Merge pull request #4343 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Tina Burden 2020-12-04 10:40:48 -08:00 committed by GitHub
commit cb01edcd4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 127 additions and 124 deletions

View File

@ -15,6 +15,7 @@ ms.topic: article
ms.date: 6/26/2018 ms.date: 6/26/2018
ms.reviewer: ms.reviewer:
--- ---
# Manage connection endpoints for Windows 10 Enterprise, version 1809 # Manage connection endpoints for Windows 10 Enterprise, version 1809
**Applies to** **Applies to**
@ -53,7 +54,7 @@ The following endpoint is used to download updates to the Weather app Live Tile.
If you [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), no Live Tiles will be updated. If you [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), no Live Tiles will be updated.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| explorer | HTTP | tile-service.weather.microsoft.com | | explorer | HTTP | tile-service.weather.microsoft.com |
| | HTTP | blob.weather.microsoft.com | | | HTTP | blob.weather.microsoft.com |
@ -63,7 +64,7 @@ If you disable the Microsoft store, other Store apps cannot be installed or upda
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | cdn.onenote.net/livetile/?Language=en-US | | | HTTPS | cdn.onenote.net/livetile/?Language=en-US |
The following endpoints are used for Twitter updates. The following endpoints are used for Twitter updates.
@ -72,7 +73,7 @@ If you disable the Microsoft store, other Store apps cannot be installed or upda
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | wildcard.twimg.com | | | HTTPS | wildcard.twimg.com |
| svchost.exe | | oem.twimg.com/windows/tile.xml | | svchost.exe | | oem.twimg.com/windows/tile.xml |
@ -82,7 +83,7 @@ If you disable the Microsoft store, other Store apps cannot be installed or upda
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | | star-mini.c10r.facebook.com | | | | star-mini.c10r.facebook.com |
The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office.
@ -91,7 +92,7 @@ If you disable the Microsoft store, other Store apps cannot be installed or upda
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net | | WindowsApps\Microsoft.Windows.Photos | HTTPS | evoke-windowsservices-tas.msedge.net |
The following endpoint is used for Candy Crush Saga updates. The following endpoint is used for Candy Crush Saga updates.
@ -100,7 +101,7 @@ If you disable the Microsoft store, other Store apps cannot be installed or upda
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | TLS v1.2 | candycrushsoda.king.com | | | TLS v1.2 | candycrushsoda.king.com |
The following endpoint is used for by the Microsoft Wallet app. The following endpoint is used for by the Microsoft Wallet app.
@ -109,7 +110,7 @@ If you disable the Microsoft store, other Store apps cannot be installed or upda
Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com | | system32\AppHostRegistrationVerifier.exe | HTTPS | wallet.microsoft.com |
The following endpoint is used by the Groove Music app for update HTTP handler status. The following endpoint is used by the Groove Music app for update HTTP handler status.
@ -123,7 +124,7 @@ The following endpoints are used when using the Whiteboard app.
To turn off traffic for this endpoint [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | wbd.ms | | | HTTPS | wbd.ms |
| | HTTPS | int.whiteboard.microsoft.com | | | HTTPS | int.whiteboard.microsoft.com |
| | HTTPS | whiteboard.microsoft.com | | | HTTPS | whiteboard.microsoft.com |
@ -135,28 +136,28 @@ The following endpoint is used to get images that are used for Microsoft Store s
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block images that are used for Microsoft Store suggestions.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| searchui | HTTPS |store-images.s-microsoft.com | | searchui | HTTPS |store-images.s-microsoft.com |
The following endpoint is used to update Cortana greetings, tips, and Live Tiles. The following endpoint is used to update Cortana greetings, tips, and Live Tiles.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), you will block updates to Cortana greetings, tips, and Live Tiles.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| backgroundtaskhost | HTTPS | www.bing.com/client | | backgroundtaskhost | HTTPS | www.bing.com/client |
The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments. The following endpoint is used to configure parameters, such as how often the Live Tile is updated. It's also used to activate experiments.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), parameters would not be updated and the device would no longer participate in experiments.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| backgroundtaskhost | HTTPS | www.bing.com/proactive | | backgroundtaskhost | HTTPS | www.bing.com/proactive |
The following endpoint is used by Cortana to report diagnostic and diagnostic data information. The following endpoint is used by Cortana to report diagnostic and diagnostic data information.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana), Microsoft won't be aware of issues with Cortana and won't be able to fix them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| searchui <br> backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx | | searchui <br> backgroundtaskhost | HTTPS | www.bing.com/threshold/xls.aspx |
## Certificates ## Certificates
@ -169,7 +170,7 @@ We do not recommend blocking this endpoint.
If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTP | ctldl.windowsupdate.com | | svchost | HTTP | ctldl.windowsupdate.com |
## Device authentication ## Device authentication
@ -178,7 +179,7 @@ The following endpoint is used to authenticate a device.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), the device will not be authenticated.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | login.live.com/ppsecure | | | HTTPS | login.live.com/ppsecure |
## Device metadata ## Device metadata
@ -187,7 +188,7 @@ The following endpoint is used to retrieve device metadata.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-devinst), metadata will not be updated for the device.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | | dmd.metaservices.microsoft.com.akadns.net | | | | dmd.metaservices.microsoft.com.akadns.net |
| | HTTP | dmd.metaservices.microsoft.com | | | HTTP | dmd.metaservices.microsoft.com |
@ -197,21 +198,21 @@ The following endpoint is used by the Connected User Experiences and Telemetry c
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | | cy2.vortex.data.microsoft.com.akadns.net | | svchost | | cy2.vortex.data.microsoft.com.akadns.net |
The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. The following endpoint is used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTPS | v10.vortex-win.data.microsoft.com/collect/v1 | | svchost | HTTPS | v10.vortex-win.data.microsoft.com/collect/v1 |
The following endpoints are used by Windows Error Reporting. The following endpoints are used by Windows Error Reporting.
To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| wermgr | | watson.telemetry.microsoft.com | | wermgr | | watson.telemetry.microsoft.com |
| | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net | | | TLS v1.2 | modern.watson.data.microsoft.com.akadns.net |
@ -221,7 +222,7 @@ The following endpoints are used to download fonts on demand.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#font-streaming), you will not be able to download fonts on demand.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | | fs.microsoft.com | | svchost | | fs.microsoft.com |
| | | fs.microsoft.com/fs/windows/config.json | | | | fs.microsoft.com/fs/windows/config.json |
@ -231,7 +232,7 @@ The following endpoint is used for online activation and some app licensing.
To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content | | licensemanager | HTTPS | licensing.mp.microsoft.com/v7.0/licenses/content |
## Location ## Location
@ -240,7 +241,7 @@ The following endpoint is used for location data.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location), apps cannot use location data.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTP | location-inference-westus.cloudapp.net | | | HTTP | location-inference-westus.cloudapp.net |
| | HTTPS | inference.location.live.net | | | HTTPS | inference.location.live.net |
@ -250,7 +251,7 @@ The following endpoint is used to check for updates to maps that have been downl
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps), offline maps will not be updated.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTPS | *g.akamaiedge.net | | svchost | HTTPS | *g.akamaiedge.net |
## Microsoft account ## Microsoft account
@ -259,7 +260,7 @@ The following endpoints are used for Microsoft accounts to sign in.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account), users cannot sign in with Microsoft accounts.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | | login.msa.akadns6.net | | | | login.msa.akadns6.net |
| | | login.live.com | | | | login.live.com |
| | | account.live.com | | | | account.live.com |
@ -272,21 +273,21 @@ The following endpoint is used for the Windows Push Notification Services (WNS).
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#live-tiles), push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | *.wns.windows.com | | | HTTPS | *.wns.windows.com |
The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store.
To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTP | storecatalogrevocation.storequality.microsoft.com | | | HTTP | storecatalogrevocation.storequality.microsoft.com |
The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). The following endpoints are used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net | | | HTTPS | img-prod-cms-rt-microsoft-com.akamaized.net |
| backgroundtransferhost | HTTPS | store-images.microsoft.com | | backgroundtransferhost | HTTPS | store-images.microsoft.com |
@ -294,7 +295,7 @@ The following endpoints are used to communicate with Microsoft Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore), apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTP | storeedgefd.dsx.mp.microsoft.com | | | HTTP | storeedgefd.dsx.mp.microsoft.com |
| | HTTP \ HTTPS | pti.store.microsoft.com | | | HTTP \ HTTPS | pti.store.microsoft.com |
||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.| ||TLS v1.2|cy2.\*.md.mp.microsoft.com.\*.|
@ -306,7 +307,7 @@ Network Connection Status Indicator (NCSI) detects Internet connectivity and cor
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi), NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTP | www.msftconnecttest.com/connecttest.txt | | | HTTP | www.msftconnecttest.com/connecttest.txt |
## Office ## Office
@ -316,7 +317,7 @@ You can turn this off by removing all Microsoft Office apps and the Mail and Cal
If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | | *.a-msedge.net | | | | *.a-msedge.net |
| hxstr | | *.c-msedge.net | | hxstr | | *.c-msedge.net |
| | | *.e-msedge.net | | | | *.e-msedge.net |
@ -330,20 +331,20 @@ You can turn this off by removing all Microsoft Office apps and the Mail and Cal
If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| system32\Auth.Host.exe | HTTPS | outlook.office365.com | | system32\Auth.Host.exe | HTTPS | outlook.office365.com |
The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. The following endpoint is OfficeHub traffic used to get the metadata of Office apps. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
|Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net| |Windows Apps\Microsoft.Windows.Photos|HTTPS|client-office365-tas.msedge.net|
The following endpoint is used to connect the Office To-Do app to it's cloud service. The following endpoint is used to connect the Office To-Do app to it's cloud service.
To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore).
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| |HTTPS|to-do.microsoft.com| | |HTTPS|to-do.microsoft.com|
## OneDrive ## OneDrive
@ -352,14 +353,14 @@ The following endpoint is a redirection service thats used to automatically u
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive), anything that relies on g.live.com to get updated URL information will no longer work. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive), anything that relies on g.live.com to get updated URL information will no longer work.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction | | onedrive | HTTP \ HTTPS | g.live.com/1rewlive5skydrive/ODSUProduction |
The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). The following endpoint is used by OneDrive for Business to download and verify app updates. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US).
To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates. To turn off traffic for this endpoint, uninstall OneDrive for Business. In this case, your device will not able to get OneDrive for Business app updates.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| onedrive | HTTPS | oneclient.sfx.ms | | onedrive | HTTPS | oneclient.sfx.ms |
## Settings ## Settings
@ -368,21 +369,21 @@ The following endpoint is used as a way for apps to dynamically update their con
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| dmclient | | cy2.settings.data.microsoft.com.akadns.net | | dmclient | | cy2.settings.data.microsoft.com.akadns.net |
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| dmclient | HTTPS | settings.data.microsoft.com | | dmclient | HTTPS | settings.data.microsoft.com |
The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it. The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as Windows Connected User Experiences and Telemetry component and Windows Insider Program use it.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback), an app that uses this endpoint may stop working.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTPS | settings-win.data.microsoft.com | | svchost | HTTPS | settings-win.data.microsoft.com |
## Skype ## Skype
@ -390,7 +391,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them. The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
|microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com | |microsoft.windowscommunicationsapps.exe | HTTPS | config.edge.skype.com |
| | HTTPS | browser.pipe.aria.microsoft.com | | | HTTPS | browser.pipe.aria.microsoft.com |
| | | skypeecs-prod-usw-0-b.cloudapp.net | | | | skypeecs-prod-usw-0-b.cloudapp.net |
@ -401,14 +402,14 @@ The following endpoint is used for Windows Defender when Cloud-based Protection
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud-service). If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus#allow-connections-to-the-microsoft-defender-antivirus-cloud-service).
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | | wdcp.microsoft.com | | | | wdcp.microsoft.com |
The following endpoints are used for Windows Defender definition updates. The following endpoints are used for Windows Defender definition updates.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), definitions will not be updated.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | | definitionupdates.microsoft.com | | | | definitionupdates.microsoft.com |
|MpCmdRun.exe|HTTPS|go.microsoft.com | |MpCmdRun.exe|HTTPS|go.microsoft.com |
@ -416,7 +417,7 @@ The following endpoints are used for Windows Defender Smartscreen reporting and
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender-smartscreen), Windows Defender Smartscreen notifications will no appear. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender-smartscreen), Windows Defender Smartscreen notifications will no appear.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| | HTTPS | ars.smartscreen.microsoft.com | | | HTTPS | ars.smartscreen.microsoft.com |
| | HTTPS | unitedstates.smartscreen-prod.microsoft.com | | | HTTPS | unitedstates.smartscreen-prod.microsoft.com |
| | | smartscreen-sn3p.smartscreen.microsoft.com | | | | smartscreen-sn3p.smartscreen.microsoft.com |
@ -427,7 +428,7 @@ The following endpoints are used to retrieve Windows Spotlight metadata that des
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight). If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight), Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see [Windows Spotlight](/windows/configuration/windows-spotlight).
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| backgroundtaskhost | HTTPS | arc.msn.com | | backgroundtaskhost | HTTPS | arc.msn.com |
| backgroundtaskhost | | g.msn.com.nsatc.net | | backgroundtaskhost | | g.msn.com.nsatc.net |
| |TLS v1.2| *.search.msn.com | | |TLS v1.2| *.search.msn.com |
@ -440,14 +441,14 @@ The following endpoint is used for Windows Update downloads of apps and OS updat
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates), Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com | | svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTP | *.windowsupdate.com | | svchost | HTTP | *.windowsupdate.com |
| svchost | HTTP | *.dl.delivery.mp.microsoft.com | | svchost | HTTP | *.dl.delivery.mp.microsoft.com |
@ -455,7 +456,7 @@ The following endpoints enable connections to Windows Update, Microsoft Update,
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store. If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTPS | *.update.microsoft.com | | svchost | HTTPS | *.update.microsoft.com |
| svchost | HTTPS | *.delivery.mp.microsoft.com | | svchost | HTTPS | *.delivery.mp.microsoft.com |
@ -467,7 +468,7 @@ The following endpoint is used for content regulation.
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all. If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |:--------------:|:--------:|:------------|
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com | | svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
@ -478,7 +479,7 @@ The following endpoint is used by the Microsoft forward link redirection service
If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.
| Source process | Protocol | Destination | | Source process | Protocol | Destination |
|----------------|----------|------------| |----------------|:--------:|------------|
|Various|HTTPS|go.microsoft.com| |Various|HTTPS|go.microsoft.com|
## Other Windows 10 editions ## Other Windows 10 editions
@ -496,4 +497,4 @@ To view endpoints for non-Enterprise Windows 10 editions, see:
## Related links ## Related links
- [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) - [Office 365 URLs and IP address ranges](https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US)
- [Network infrastructure requirements for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints) - [Network endpoints for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/intune-endpoints)

View File

@ -1,7 +1,7 @@
--- ---
title: Microsoft Defender Advanced Threat Protection title: Microsoft Defender for Endpoint
description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is an enterprise endpoint security platform that helps defend against advanced persistent threats. description: Microsoft Defender for Endpoint is an enterprise endpoint security platform that helps defend against advanced persistent threats.
keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting keywords: introduction to Microsoft Defender for Endpoint, introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next-generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
--- ---
# Microsoft Defender Advanced Threat Protection # Microsoft Defender for Endpoint
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
@ -123,16 +123,17 @@ Integrate Microsoft Defender Advanced Threat Protection into your existing workf
<a name="mtp"></a> <a name="mtp"></a>
**[Integration with Microsoft solutions](threat-protection-integration.md)** <br> **[Integration with Microsoft solutions](threat-protection-integration.md)** <br>
Defender for Endpoint directly integrates with various Microsoft solutions, including: Defender for Endpoint directly integrates with various Microsoft solutions, including:
- Intune
- Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Azure Security Center - Azure Security Center
- Skype for Business - Azure Sentinel
- Intune
- Microsoft Cloud App Security - Microsoft Cloud App Security
- Microsoft Defender for Identity
- Microsoft Defender for Office
- Skype for Business
**[Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**<br> **[Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)**<br>
With Microsoft Threat Protection, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. With Microsoft 365 Defender, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
## Related topic ## Related topic

View File

@ -1,16 +1,15 @@
--- ---
title: Integrate Microsoft Defender ATP with other Microsoft solutions title: Integrate Microsoft Defender for Endpoint with other Microsoft solutions
ms.reviewer: description: Learn how Microsoft Defender for Endpoint integrates with other Microsoft solutions, including Microsoft Defender for Identity and Azure Security Center.
description: Learn how Microsoft Defender ATP integrates with other Microsoft solutions, including Azure Advanced Threat Protection and Azure Security Center. author: mjcaparas
keywords: microsoft threat protection, conditional access, office, advanced threat protection, azure atp, azure security center, microsoft cloud app security ms.author: macapara
ms.prod: w10
keywords: microsoft 365 defender, conditional access, office, advanced threat protection, microsoft defender for identity, microsoft defender for office, azure security center, microsoft cloud app security, azure sentinel
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library
ms.pagetype: security ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
@ -29,41 +28,43 @@ ms.topic: conceptual
## Integrate with other Microsoft solutions ## Integrate with other Microsoft solutions
Microsoft Defender for Endpoint directly integrates with various Microsoft solutions. Microsoft Defender for Endpoint directly integrates with various Microsoft solutions.
### Azure Advanced Threat Protection (Azure ATP)
Suspicious activities are processes running under a user context. The integration between Microsoft Defender for Endpoint and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities.
### Azure Security Center ### Azure Security Center
Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers. Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
### Azure Sentinel
The Microsoft Defender for Endpoint connector lets you stream alerts from Microsoft Defender for Endpoint into Azure Sentinel. This will enable you to more comprehensively analyze security events across your organization and build playbooks for effective and immediate response.
### Azure Information Protection ### Azure Information Protection
Keep sensitive data secure while enabling productivity in the workplace through data discovery and data protection. Keep sensitive data secure while enabling productivity in the workplace through data discovery and data protection.
### Conditional Access ### Conditional Access
Microsoft Defender for Endpoint's dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources. Microsoft Defender for Endpoint's dynamic device risk score is integrated into the Conditional Access evaluation, ensuring that only secure devices have access to resources.
### Microsoft Cloud App Security ### Microsoft Cloud App Security
Microsoft Cloud App Security leverages Microsoft Defender for Endpoint endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored devices. Microsoft Cloud App Security leverages Microsoft Defender for Endpoint endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Microsoft Defender for Endpoint monitored devices.
### Office 365 Advanced Threat Protection (Office 365 ATP) ### Microsoft Defender for Identity
[Office 365 ATP](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked. Suspicious activities are processes running under a user context. The integration between Microsoft Defender for Endpoint and Azure ATP provides the flexibility of conducting cyber security investigation across activities and identities.
### Microsoft Defender for Office
[Defender for Office 365](https://docs.microsoft.com/office365/securitycompliance/office-365-atp) helps protect your organization from malware in email messages or files through ATP Safe Links, ATP Safe Attachments, advanced Anti-Phishing, and spoof intelligence capabilities. The integration between Office 365 ATP and Microsoft Defender for Endpoint enables security analysts to go upstream to investigate the entry point of an attack. Through threat intelligence sharing, attacks can be contained and blocked.
>[!NOTE] >[!NOTE]
> Office 365 ATP data is displayed for events within the last 30 days. For alerts, Office 365 ATP data is displayed based on first activity time. After that, the data is no longer available in Office 365 ATP. > Defender for Office 365 data is displayed for events within the last 30 days. For alerts, Defender for Office 365 data is displayed based on first activity time. After that, the data is no longer available in Defender for Office 365.
### Skype for Business ### Skype for Business
The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal. The Skype for Business integration provides a way for analysts to communicate with a potentially compromised user or device owner through a simple button from the portal.
## Microsoft Threat Protection ## Microsoft 365 Defender
With Microsoft Threat Protection, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks. With Microsoft 365 Defender, Microsoft Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate and automatically respond to sophisticated attacks.
[Learn more about Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) [Learn more about Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
## Related topics ## Related topics
- [Configure integration and other advanced features](advanced-features.md) - [Configure integration and other advanced features](advanced-features.md)
- [Microsoft Threat Protection overview](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection) - [Microsoft 365 Defender overview](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
- [Turn on Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable) - [Turn on Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable)
- [Protect users, data, and devices with Conditional Access](conditional-access.md) - [Protect users, data, and devices with Conditional Access](conditional-access.md)