } - ] - } - ] -} -``` \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index fa65c52796..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get IP related alerts API -description: Retrieves a collection of alerts related to a given IP address. -keywords: apis, graph api, supported apis, get, ip, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given IP address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and alert exists - 200 OK. -If IP and alerts do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 756cbde8ab..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Get IP related machines API -description: Retrieves a collection of machines related to a given IP address. -keywords: apis, graph api, supported apis, get, ip, related, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP related machines API -Retrieves a collection of alerts related to a given IP address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and machines exists - 200 OK. If IP or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 01e4b54211..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get IP statistics API -description: Retrieves the prevalence for the given IP. -keywords: apis, graph api, supported apis, get, ip, statistics, prevalence -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP statistics API - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - - -Retrieves the prevalence for the given IP. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", - "ipAddress": "192.168.1.1", - "orgPrevalence": "63515", - "orgFirstSeen": "2017-07-30T13:36:06Z", - "orgLastSeen": "2017-08-29T13:32:59Z" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 70f7ef1f4c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get machine by ID API -description: Retrieves a machine entity by ID. -keywords: apis, graph api, supported apis, get, machines, entity, id -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine by ID API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a machine entity by ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine exists - 200 OK. -If no machine found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", - "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", - "computerDnsName": "", - "firstSeen": "2015-03-15T00:18:20.6588778Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1b5ab3844f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get machine log on users API -description: Retrieves a collection of logged on users. -keywords: apis, graph api, supported apis, get, machine, log on, users -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine log on users API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of logged on users. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id}/logonusers -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine and user exist - 200 OK. -If no machine found or no users found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users", - "value": [ - { - "id": "m", - "accountSid": null, - "accountName": "", - "accountDomainName": "northamerica", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 42bdf1c86f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get machine related alerts API -description: Retrieves a collection of alerts related to a given machine ID. -keywords: apis, graph api, supported apis, get, machines, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given machine ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine and alert exists - 200 OK. -If no machine or no alerts found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 1, - "value": [ - { - "id": "636396066728379047_-395412459", - "severity": "Medium", - "status": "New", - "description": "A reverse shell created from PowerShell was detected. A reverse shell allows an attacker to access the compromised machine without authenticating.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5d17696c39..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get MachineAction object API -description: Use this API to create calls related to get machineaction object -keywords: apis, graph api, supported apis, machineaction object -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get MachineAction object API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Get actions done on a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with the *MachineAction* object. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index b0b763756d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Get MachineActions collection API -description: Use this API to create calls related to get machineactions collection -keywords: apis, graph api, supported apis, machineaction collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get MachineActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - Gets collection of actions done on machines. Get MachineAction collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of MachineAction objects since the Retention policy time of the organization. - - -## Example 1 - -**Request** - -Here is an example of the request on an organization that has three MachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions", - "value": [ - { - "id": "69dc3630-1ccc-4342-acf3-35286eec741d", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:43:57.2011911Z", - "lastUpdateTimeUtc": "2017-12-04T12:45:25.4049122Z" - }, - { - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" - }, - { - "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e", - "type": "UnrestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:40.6052029Z", - "lastUpdateTimeUtc": "2017-12-04T12:16:14.2899973Z" - } - ] -} - - -``` - -## Example 2 - -**Request** - -Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 -``` - - - -**Response** - -Here is an example of the response. - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions", - "value": [ - { - "id": "69dc3630-1ccc-4342-acf3-35286eec741d", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:43:57.2011911Z", - "lastUpdateTimeUtc": "2017-12-04T12:45:25.4049122Z" - }, - { - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" - } - ] -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index af20fa7c3a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Get machines API -description: Retrieves a collection of recently seen machines. -keywords: apis, graph api, supported apis, get, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of recently seen machines. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machines exists - 200 OK. -If no recent machines - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "@odata.count": 5000, - "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/machines?$skip=5000", - "value": [ - { - "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", - "computerDnsName": "", - "firstSeen": "2015-03-15T00:18:20.6588778Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 929c85a45a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Get package SAS URI API -description: Use this API to get a URI that allows downloading an investigation package. -keywords: apis, graph api, supported apis, get package, sas, uri -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get package SAS URI API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Get a URI that allows downloading of an investigation package. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions/{id}/getPackageUri -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with object that holds the link to the package in the “value” parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json - -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Edm.String", - "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9301b0a805..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get user information API -description: Retrieve a User entity by key such as user name or domain. -keywords: apis, graph api, supported apis, get, user, user information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get user information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieve a User entity by key (user name or domain\user). - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user exists - 200 OK. -If user does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", - "id": "", - "accountSid": null, - "accountName": "", - "accountDomainName": "", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4884ead11f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get user related alerts API -description: Retrieves a collection of alerts related to a given user ID. -keywords: apis, graph api, supported apis, get, user, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/15/2018 ---- - -# Get user related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given user ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user and alert exists - 200 OK. -If user does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0a0c740329..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get user related machines API -description: Retrieves a collection of machines related to a given user ID. -keywords: apis, graph api, supported apis, get, user, user related alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get user related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of machines related to a given user ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user and machine exists - 200 OK. -If user or machine does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png new file mode 100644 index 0000000000..ddda52b1f0 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f2f3f599ed..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Is domain seen in org API -description: Use this API to create calls related to checking whether a domain was seen in the organization. -keywords: apis, graph api, supported apis, domain, domain seen -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 04/24/2018 ---- - -# Is domain seen in org (deprecated) -Answers whether a domain was seen in the organization. - -[!include[Deprecatedinformation](deprecate.md)] - - - - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains/$entity", - "host": "example.com" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0b86cc08b7..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Is IP seen in org API -description: Answers whether an IP was seen in the organization. -keywords: apis, graph api, supported apis, is, ip, seen, org, organization -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Is IP seen in org (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Answers whether an IP was seen in the organization. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP exists - 200 OK. -If IP do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips/$entity", - "id": "192.168.1.1" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md deleted file mode 100644 index fbff79456d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Isolate machine API -description: Use this API to create calls related isolating a machine. -keywords: apis, graph api, supported apis, isolate machine -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Isolate machine API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Isolates a machine from accessing external network. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/isolate -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -IsolationType | IsolationType | Full or selective isolation - -**IsolationType** controls the type of isolation to perform and can be one of the following: -- Full – Full isolation -- Selective – Restrict only limited set of applications from accessing the network - - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/isolate -Content-type: application/json -{ - "Comment": "Isolate machine due to alert 1234", - “IsolationType”: “Full” -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "b89eb834-4578-496c-8be0-03f004061435", - "type": "Isolate", - "requestor": "Analyst@contoso.com ", - "requestorComment": "Isolate machine due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:12:18.9725659Z", - "lastUpdateTimeUtc": "2017-12-04T12:12:18.9725659Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md index 953abcfa6f..8a0deb4397 100644 --- a/windows/security/threat-protection/windows-defender-atp/management-apis.md +++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md @@ -61,7 +61,7 @@ Managed security service provider | Get a quick overview on managed security ser ## Related topics - [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) +- [Use the Windows Defender ATP exposed APIs](use-apis.md) - [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) - [Role-based access control](rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4d7432ff2f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Request sample API -description: Use this API to create calls related to requesting a sample from a machine. -keywords: apis, graph api, supported apis, request sample -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Request sample API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/requestSample -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -Sha1 | String | Sha1 of the file to upload to the secure storage. **Required**. - -## Response -If successful, this method returns 201, Created response code and *FileMachineAction* object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/requestSample -Content-type: application/json -{ - "Comment": "Request Sample on machine due to alert 32123", - "Sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68" -} - -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "c083f601-012f-4955-b4cc-fab50fb69d79", - "sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "type": "RequestSample", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "status": "InProgress", - "fileId": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "fileInstances": [ - { - "filePath": "C:\\Windows\\System32\\conhost.exe", - "status": "InProgress" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 3f75d91bd0..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Restrict app execution API -description: Use this API to create calls related to restricting an application from executing. -keywords: apis, graph api, supported apis, collect investigation package -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Restrict app execution API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Restrict execution of set of predefined applications. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/restrictCodeExecution -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/restrictCodeExecution -Content-type: application/json -{ - "Comment": "Restrict code execution due to alert 1234" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "78d408d1-384c-4c19-8b57-ba39e378011a", - "type": "RestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Restrict code execution due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:04.3825985Z", - "lastUpdateTimeUtc": "2017-12-04T12:15:04.3825985Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 8ed75cb329..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: Run antivirus scan API -description: Use this API to create calls related to running an antivirus scan on a machine. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Run antivirus scan API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Initiate Windows Defender Antivirus scan on the machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/runAntiVirusScan -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -ScanType| ScanType | Defines the type of the Scan. **Required**. - -**ScanType** controls the type of scan to perform and can be one of the following: - -- **Quick** – Perform quick scan on the machine -- **Full** – Perform full scan on the machine - - - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/runAntiVirusScan -Content-type: application/json -{ - "Comment": "Check machine for viruses due to alert 3212", - “ScanType”: “Full” -} -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:27.1293487Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f3b54eaefe..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Stop and quarantine file API -description: Use this API to create calls related to stopping and quarantining a file. -keywords: apis, graph api, supported apis, stop, quarantine, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Stop and quarantine file API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Stop execution of a file on a machine and ensure it’s not executed again on that machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/stopAndQuarantineFile -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -Sha1 | String | Sha1 of the file to stop and quarantine on the machine. **Required**. - -## Response -If successful, this method returns 201, Created response code and _FileMachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/stopAndQuarantineFile -Content-type: application/json -{ - "Comment": "Stop and quarantine file on machine due to alert 32123", - "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "6f1d364c-680c-499a-b30c-dd9265ad4c9d", - "sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@contoso.com ", - "requestorComment": " Stop and quarantine file on machine due to alert 32123", - "status": "InProgress", - "fileId": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:13:26.2106524Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:13:58.8098277Z", - "fileInstances": [ - { - "filePath": "C:\\Users\\ testUser \\Downloads\\elma.exe", - "status": "InProgress" - }, - { - "filePath": "C:\\Users\\testUser\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\elma (2).exe.xc9q785.partial", - "status": "InProgress" - }, - ] - } - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a01fb9ed2b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Supported Windows Defender Advanced Threat Protection query APIs -description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 09/03/2018 ---- - -# Supported Windows Defender ATP query APIs (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. - -## In this section -Topic | Description -:---|:--- -Actor | Run API calls such as get actor information and get actor related alerts. -Alerts | Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information. -Domain |Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization. -File | Run API calls such as get file information, file related alerts, file related machines, and file statistics. -IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. -Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. -User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. -KbInfo | Run API call that gets list of Windows KB's information -CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's -MachineSecurityStates | Run API call that gets list of machines with their security properties and versions -MachineGroups | Run API call that gets list of machine group definitions \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..04e187f344 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md @@ -0,0 +1,78 @@ +--- +title: Threat protection report in Windows Defender ATP +description: Track alert detections, categories, and severity using the threat protection report +keywords: alert detection, source, alert by category, alert severity, alert classification, determination +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Threat protection report in Windows Defender ATP + +**Applies to:** +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) + +[!include[Prerelease information](prerelease.md)] + +The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time. + +The dashboard is structured into two columns: + +![Image of the threat protection report](images/atp-threat-protection-reports.png) + +Section | Description +:---|:--- +1 | Alerts trends +2 | Alert summary + + +By default, the alert trends display alert information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options: + +- 30 days +- 3 months +- 6 months +- Custom + +While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to 6 months. + + The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. + + + +## Alert attributes +The report is made up of cards that display the following alert attributes: + +- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Windows Defender ATP to trigger alerts. + +- **Threat categories**: shows the types of threat or attack activity that triggered alerts, indicating possible focus areas for your security operations. + +- **Severity**: shows the severity level of alerts, indicating the collective potential impact of threats to your organization and the level of response needed to address them. + +- **Status**: shows the resolution status of alerts, indicating the efficiency of your manual alert responses and of automated remediation (if enabled). + +- **Classification & determination**: shows how you have classified alerts upon resolution, whether you have classified them as actual threats (true alerts) or as incorrect detections (false alerts). These cards also show the determination of resolved alerts, providing additional insight like the types of actual threats found or the legitimate activities that were incorrectly detected. + + + + +## Filter data + +Use the provided filters to include or exclude alerts with certain attributes. + +>[!NOTE] +>These filters apply to **all** the cards in the report. + +For example, to show data about high-severity alerts only: + +1. Under **Filters > Severity**, select **High** +2. Ensure that all other options under **Severity** are deselected. +3. Select **Apply**. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1736e61abf..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Unblock file API -description: Use this API to create calls related to allowing a file to be executed in the organization -keywords: apis, graph api, supported apis, unblock file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Unblock file API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Allow a file to be executed in the organization, using Windows Defender Antivirus. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/files/{sha1}/unblock -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - - -## Response -If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock -Content-type: application/json -{ - "Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm", -} -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673", - "fileIdentifierType": "Sha1", - "actionType": "UnBlock", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 75c9b7f246..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Release machine from isolation API -description: Use this API to create calls related to release a machine from isolation. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Release machine from isolation API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Undo isolation of a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/unisolate -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unisolate -Content-type: application/json -{ - "Comment": "Unisolate machine since it was clean and validated" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "09a0f91e-a2eb-409d-af33-5577fe9bd558", - "type": "Unisolate", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Unisolate machine since it was clean and validated ", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:13:15.0104931Z", - "lastUpdateTimeUtc": "2017-12-04T12:13:15.0104931Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 413288c9bf..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Remove app restriction API -description: Use this API to create calls related to removing a restriction from applications from executing. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Remove app restriction API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Unrestrict execution of set of predefined applications. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/unrestrictCodeExecution -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. Required. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unrestrictCodeExecution -Content-type: application/json -{ - "Comment": "Unrestrict code execution since machine was cleaned and validated" -} - -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e", - "type": "UnrestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Unrestrict code execution since machine was cleaned and validated ", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:40.6052029Z", - "lastUpdateTimeUtc": "2017-12-04T12:15:40.6052029Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 38ca10ad59..2c428b9ff1 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -29,6 +29,12 @@ The following capabilities are generally available (GA). - [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. +### In preview +The following capability are included in the February 2019 preview release. + +- [Reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)
The threat protection report provides high-level information about alerts generated in your organization. + + ## October 2018 The following capabilities are generally available (GA). diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index f261ef363b..0a5094e748 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -60,10 +60,10 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic >[!NOTE] >To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -## Requirements -Your environment needs the following hardware to run System Guard Secure Launch. +## Requirements Met by System Guard Enabled Machines +Any machine with System Guard enabled will automatically meet the following low-level hardware requirements: -|For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon requirements|Description| +|For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| |--------|-----------| |64-bit CPU|A 64-bit computer with minimum 4 cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](https://docs.microsoft.com/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](https://docs.microsoft.com/virtualization/hyper-v-on-windows/reference/tlfs).| |Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs are not supported.| diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 8371aff1a9..6e5a650a0c 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -2,9 +2,13 @@ title: Common Criteria Certifications description: This topic details how Microsoft supports the Common Criteria certification program. ms.prod: w10 -ms.localizationpriority: medium -ms.author: daniha +audience: ITPro author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 10/8/2018 ---