diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md index 90ad7896eb..bb9b5c312b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md @@ -1,5 +1,5 @@ --- -title: Configure machine proxy and Internet connection settings +title: Configure device proxy and Internet connection settings description: Configure the Microsoft Defender ATP proxy and internet settings to enable communication with the cloud service. keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server search.product: eADQiWindows 10XVcnh @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Configure machine proxy and Internet connectivity settings +# Configure device proxy and Internet connectivity settings **Applies to:** @@ -106,8 +106,8 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed below from HTTPS scanning. > [!NOTE] -> settings-win.data.microsoft.com is only needed if you have Windows 10 machines running version 1803 or earlier.
-> URLs that include v20 in them are only needed if you have Windows 10 machines running version 1803 or later. For example, ```us-v20.events.data.microsoft.com``` is needed for a Windows 10 machine running version 1803 or later and onboarded to US Data Storage region. +> settings-win.data.microsoft.com is only needed if you have Windows 10 devices running version 1803 or earlier.
+> URLs that include v20 in them are only needed if you have Windows 10 devices running version 1803 or later. For example, ```us-v20.events.data.microsoft.com``` is needed for a Windows 10 device running version 1803 or later and onboarded to US Data Storage region. Service location | Microsoft.com DNS record -|- @@ -156,7 +156,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover 1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on. -2. Extract the contents of MDATPClientAnalyzer.zip on the machine. +2. Extract the contents of MDATPClientAnalyzer.zip on the device. 3. Open an elevated command-line: @@ -200,5 +200,5 @@ However, if the connectivity check results indicate a failure, an HTTP error is ## Related topics -- [Onboard Windows 10 machines](configure-endpoints.md) +- [Onboard Windows 10 devices](configure-endpoints.md) - [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index cc9b6af753..624868b3ef 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -1,7 +1,7 @@ --- title: Onboard servers to the Microsoft Defender ATP service description: Onboard servers so that they can send sensor data to the Microsoft Defender ATP sensor. -keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers +keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, device management, configure Windows ATP servers, onboard Microsoft Defender Advanced Threat Protection servers search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -78,7 +78,7 @@ You'll need to take the following steps if you choose to onboard servers through Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). > [!TIP] -> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). +> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md). ### Configure and update System Center Endpoint Protection clients @@ -92,9 +92,9 @@ The following steps are required to enable this integration: ### Turn on Server monitoring from the Microsoft Defender Security Center portal -1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**. +1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**. -2. Select Windows Server 2012 R2 and 2016 as the operating system. +2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system. 3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment setup. When the setup completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. @@ -123,7 +123,7 @@ Once completed, you should see onboarded servers in the portal within an hour. ### Option 2: Onboard servers through Azure Security Center -1. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**. +1. In the navigation pane, select **Settings** > **Device management** > **Onboarding**. 2. Select Windows Server 2008 R2 SP1, 2012 R2 and 2016 as the operating system. @@ -143,13 +143,13 @@ Supported tools include: - Group Policy - Microsoft Endpoint Configuration Manager - System Center Configuration Manager 2012 / 2012 R2 1511 / 1602 -- VDI onboarding scripts for non-persistent machines +- VDI onboarding scripts for non-persistent devices -For more information, see [Onboard Windows 10 machines](configure-endpoints.md). +For more information, see [Onboard Windows 10 devices](configure-endpoints.md). Support for Windows Server, provide deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. -1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints.md). +1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md). 2. If you're running a third-party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings. Verify that it was configured correctly: @@ -194,7 +194,7 @@ The following capabilities are included in this integration: ## Offboard servers -You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client machines. +You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2019 Core edition in the same method available for Windows 10 client devices. For other server versions, you have two options to offboard servers from the service: - Uninstall the MMA agent @@ -227,7 +227,7 @@ To offboard the server, you can use either of the following methods: 1. In the navigation pane, select **Settings** > **Onboarding**. - 1. Select **Windows Server 2012 R2 and 2016** as the operating system and get your Workspace ID: + 1. Select **Windows Server 2008 R2 SP1, 2012 R2 and 2016** as the operating system and get your Workspace ID: ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png) @@ -243,8 +243,8 @@ To offboard the server, you can use either of the following methods: ``` ## Related topics -- [Onboard Windows 10 machines](configure-endpoints.md) -- [Onboard non-Windows machines](configure-endpoints-non-windows.md) +- [Onboard Windows 10 devices](configure-endpoints.md) +- [Onboard non-Windows devices](configure-endpoints-non-windows.md) - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) -- [Run a detection test on a newly onboarded Microsoft Defender ATP machine](run-detection-test.md) +- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md) - [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-detection-rule-details.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-detection-rule-details.png index 65ecd31a2a..37b512f51c 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-detection-rule-details.png and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-custom-detection-rule-details.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-offboarding-workspaceid.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-offboarding-workspaceid.png index 1d1cbb4448..57e30708ab 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-offboarding-workspaceid.png and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-server-offboarding-workspaceid.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-aip.png b/windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-aip.png index f66b75a274..d1f65327ba 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-aip.png and b/windows/security/threat-protection/microsoft-defender-atp/images/atp-settings-aip.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/enable_siem.png b/windows/security/threat-protection/microsoft-defender-atp/images/enable_siem.png index ac8a62b883..de64e8f3df 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/enable_siem.png and b/windows/security/threat-protection/microsoft-defender-atp/images/enable_siem.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/investigate-devices-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/investigate-devices-tab.png new file mode 100644 index 0000000000..5a8d735b61 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/investigate-devices-tab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png deleted file mode 100644 index 5c0d13944e..0000000000 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/investigate-machines-tab.png and /dev/null differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png b/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png index ef062f0c8e..21d6470625 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png and b/windows/security/threat-protection/microsoft-defender-atp/images/siem_details.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md index be1d750d4c..b3c0ba3d56 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/information-protection-investigation.md @@ -48,7 +48,7 @@ Learn how to use data sensitivity labels to prioritize incident investigation. 4. Select the **Devices** tab to identify devices storing files with sensitivity labels. - ![Image of device tab](images/investigate-machines-tab.png) + ![Image of device tab](images/investigate-devices-tab.png) 5. Select the devices that store sensitive data and search through the timeline to identify which files may be impacted then take appropriate action to ensure that data is protected.