From 02e5e9c53dc9205d0b34e2338d90a260435f63e6 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Wed, 16 Dec 2020 15:00:55 +0530 Subject: [PATCH 1/8] updated-24620497 updated --- .../Onboard-Windows-10-multi-session-device.md | 3 +++ .../microsoft-defender-atp/offboard-machine-api.md | 5 +++-- .../microsoft-defender-atp/offboard-machines.md | 1 + .../microsoft-defender-atp/onboard-configure.md | 2 +- .../microsoft-defender-atp/onboard-downlevel.md | 1 + .../microsoft-defender-atp/onboard-offline-machines.md | 1 + .../threat-protection/microsoft-defender-atp/onboard.md | 2 +- .../onboarding-endpoint-configuration-manager.md | 1 + .../microsoft-defender-atp/onboarding-endpoint-manager.md | 2 +- .../microsoft-defender-atp/onboarding-notification.md | 2 +- .../threat-protection/microsoft-defender-atp/onboarding.md | 2 +- .../overview-attack-surface-reduction.md | 5 ++--- .../microsoft-defender-atp/overview-custom-detections.md | 1 + .../overview-endpoint-detection-response.md | 2 +- .../overview-hardware-based-isolation.md | 5 +++-- .../microsoft-defender-atp/partner-applications.md | 2 +- .../microsoft-defender-atp/partner-integration.md | 3 ++- .../microsoft-defender-atp/portal-overview.md | 1 + .../microsoft-defender-atp/post-ti-indicator.md | 5 +++-- .../microsoft-defender-atp/preferences-setup.md | 2 ++ .../microsoft-defender-atp/prepare-deployment.md | 3 +-- .../microsoft-defender-atp/preview-settings.md | 2 +- .../threat-protection/microsoft-defender-atp/preview.md | 1 + .../microsoft-defender-atp/production-deployment.md | 1 + .../microsoft-defender-atp/pull-alerts-using-rest-api.md | 1 + 25 files changed, 36 insertions(+), 20 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md index 928df9d3fd..37ffe71d5e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md +++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md @@ -23,6 +23,9 @@ manager: dansimp Applies to: - Windows 10 multi-session running on Windows Virtual Desktop (WVD) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + > [!IMPORTANT] > Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future. diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index 8cc6f7bed9..41a63e43bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -20,8 +20,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md index 3eb9642bf4..204d6c9c0f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md @@ -28,6 +28,7 @@ ms.topic: conceptual - Windows Server 2012 R2 - Windows Server 2016 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-offboarddevices-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md index 1a625303aa..ca25d5a1ad 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-configure.md @@ -21,9 +21,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) [!include[Prerelease information](../../includes/prerelease.md)] diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index f99a9fbab3..815a6139dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -29,6 +29,7 @@ ms.topic: article - Windows 8.1 Pro - Windows 8.1 Enterprise - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink). diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md index e3aea210fc..fe2804290e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md @@ -25,6 +25,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) To onboard devices without Internet access, you'll need to take the following general steps: diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index d35f1668f8..87831075d7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -23,8 +23,8 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Configure and manage all the Defender for Endpoint capabilities to get the best security protection for your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index 87b9afcb05..1e788eab51 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -25,6 +25,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) This article is part of the Deployment guide and acts as an example onboarding method that guides users in: - Step 1: Onboarding Windows devices to the service diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 1c87de1aa1..69308b1069 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -25,7 +25,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index ff6119eee4..b598e8b95d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -21,9 +21,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index f79266bf23..41626f31a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -25,7 +25,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Deploying Defender for Endpoint is a three-phase process: diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index 6f7a10acf3..c560286379 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -23,10 +23,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - -* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Help reduce your attack surfaces, by minimizing the places where your organization is vulnerable to cyberthreats and attacks. Use the following resources to configure protection for the devices and applications in your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index 9135f4ebe0..af438b69b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -24,6 +24,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md index f79f0792f3..caff10f756 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md @@ -24,8 +24,8 @@ ms.topic: conceptual **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md index c1705995b8..882adef417 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md @@ -21,8 +21,9 @@ ms.date: 09/07/2018 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender for Endpoint. diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index af671e6890..0576b900d9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -23,8 +23,8 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** - - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md index 349dc8d30d..1643e00f0b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-integration.md @@ -23,8 +23,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] -**Applies to:** +**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index e4679370bb..fcf3f127d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -24,6 +24,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index ab2b412ae2..13472618b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -20,8 +20,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - -**Applies to:** [Microsoft Defender for Endpoint]https://go.microsoft.com/fwlink/p/?linkid=2146631) +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md index 335e716372..5425f45098 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preferences-setup.md @@ -24,6 +24,8 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index fdec9e6465..96825f43c6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -24,10 +24,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md index 8c1f70f474..295e6f17f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview-settings.md @@ -20,9 +20,9 @@ ms.topic: article [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-previewsettings-abovefoldlink) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index ef3c2f75b8..ee0c75f426 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -28,6 +28,7 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities. diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 516c64e1b5..9d6c7b65fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -27,6 +27,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) Deploying Defender for Endpoint is a three-phase process: diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index d656f995c8..765b46c8d4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -24,6 +24,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) From 95c9a36129df2dfdb3bc5836bdb91f083056b0a7 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Mon, 4 Jan 2021 07:24:55 -0800 Subject: [PATCH 2/8] Update Onboard-Windows-10-multi-session-device.md --- .../Onboard-Windows-10-multi-session-device.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md index 37ffe71d5e..bd53013020 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md +++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md @@ -26,9 +26,6 @@ Applies to: - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -> [!IMPORTANT] -> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future. - > [!WARNING] > Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported. From 85bfb8ec71a7ea7014250077c8448826f80309da Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Tue, 5 Jan 2021 14:25:03 +0530 Subject: [PATCH 3/8] updated updated review comments --- .../Onboard-Windows-10-multi-session-device.md | 2 ++ .../microsoft-defender-atp/offboard-machine-api.md | 2 +- .../microsoft-defender-atp/onboard-downlevel.md | 1 - .../microsoft-defender-atp/onboard-offline-machines.md | 2 ++ .../threat-protection/microsoft-defender-atp/onboard.md | 2 ++ .../onboarding-endpoint-configuration-manager.md | 2 ++ .../microsoft-defender-atp/onboarding-endpoint-manager.md | 2 +- .../microsoft-defender-atp/onboarding-notification.md | 2 ++ .../threat-protection/microsoft-defender-atp/onboarding.md | 2 ++ .../microsoft-defender-atp/overview-attack-surface-reduction.md | 2 ++ .../microsoft-defender-atp/overview-custom-detections.md | 2 ++ .../overview-endpoint-detection-response.md | 2 ++ .../microsoft-defender-atp/overview-hardware-based-isolation.md | 2 ++ .../microsoft-defender-atp/partner-applications.md | 1 + .../microsoft-defender-atp/post-ti-indicator.md | 2 +- .../microsoft-defender-atp/prepare-deployment.md | 2 +- .../threat-protection/microsoft-defender-atp/preview.md | 2 ++ 17 files changed, 27 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md index 37ffe71d5e..f5581264d4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md +++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md @@ -26,6 +26,8 @@ Applies to: - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + > [!IMPORTANT] > Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future. diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md index 41a63e43bb..cc0927755b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machine-api.md @@ -24,7 +24,7 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## API description diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md index 815a6139dd..c7c9163e32 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-downlevel.md @@ -31,7 +31,6 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - >Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-downlevel-abovefoldlink). Defender for Endpoint extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md index fe2804290e..199fdba3ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard-offline-machines.md @@ -27,6 +27,8 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + To onboard devices without Internet access, you'll need to take the following general steps: > [!IMPORTANT] diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboard.md b/windows/security/threat-protection/microsoft-defender-atp/onboard.md index 87831075d7..260a39fc37 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboard.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboard.md @@ -26,6 +26,8 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + Configure and manage all the Defender for Endpoint capabilities to get the best security protection for your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index 1e788eab51..3a0c5a024b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -27,6 +27,8 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + This article is part of the Deployment guide and acts as an example onboarding method that guides users in: - Step 1: Onboarding Windows devices to the service - Step 2: Configuring Defender for Endpoint capabilities diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 69308b1069..6a93ffde91 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -27,7 +27,7 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) This article is part of the Deployment guide and acts as an example onboarding method that guides users in: - Step 1: Onboarding devices to the service by creating a group in Microsoft Endpoint Manager (MEM) to assign configurations on diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index b598e8b95d..0f2411ad67 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -25,6 +25,8 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + Create a notification rule so that when a local onboarding or offboardiing script is used, you'll be notified. ## Before you begin diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 41626f31a2..072ce22415 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -27,6 +27,8 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + Deploying Defender for Endpoint is a three-phase process:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md index c560286379..e9e892404c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction.md @@ -27,6 +27,8 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + Help reduce your attack surfaces, by minimizing the places where your organization is vulnerable to cyberthreats and attacks. Use the following resources to configure protection for the devices and applications in your organization. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index af438b69b1..3e0ed6cb27 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -26,6 +26,8 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions. Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md index caff10f756..c24f798860 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md @@ -27,6 +27,8 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. When a threat is detected, alerts are created in the system for an analyst to investigate. Alerts with the same attack techniques or attributed to the same attacker are aggregated into an entity called an _incident_. Aggregating alerts in this manner makes it easy for analysts to collectively investigate and respond to threats. diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md index 882adef417..4d201bf98a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-hardware-based-isolation.md @@ -25,6 +25,8 @@ ms.date: 09/07/2018 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender for Endpoint. | Feature | Description | diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index 0576b900d9..4080cc791a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -26,6 +26,7 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform. diff --git a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md index 13472618b4..e543c1c541 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md +++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md @@ -24,7 +24,7 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## API description diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 96825f43c6..3aafb8ab2e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -28,7 +28,7 @@ ms.topic: article - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Deploying Defender for Endpoint is a three-phase process: diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index ee0c75f426..769ca23c89 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -30,6 +30,8 @@ ms.topic: conceptual - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + The Defender for Endpoint service is constantly being updated to include new feature enhancements and capabilities. > [!TIP] From b1ff74d359883d866f352818cde1151211c849c4 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Wed, 13 Jan 2021 17:52:16 +0530 Subject: [PATCH 4/8] fix-suggestions To fix suggestions --- ...boarding-endpoint-configuration-manager.md | 78 ++++++++-------- .../onboarding-endpoint-manager.md | 90 +++++++++---------- .../onboarding-notification.md | 4 +- .../microsoft-defender-atp/portal-overview.md | 4 +- 4 files changed, 88 insertions(+), 88 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index 3a0c5a024b..bb86535c49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -66,39 +66,39 @@ Follow the steps below to onboard endpoints using Microsoft Endpoint Configurati 1. In Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Device Collections**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-device-collections.png) + ![Image of Microsoft Endpoint Configuration Manager wizard1](images/configmgr-device-collections.png) 2. Right Click **Device Collection** and select **Create Device Collection**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-create-device-collection.png) + ![Image of Microsoft Endpoint Configuration Manager wizard2](images/configmgr-create-device-collection.png) 3. Provide a **Name** and **Limiting Collection**, then select **Next**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-limiting-collection.png) + ![Image of Microsoft Endpoint Configuration Manager wizard3](images/configmgr-limiting-collection.png) 4. Select **Add Rule** and choose **Query Rule**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-query-rule.png) + ![Image of Microsoft Endpoint Configuration Manager wizard4](images/configmgr-query-rule.png) 5. Click **Next** on the **Direct Membership Wizard** and click on **Edit Query Statement**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-direct-membership.png) + ![Image of Microsoft Endpoint Configuration Manager wizard5](images/configmgr-direct-membership.png) 6. Select **Criteria** and then choose the star icon. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-criteria.png) + ![Image of Microsoft Endpoint Configuration Manager wizard6](images/configmgr-criteria.png) 7. Keep criterion type as **simple value**, choose where as **Operating System - build number**, operator as **is greater than or equal to** and value **14393** and click on **OK**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-simple-value.png) + ![Image of Microsoft Endpoint Configuration Manager wizard7](images/configmgr-simple-value.png) 8. Select **Next** and **Close**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-membership-rules.png) + ![Image of Microsoft Endpoint Configuration Manager wizard8](images/configmgr-membership-rules.png) 9. Select **Next**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-confirm.png) + ![Image of Microsoft Endpoint Configuration Manager wizard9](images/configmgr-confirm.png) After completing this task, you now have a device collection with all the Windows 10 endpoints in the environment. @@ -123,22 +123,22 @@ Manager and deploy that policy to Windows 10 devices. 2. Under Deployment method select the supported version of **Microsoft Endpoint Configuration Manager**. - ![Image of Microsoft Defender for Endpoint onboarding wizard](images/mdatp-onboarding-wizard.png) + ![Image of Microsoft Defender for Endpoint onboarding wizard10](images/mdatp-onboarding-wizard.png) 3. Select **Download package**. - ![Image of Microsoft Defender for Endpoint onboarding wizard](images/mdatp-download-package.png) + ![Image of Microsoft Defender for Endpoint onboarding wizard11](images/mdatp-download-package.png) 4. Save the package to an accessible location. 5. In Microsoft Endpoint Configuration Manager, navigate to: **Assets and Compliance > Overview > Endpoint Protection > Microsoft Defender ATP Policies**. 6. Right-click **Microsoft Defender ATP Policies** and select **Create Microsoft Defender ATP Policy**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-create-policy.png) + ![Image of Microsoft Endpoint Configuration Manager wizard12](images/configmgr-create-policy.png) 7. Enter the name and description, verify **Onboarding** is selected, then select **Next**. - ![Image of Microsoft Endpoint Configuration Manager wizard](images/configmgr-policy-name.png) + ![Image of Microsoft Endpoint Configuration Manager wizard13](images/configmgr-policy-name.png) 8. Click **Browse**. @@ -147,25 +147,25 @@ Manager and deploy that policy to Windows 10 devices. 10. Click **Next**. 11. Configure the Agent with the appropriate samples (**None** or **All file types**). - ![Image of configuration settings](images/configmgr-config-settings.png) + ![Image of configuration settings1](images/configmgr-config-settings.png) 12. Select the appropriate telemetry (**Normal** or **Expedited**) then click **Next**. - ![Image of configuration settings](images/configmgr-telemetry.png) + ![Image of configuration settings2](images/configmgr-telemetry.png) 14. Verify the configuration, then click **Next**. - ![Image of configuration settings](images/configmgr-verify-configuration.png) + ![Image of configuration settings3](images/configmgr-verify-configuration.png) 15. Click **Close** when the Wizard completes. 16. In the Microsoft Endpoint Configuration Manager console, right-click the Defender for Endpoint policy you just created and select **Deploy**. - ![Image of configuration settings](images/configmgr-deploy.png) + ![Image of configuration settings4](images/configmgr-deploy.png) 17. On the right panel, select the previously created collection and click **OK**. - ![Image of configuration settings](images/configmgr-select-collection.png) + ![Image of configuration settings5](images/configmgr-select-collection.png) #### Previous versions of Windows Client (Windows 7 and Windows 8.1) @@ -257,11 +257,11 @@ needs on how Antivirus is configured. 3. Right-click on the newly created antimalware policy and select **Deploy**. - ![Image of next generation protection pane](images/f5508317cd8c7870627cb4726acd5f3d.png) + ![Image of next generation protection pane1](images/f5508317cd8c7870627cb4726acd5f3d.png) 4. Target the new antimalware policy to your Windows 10 collection and click **OK**. - ![Image of next generation protection pane](images/configmgr-select-collection.png) + ![Image of next generation protection pane2](images/configmgr-select-collection.png) After completing this task, you now have successfully configured Windows Defender Antivirus. @@ -284,26 +284,26 @@ To set ASR rules in Audit mode: 3. Set rules to **Audit** and click **Next**. - ![Image of Microsoft Endpoint Configuration Manager console](images/d18e40c9e60aecf1f9a93065cb7567bd.png) + ![Image of Microsoft Endpoint Configuration Manager console1](images/d18e40c9e60aecf1f9a93065cb7567bd.png) 4. Confirm the new Exploit Guard policy by clicking on **Next**. - ![Image of Microsoft Endpoint Configuration Manager console](images/0a6536f2c4024c08709cac8fcf800060.png) + ![Image of Microsoft Endpoint Configuration Manager console2](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click **Close**. - ![Image of Microsoft Endpoint Configuration Manager console](images/95d23a07c2c8bc79176788f28cef7557.png) + ![Image of Microsoft Endpoint Configuration Manager console3](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![Image of Microsoft Endpoint Configuration Manager console](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![Image of Microsoft Endpoint Configuration Manager console4](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Target the policy to the newly created Windows 10 collection and click **OK**. - ![Image of Microsoft Endpoint Configuration Manager console](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![Image of Microsoft Endpoint Configuration Manager console5](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured ASR rules in audit mode. @@ -321,11 +321,11 @@ endpoints. (This may take few minutes) 4. Click **Configuration** tab in Attack surface reduction rules reports. It shows ASR rules configuration overview and ASR rules status on each devices. - ![A screenshot of attack surface reduction rules reports](images/f91f406e6e0aae197a947d3b0e8b2d0d.png) + ![A screenshot of attack surface reduction rules reports1](images/f91f406e6e0aae197a947d3b0e8b2d0d.png) 5. Click each device shows configuration details of ASR rules. - ![A screenshot of attack surface reduction rules reports](images/24bfb16ed561cbb468bd8ce51130ca9d.png) + ![A screenshot of attack surface reduction rules reports2](images/24bfb16ed561cbb468bd8ce51130ca9d.png) See [Optimize ASR rule deployment and detections](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr) for more details. @@ -334,29 +334,29 @@ detections](https://docs.microsoft.com/windows/security/threat-protection/micros #### Set Network Protection rules in Audit mode: 1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![A screenshot System Center Configuration Manager](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![A screenshot System Center Configuration Manager1](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Network protection**. 3. Set the setting to **Audit** and click **Next**. - ![A screenshot System Center Confirugatiom Manager](images/c039b2e05dba1ade6fb4512456380c9f.png) + ![A screenshot System Center Confirugatiom Manager2](images/c039b2e05dba1ade6fb4512456380c9f.png) 4. Confirm the new Exploit Guard Policy by clicking **Next**. - ![A screenshot Exploit GUard policy](images/0a6536f2c4024c08709cac8fcf800060.png) + ![A screenshot Exploit GUard policy1](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click on **Close**. - ![A screenshot Exploit GUard policy](images/95d23a07c2c8bc79176788f28cef7557.png) + ![A screenshot Exploit GUard policy2](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![A screenshot Microsoft Endpoint Configuration Manager ](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![A screenshot Microsoft Endpoint Configuration Manager1](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Select the policy to the newly created Windows 10 collection and choose **OK**. - ![A screenshot Microsoft Endpoint Configuration Manager ](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![A screenshot Microsoft Endpoint Configuration Manager2](images/0ccfe3e803be4b56c668b220b51da7f7.png) After completing this task, you now have successfully configured Network Protection in audit mode. @@ -365,29 +365,29 @@ Protection in audit mode. 1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![A screenshot of Microsoft Endpoint Configuration Manager3](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Controlled folder access**. 3. Set the configuration to **Audit** and click **Next**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) + ![A screenshot of Microsoft Endpoint Configuration Manager4](images/a8b934dab2dbba289cf64fe30e0e8aa4.png) 4. Confirm the new Exploit Guard Policy by clicking on **Next**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/0a6536f2c4024c08709cac8fcf800060.png) + ![A screenshot of Microsoft Endpoint Configuration Manager5](images/0a6536f2c4024c08709cac8fcf800060.png) 5. Once the policy is created click on **Close**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/95d23a07c2c8bc79176788f28cef7557.png) + ![A screenshot of Microsoft Endpoint Configuration Manager6](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/8999dd697e3b495c04eb911f8b68a1ef.png) + ![A screenshot of Microsoft Endpoint Configuration Manager7](images/8999dd697e3b495c04eb911f8b68a1ef.png) 7. Target the policy to the newly created Windows 10 collection and click **OK**. - ![A screenshot of Microsoft Endpoint Configuration Manager ](images/0ccfe3e803be4b56c668b220b51da7f7.png) + ![A screenshot of Microsoft Endpoint Configuration Manager8](images/0ccfe3e803be4b56c668b220b51da7f7.png) You have now successfully configured Controlled folder access in audit mode. diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md index 6a93ffde91..aa5a567499 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-manager.md @@ -80,12 +80,12 @@ needs.
2. Open **Groups > New Group**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/66f724598d9c3319cba27f79dd4617a4.png) + > ![Image of Microsoft Endpoint Manager portal1](images/66f724598d9c3319cba27f79dd4617a4.png) 3. Enter details and create a new group. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/b1e0206d675ad07db218b63cd9b9abc3.png) + > ![Image of Microsoft Endpoint Manager portal2](images/b1e0206d675ad07db218b63cd9b9abc3.png) 4. Add your test user or device. @@ -96,7 +96,7 @@ needs.
7. Find your test user or device and select it. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/149cbfdf221cdbde8159d0ab72644cd0.png) + > ![Image of Microsoft Endpoint Manager portal3](images/149cbfdf221cdbde8159d0ab72644cd0.png) 8. Your testing group now has a member to test. @@ -122,7 +122,7 @@ different types of endpoint security policies: on **Create Profile**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/58dcd48811147feb4ddc17212b7fe840.png) + > ![Image of Microsoft Endpoint Manager portal4](images/58dcd48811147feb4ddc17212b7fe840.png) 3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection and response > Create**. @@ -130,39 +130,39 @@ different types of endpoint security policies: 4. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/a5b2d23bdd50b160fef4afd25dda28d4.png) + > ![Image of Microsoft Endpoint Manager portal5](images/a5b2d23bdd50b160fef4afd25dda28d4.png) 5. Select settings as required, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/cea7e288b5d42a9baf1aef0754ade910.png) + > ![Image of Microsoft Endpoint Manager portal6](images/cea7e288b5d42a9baf1aef0754ade910.png) > [!NOTE] > In this instance, this has been auto populated as Defender for Endpoint has already been integrated with Intune. For more information on the integration, see [Enable Microsoft Defender for Endpoint in Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-configure#to-enable-microsoft-defender-atp). > > The following image is an example of what you'll see when Microsoft Defender for Endpoint is NOT integrated with Intune: > - > ![Image of Microsoft Endpoint Manager portal](images/2466460812371ffae2d19a10c347d6f4.png) + > ![Image of Microsoft Endpoint Manager portal7](images/2466460812371ffae2d19a10c347d6f4.png) 6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/ef844f52ec2c0d737ce793f68b5e8408.png) + > ![Image of Microsoft Endpoint Manager portal8](images/ef844f52ec2c0d737ce793f68b5e8408.png) 7. Add test group by clicking on **Select groups to include** and choose your group, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/fc3525e20752da026ec9f46ab4fec64f.png) + > ![Image of Microsoft Endpoint Manager portal9](images/fc3525e20752da026ec9f46ab4fec64f.png) 8. Review and accept, then select **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/289172dbd7bd34d55d24810d9d4d8158.png) + > ![Image of Microsoft Endpoint Manager portal10](images/289172dbd7bd34d55d24810d9d4d8158.png) 9. You can view your completed policy. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/5a568b6878be8243ea2b9d82d41ed297.png) + > ![Image of Microsoft Endpoint Manager portal11](images/5a568b6878be8243ea2b9d82d41ed297.png) ### Next-generation protection @@ -171,7 +171,7 @@ different types of endpoint security policies: 2. Navigate to **Endpoint security > Antivirus > Create Policy**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6b728d6e0d71108d768e368b416ff8ba.png) + > ![Image of Microsoft Endpoint Manager portal12](images/6b728d6e0d71108d768e368b416ff8ba.png) 3. Select **Platform - Windows 10 and Later - Windows and Profile – Microsoft Defender Antivirus > Create**. @@ -179,34 +179,34 @@ different types of endpoint security policies: 4. Enter name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/a7d738dd4509d65407b7d12beaa3e917.png) + > ![Image of Microsoft Endpoint Manager portal13](images/a7d738dd4509d65407b7d12beaa3e917.png) 5. In the **Configuration settings page**: Set the configurations you require for Microsoft Defender Antivirus (Cloud Protection, Exclusions, Real-Time Protection, and Remediation). > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/3840b1576d6f79a1d72eb14760ef5e8c.png) + > ![Image of Microsoft Endpoint Manager portal14](images/3840b1576d6f79a1d72eb14760ef5e8c.png) 6. Add scope tags if necessary, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/2055e4f9b9141525c0eb681e7ba19381.png) + > ![Image of Microsoft Endpoint Manager portal15](images/2055e4f9b9141525c0eb681e7ba19381.png) 7. Select groups to include, assign to your test group, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/48318a51adee06bff3908e8ad4944dc9.png) + > ![Image of Microsoft Endpoint Manager portal16](images/48318a51adee06bff3908e8ad4944dc9.png) 8. Review and create, then select **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/dfdadab79112d61bd3693d957084b0ec.png) + > ![Image of Microsoft Endpoint Manager portal17](images/dfdadab79112d61bd3693d957084b0ec.png) 9. You'll see the configuration policy you created. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/38180219e632d6e4ec7bd25a46398da8.png) + > ![Image of Microsoft Endpoint Manager portal18](images/38180219e632d6e4ec7bd25a46398da8.png) ### Attack Surface Reduction – Attack surface reduction rules @@ -220,12 +220,12 @@ different types of endpoint security policies: rules > Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/522d9bb4288dc9c1a957392b51384fdd.png) + > ![Image of Microsoft Endpoint Manager portal19](images/522d9bb4288dc9c1a957392b51384fdd.png) 5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png) + > ![Image of Microsoft Endpoint Manager portal20](images/a5a71fd73ec389f3cdce6d1a6bd1ff31.png) 6. In the **Configuration settings page**: Set the configurations you require for Attack surface reduction rules, then select **Next**. @@ -236,27 +236,27 @@ different types of endpoint security policies: > For more information, see [Attack surface reduction rules](attack-surface-reduction.md). > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/dd0c00efe615a64a4a368f54257777d0.png) + > ![Image of Microsoft Endpoint Manager portal21](images/dd0c00efe615a64a4a368f54257777d0.png) 7. Add Scope Tags as required, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png) + > ![Image of Microsoft Endpoint Manager portal22](images/6daa8d347c98fe94a0d9c22797ff6f28.png) 8. Select groups to include and assign to test group, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png) + > ![Image of Microsoft Endpoint Manager portal23](images/45cefc8e4e474321b4d47b4626346597.png) 9. Review the details, then select **Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/2c2e87c5fedc87eba17be0cdeffdb17f.png) + > ![Image of Microsoft Endpoint Manager portal24](images/2c2e87c5fedc87eba17be0cdeffdb17f.png) 10. View the policy. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/7a631d17cc42500dacad4e995823ffef.png) + > ![Image of Microsoft Endpoint Manager portal25](images/7a631d17cc42500dacad4e995823ffef.png) ### Attack Surface Reduction – Web Protection @@ -269,12 +269,12 @@ different types of endpoint security policies: 4. Select **Windows 10 and Later – Web protection > Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png) + > ![Image of Microsoft Endpoint Manager portal26](images/cd7b5a1cbc16cc05f878cdc99ba4c27f.png) 5. Enter a name and description, then select **Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/5be573a60cd4fa56a86a6668b62dd808.png) + > ![Image of Microsoft Endpoint Manager portal27](images/5be573a60cd4fa56a86a6668b62dd808.png) 6. In the **Configuration settings page**: Set the configurations you require for Web Protection, then select **Next**. @@ -285,27 +285,27 @@ different types of endpoint security policies: > For more information, see [Web Protection](web-protection-overview.md). > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6104aa33a56fab750cf30ecabef9f5b6.png) + > ![Image of Microsoft Endpoint Manager portal28](images/6104aa33a56fab750cf30ecabef9f5b6.png) 7. Add **Scope Tags as required > Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/6daa8d347c98fe94a0d9c22797ff6f28.png) + > ![Image of Microsoft Endpoint Manager portal29](images/6daa8d347c98fe94a0d9c22797ff6f28.png) 8. Select **Assign to test group > Next**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/45cefc8e4e474321b4d47b4626346597.png) + > ![Image of Microsoft Endpoint Manager portal30](images/45cefc8e4e474321b4d47b4626346597.png) 9. Select **Review and Create > Create**. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/8ee0405f1a96c23d2eb6f737f11c1ae5.png) + > ![Image of Microsoft Endpoint Manager portal31](images/8ee0405f1a96c23d2eb6f737f11c1ae5.png) 10. View the policy. > [!div class="mx-imgBorder"] - > ![Image of Microsoft Endpoint Manager portal](images/e74f6f6c150d017a286e6ed3dffb7757.png) + > ![Image of Microsoft Endpoint Manager portal32](images/e74f6f6c150d017a286e6ed3dffb7757.png) ## Validate configuration settings @@ -323,22 +323,22 @@ To confirm that the configuration policy has been applied to your test device, f steps above. The following example shows the next generation protection settings. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/43ab6aa74471ee2977e154a4a5ef2d39.png) ](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal33](images/43ab6aa74471ee2977e154a4a5ef2d39.png) ](images/43ab6aa74471ee2977e154a4a5ef2d39.png#lightbox) 2. Select the **Configuration Policy** to view the policy status. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/55ecaca0e4a022f0e29d45aeed724e6c.png) ](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal34](images/55ecaca0e4a022f0e29d45aeed724e6c.png) ](images/55ecaca0e4a022f0e29d45aeed724e6c.png#lightbox) 3. Select **Device Status** to see the status. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/18a50df62cc38749000dbfb48e9a4c9b.png) ](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal35](images/18a50df62cc38749000dbfb48e9a4c9b.png) ](images/18a50df62cc38749000dbfb48e9a4c9b.png#lightbox) 4. Select **User Status** to see the status. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/4e965749ff71178af8873bc91f9fe525.png) ](images/4e965749ff71178af8873bc91f9fe525.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal36](images/4e965749ff71178af8873bc91f9fe525.png) ](images/4e965749ff71178af8873bc91f9fe525.png#lightbox) 5. Select **Per-setting status** to see the status. @@ -346,7 +346,7 @@ To confirm that the configuration policy has been applied to your test device, f >This view is very useful to identify any settings that conflict with another policy. > [!div class="mx-imgBorder"] - > [ ![Image of Microsoft Endpoint Manager portal](images/42acc69d0128ed09804010bdbdf0a43c.png) ](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox) + > [ ![Image of Microsoft Endpoint Manager portal37](images/42acc69d0128ed09804010bdbdf0a43c.png) ](images/42acc69d0128ed09804010bdbdf0a43c.png#lightbox) ### Endpoint detection and response @@ -355,13 +355,13 @@ To confirm that the configuration policy has been applied to your test device, f Protection service should not be started. > [!div class="mx-imgBorder"] - > [ ![Image of Services panel](images/b418a232a12b3d0a65fc98248dbb0e31.png) ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox) + > [ ![Image of Services panel1](images/b418a232a12b3d0a65fc98248dbb0e31.png) ](images/b418a232a12b3d0a65fc98248dbb0e31.png#lightbox) 2. After the configuration has been applied, the Defender for Endpoint Protection Service should be started. > [!div class="mx-imgBorder"] - > [ ![Image of Services panel](images/a621b699899f1b41db211170074ea59e.png) ](images/a621b699899f1b41db211170074ea59e.png#lightbox) + > [ ![Image of Services panel2](images/a621b699899f1b41db211170074ea59e.png) ](images/a621b699899f1b41db211170074ea59e.png#lightbox) 3. After the services are running on the device, the device appears in Microsoft Defender Security Center. @@ -375,7 +375,7 @@ To confirm that the configuration policy has been applied to your test device, f manage the settings as shown below. > [!div class="mx-imgBorder"] - > ![Image of setting page](images/88efb4c3710493a53f2840c3eac3e3d3.png) + > ![Image of setting page1](images/88efb4c3710493a53f2840c3eac3e3d3.png) 2. After the policy has been applied, you should not be able to manually manage the settings. @@ -385,7 +385,7 @@ To confirm that the configuration policy has been applied to your test device, f > **Turn on real-time protection** are being shown as managed. > [!div class="mx-imgBorder"] - > ![Image of setting page](images/9341428b2d3164ca63d7d4eaa5cff642.png) + > ![Image of setting page2](images/9341428b2d3164ca63d7d4eaa5cff642.png) ### Attack Surface Reduction – Attack surface reduction rules @@ -400,13 +400,13 @@ To confirm that the configuration policy has been applied to your test device, f > > AttackSurfaceReductionRules_Ids: - ![Image of command line](images/cb0260d4b2636814e37eee427211fe71.png) + ![Image of command line1](images/cb0260d4b2636814e37eee427211fe71.png) 3. After applying the policy on a test device, open a PowerShell Windows and type `Get-MpPreference`. 4. This should respond with the following lines with content as shown below: - ![Image of command line](images/619fb877791b1fc8bc7dfae1a579043d.png) + ![Image of command line2](images/619fb877791b1fc8bc7dfae1a579043d.png) ### Attack Surface Reduction – Web Protection @@ -415,11 +415,11 @@ To confirm that the configuration policy has been applied to your test device, f 2. This should respond with a 0 as shown below. - ![Image of command line](images/196a8e194ac99d84221f405d0f684f8c.png) + ![Image of command line3](images/196a8e194ac99d84221f405d0f684f8c.png) 3. After applying the policy, open a PowerShell Windows and type `(Get-MpPreference).EnableNetworkProtection`. 4. This should respond with a 1 as shown below. - ![Image of command line](images/c06fa3bbc2f70d59dfe1e106cd9a4683.png) + ![Image of command line4](images/c06fa3bbc2f70d59dfe1e106cd9a4683.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md index af1d86243f..5ace4fefd0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-notification.md @@ -181,8 +181,8 @@ You'll need to have access to: 11. Under **Condition**, add the following expression: "length(body('Get_items')?['value'])" and set the condition to equal to 0. ![Image of apply to each condition](images/apply-to-each-value.png) - ![Image of condition](images/conditions-2.png) - ![Image of condition](images/condition3.png) + ![Image of condition1](images/conditions-2.png) + ![Image of condition2](images/condition3.png) ![Image of send email](images/send-email.png) ## Alert notification diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index fcf3f127d0..5719fa1a32 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -81,7 +81,7 @@ Icon | Description ![Alert icon](images/alert-icon.png)| Alert – Indication of an activity correlated with advanced attacks. ![Detection icon](images/detection-icon.png)| Detection – Indication of a malware threat detection. ![Active threat icon](images/active-threat-icon.png)| Active threat – Threats actively executing at the time of detection. -![Remediated icon](images/remediated-icon.png)| Remediated – Threat removed from the device. +![Remediated icon1](images/remediated-icon.png)| Remediated – Threat removed from the device. ![Not remediated icon](images/not-remediated-icon.png)| Not remediated – Threat not removed from the device. ![Thunderbolt icon](images/atp-thunderbolt-icon.png)| Indicates events that triggered an alert in the **Alert process tree**. ![Device icon](images/atp-machine-icon.png)| Device icon @@ -116,7 +116,7 @@ Icon | Description ![Terminated by system](images/terminated-by-system.png) | Automated investigation - terminated by system ![Pending icon](images/pending.png) | Automated investigation - pending ![Running icon](images/running.png) | Automated investigation - running -![Remediated icon](images/remediated.png) | Automated investigation - remediated +![Remediated icon2](images/remediated.png) | Automated investigation - remediated ![Partially investigated icon](images/partially_remediated.png) | Automated investigation - partially remediated ![Threat insights icon](images/tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights ![Possible active alert icon](images/tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert From 87f5b4b8ea81235dd56b6217d5ff5886def4119c Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 15 Jan 2021 11:35:11 +0530 Subject: [PATCH 5/8] fix-suggestions To fix suggestions --- ...boarding-endpoint-configuration-manager.md | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index bb86535c49..c471aa800c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -228,7 +228,7 @@ Microsoft Defender Antivirus is a built-in antimalware solution that provides ne 2. Select **Scheduled scans**, **Scan settings**, **Default actions**, **Real-time protection**, **Exclusion settings**, **Advanced**, **Threat overrides**, **Cloud Protection Service** and **Security intelligence updates** and choose **OK**. - ![Image of next generation protection pane](images/1566ad81bae3d714cc9e0d47575a8cbd.png) + ![Image of next generation protection pane1](images/1566ad81bae3d714cc9e0d47575a8cbd.png) In certain industries or some select enterprise customers might have specific needs on how Antivirus is configured. @@ -238,30 +238,29 @@ needs on how Antivirus is configured. For more details, see [Windows Security configuration framework](https://docs.microsoft.com/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework) - - ![Image of next generation protection pane](images/cd7daeb392ad5a36f2d3a15d650f1e96.png) + ![Image of next generation protection pane2](images/cd7daeb392ad5a36f2d3a15d650f1e96.png) - ![Image of next generation protection pane](images/36c7c2ed737f2f4b54918a4f20791d4b.png) + ![Image of next generation protection pane3](images/36c7c2ed737f2f4b54918a4f20791d4b.png) - ![Image of next generation protection pane](images/a28afc02c1940d5220b233640364970c.png) + ![Image of next generation protection pane4](images/a28afc02c1940d5220b233640364970c.png) - ![Image of next generation protection pane](images/5420a8790c550f39f189830775a6d4c9.png) + ![Image of next generation protection pane5](images/5420a8790c550f39f189830775a6d4c9.png) - ![Image of next generation protection pane](images/33f08a38f2f4dd12a364f8eac95e8c6b.png) + ![Image of next generation protection pane6](images/33f08a38f2f4dd12a364f8eac95e8c6b.png) - ![Image of next generation protection pane](images/41b9a023bc96364062c2041a8f5c344e.png) + ![Image of next generation protection pane7](images/41b9a023bc96364062c2041a8f5c344e.png) - ![Image of next generation protection pane](images/945c9c5d66797037c3caeaa5c19f135c.png) + ![Image of next generation protection pane8](images/945c9c5d66797037c3caeaa5c19f135c.png) - ![Image of next generation protection pane](images/3876ca687391bfc0ce215d221c683970.png) + ![Image of next generation protection pane9](images/3876ca687391bfc0ce215d221c683970.png) 3. Right-click on the newly created antimalware policy and select **Deploy**. - ![Image of next generation protection pane1](images/f5508317cd8c7870627cb4726acd5f3d.png) + ![Image of next generation protection pane10](images/f5508317cd8c7870627cb4726acd5f3d.png) 4. Target the new antimalware policy to your Windows 10 collection and click **OK**. - ![Image of next generation protection pane2](images/configmgr-select-collection.png) + ![Image of next generation protection pane11](images/configmgr-select-collection.png) After completing this task, you now have successfully configured Windows Defender Antivirus. From 97b3adcc06c2e3f7932b20817210431fc4c7aaf2 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 15 Jan 2021 11:52:48 +0530 Subject: [PATCH 6/8] fix-suggestions To fix suggestions --- .../onboarding-endpoint-configuration-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index c471aa800c..4b1d1bdadd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -275,7 +275,7 @@ To set ASR rules in Audit mode: 1. In the Microsoft Endpoint Configuration Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. - ![Image of Microsoft Endpoint Configuration Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png) + ![Image of Microsoft Endpoint Configuration Manager console0](images/728c10ef26042bbdbcd270b6343f1a8a.png) 2. Select **Attack Surface Reduction**. From 6ed3ad6d59604799ac8d0c15249d9e154c1ce174 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 15 Jan 2021 12:02:01 +0530 Subject: [PATCH 7/8] fix-suggestions to fix suggestions --- .../onboarding-endpoint-configuration-manager.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md index c1356ab8ff..8ad69d2bd0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding-endpoint-configuration-manager.md @@ -286,12 +286,7 @@ To set ASR rules in Audit mode: 1. In the Microsoft Endpoint Manager console, navigate to **Assets and Compliance \> Overview \> Endpoint Protection \> Windows Defender Exploit Guard** and choose **Create Exploit Guard Policy**. -<<<<<<< HEAD ![Image of Microsoft Endpoint Configuration Manager console0](images/728c10ef26042bbdbcd270b6343f1a8a.png) -======= - ![Image of Microsoft Endpoint Manager console](images/728c10ef26042bbdbcd270b6343f1a8a.png) ->>>>>>> 23a3021e03bd6b1ecdffdc738c3e4c4c37399ecb - 2. Select **Attack Surface Reduction**. @@ -310,7 +305,7 @@ To set ASR rules in Audit mode: ![Image of Microsoft Endpoint Configuration Manager console3](images/95d23a07c2c8bc79176788f28cef7557.png) - ![Image of Microsoft Endpoint Manager console](images/95d23a07c2c8bc79176788f28cef7557.png) + ![Image of Microsoft Endpoint Manager console1](images/95d23a07c2c8bc79176788f28cef7557.png) 6. Right-click on the newly created policy and choose **Deploy**. From 3606a8850a297404cec2705bffe366a557a769f6 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 16 Feb 2021 10:23:52 -0800 Subject: [PATCH 8/8] Update partner-applications.md Acrolinx --- .../partner-applications.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md index fd47c04d4a..cf23911650 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/partner-applications.md @@ -57,7 +57,7 @@ Logo |Partner name | Description ![Image of Elastic security logo](images/elastic-security-logo.png) | [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2139303) | Elastic Security is a free and open solution for preventing, detecting, and responding to threats ![Image of IBM QRadar logo](images/ibm-qradar-logo.png) | [IBM QRadar](https://go.microsoft.com/fwlink/?linkid=2113903) | Configure IBM QRadar to collect detections from Defender for Endpoint ![Image of Micro Focus ArcSight logo](images/arcsight-logo.png) | [Micro Focus ArcSight](https://go.microsoft.com/fwlink/?linkid=2113548) | Use Micro Focus ArcSight to pull Defender for Endpoint detections -![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness leveraging Microsoft Graph Security API +![Image of RSA NetWitness logo](images/rsa-netwitness-logo.png) | [RSA NetWitness](https://go.microsoft.com/fwlink/?linkid=2118566) | Stream Defender for Endpoint Alerts to RSA NetWitness using Microsoft Graph Security API ![Image of SafeBreach logo](images/safebreach-logo.png) | [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2114114)| Gain visibility into Defender for Endpoint security events that are automatically correlated with SafeBreach simulations ![Image of Skybox Vulnerability Control logo](images/skybox-logo.png) | [Skybox Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2127467) | Skybox Vulnerability Control cuts through the noise of vulnerability management, correlating business, network, and threat context to uncover your riskiest vulnerabilities ![Image of Splunk logo](images/splunk-logo.png) | [Splunk](https://go.microsoft.com/fwlink/?linkid=2129805) | The Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk @@ -100,25 +100,25 @@ Logo |Partner name | Description Logo |Partner name | Description :---|:---|:--- ![Image of Bitdefender logo](images/bitdefender-logo.png)| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=860032)| Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats -![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy -![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution — Protect your mobile devices with granular visibility and control from Corrata +![Image of Better Mobile logo](images/bettermobile-logo.png) | [Better Mobile](https://go.microsoft.com/fwlink/?linkid=2086214)| AI-based MTD solution to stop mobile threats & phishing. Private internet browsing to protect user privacy +![Image of Corrata logo](images/corrata-logo.png)| [Corrata](https://go.microsoft.com/fwlink/?linkid=2081148) | Mobile solution that protects your mobile devices with granular visibility and control from Corrata ![Image of Lookout logo](images/lookout-logo.png)| [Lookout](https://go.microsoft.com/fwlink/?linkid=866935)| Get Lookout Mobile Threat Protection telemetry for Android and iOS mobile devices ![Image of Symantec Endpoint Protection Mobile logo](images/symantec-logo.png) | [Symantec Endpoint Protection Mobile](https://go.microsoft.com/fwlink/?linkid=2090992)| SEP Mobile helps businesses predict, detect, and prevent security threats and vulnerabilities on mobile devices ![Image of Zimperium logo](images/zimperium-logo.png)| [Zimperium](https://go.microsoft.com/fwlink/?linkid=2118044)|Extend your Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense -## Additional integrations +## More integrations Logo |Partner name | Description :---|:---|:--- ![Image of Cyren Web Filter logo](images/cyren-logo.png)| [Cyren Web Filter](https://go.microsoft.com/fwlink/?linkid=2108221)| Enhance your Defender for Endpoint with advanced Web Filtering -![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information +![Image of Morphisec logo](images/morphisec-logo.png)| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2086215)| Provides Moving Target Defense-powered advanced threat prevention. Integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information ![Image of THOR Cloud logo](images/nextron-thor-logo.png)| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=862988)| Provides on-demand live forensics scans using a signature base with focus on persistent threats ## SIEM integration -Defender for Endpoint supports SIEM integration through a variety of methods — specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). +Defender for Endpoint supports SIEM integration through various of methods. This can include specialized SIEM system interface with out of the box connectors, a generic alert API enabling custom implementations, and an action API enabling alert status management. For more information, see [Enable SIEM integration](enable-siem-integration.md). ## Ticketing and IT service management Ticketing solution integration helps to implement manual and automatic response processes. Defender for Endpoint can help to create tickets automatically when an alert is generated and resolve the alerts when tickets are closed using the alerts API. @@ -131,12 +131,12 @@ Defender for Endpoint offers unique automated investigation and remediation capa Integrating the automated investigation and response capability with other solutions such as IDS and firewalls help to address alerts and minimize the complexities surrounding network and device signal correlation, effectively streamlining the investigation and threat remediation actions on devices. -External alerts can be pushed into Defender for Endpoint and is presented side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert — with the real process and the full story of attack. +External alerts can be pushed to Defender for Endpoint. These alerts are shown side by side with additional device-based alerts from Defender for Endpoint. This view provides a full context of the alert and can reveal the full story of an attack. ## Indicators matching You can use threat-intelligence from providers and aggregators to maintain and use indicators of compromise (IOCs). -Defender for Endpoint allows you to integrate with such solutions and act on IoCs by correlating its rich telemetry and creating alerts when there's a match; leveraging prevention and automated response capabilities to block execution and take remediation actions when there's a match. +Defender for Endpoint allows you to integrate with these solutions and act on IoCs by correlating rich telemetry to create alerts. You can also useg prevention and automated response capabilities to block execution and take remediation actions when there's a match. Defender for Endpoint currently supports IOC matching and remediation for file and network indicators. Blocking is supported for file indicators.