From 2ccf6cad86ab94e5d00d8d7b126bdead03d9088f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 5 Nov 2020 16:42:32 -0800 Subject: [PATCH 1/3] completed by --- .../images/tvm-completed-by.png | Bin 0 -> 6687 bytes .../microsoft-defender-atp/tvm-remediation.md | 10 ++++++++++ 2 files changed, 10 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-completed-by.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-completed-by.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-completed-by.png new file mode 100644 index 0000000000000000000000000000000000000000..d41220688ee5d37253919069c76334c034459ba1 GIT binary patch literal 6687 zcmb7}bx>PhyQqUxq-Y@tT3RSj+)7J;Qmp*Y;wf&yf)m>0|QCB2cAtwgh6&2YSvH$=;XcYxH zU7w7dOiegFG_b3w?Az3~(qo${>4yFfV+ygzl_ezhgCsC4l#-TlH0327kyXpxf9Qvl z+W3b#YCC?ogPE4cOe2WIsqLMeGYE!%#D+CTKAoHufN?cEpXpYxUQhC;voVnO_S8c$ z&t?0KnK;3T({rybbKDJ3et+h^e=`f3-@7)|Ym;1KCX}PT)8aQv$xa&Tlax?QLzu|@ za+EamCH+GOLb-=zwBn)cv_$X0a@)_c7R_we4z@j?SfxiX*7$*z>-dPrM3w{k9GKM@ zd+gw=37hntYf|xcImW526Hb(g5b#m>py?Z^nn7(vr5|X-1Oc+|Q=PQG@@`M#$uXXH zC-)XFDgC@jPdosaFyKWVg24*ZMjdJ0OJe^Rnx?&-RlkqM^YC$?{2T;r>yTm`oKLGV z?L1Qht-fG*7cK&}i~3{C@UE`hz#Y~)r|t9lZs8j%WR2K+tEXdIlBxQrZ$naPsGVaJ zX{?Q$aHD=|7;WW^Br|a{ zD!JNkaA`Qk3*R)*f@u2qj%B(8`vT&Aj2sh6)p|djS(#!M%t&9}f<)N9X-tsrTFZLh zH-=e!79`O{o?;+%*KqC4n#=-+XOiZId!I+Y?<#>Q5+#748Zi*0iaIV8A@R|esOc%H zTsxbovP(-u(7cCTpVR@R5_M%3p0;Jxs4K#KlQeDQjf_x`<|5vVQ-pZ`dDT-HPyfu* zY8!Nj^yc0NZnM#`S^d&@7NOxbt8tg?XlCpYxc!hbyU9I0s4o1$+{60FY$jnZhI1K! zYq_Ccuu%b@K*?KqI=dXU4cz()ivaA$2!J>yD+$i8m& zwx4i+NM`{+VKf)rJIEcO8D)GOsa#R48dW6@ko~A44F^p+A~7d>v3kAF3CvO#C~Z^*Hh8(No-i|od8IB{OC~Xyu(QTdU_1eXk46A-n9bl%cjhh zVN@S<8$oS_StmQ~3NYAQEi-VLzt8Ne9ZI0}XiiR9?I&B&2l0%!-d4%f-4B{Oim-LA zQm;e;AV&7gSK)y)N1u%klMXk=wc*Wwa=HF^hDyuga-ec_yGfB71|b z>I_K4j8X5QAHw7~Ul`l3*s2zA)89z-Ov4dRbf7zdoa3|)_Gyu+l-5?+xD1D`Y z;H;~=sqH3=44fdO8Ou(}0m=f)QHO;o#Ii>z$mJVJrb)bB(8ZTQP; z=j+I1vDm+uZno{Q;>jWAz;o{O9r4-IbTK8vvx~iVoYT-U&P+6 zy`O(6#X+p1zpWfVc7IXTKZfbvheo+|6Gh!$`386R(taj$myNx0{vHm)h--wwy&9<7G{*?+sd`d&1H=YFgfjSM zWEpHZRgN(p&OHsoruxX}t;KhTqcNt`m1dtz(>9N-%}6i^b1Va&YCs+?haM<0*Xgvl zn;Axme(G32(IyX^x*TfbcKJ{ENj(bujdMo2K6rIXESR`Q%IK1boTRyK+k?O?PAK3^ zh6LE$()^X5s8as7TyQhh3r*D&dXDYBYG_-M=#uvftpeL(WicgCeP*jFK~;0=Js3y& ztUezgLe*(Tj8igXoANCix(FgZM(#H(`ew+vuAb4cMj^g1*$bN_U2OQdcI;&ORlNE{ z?k0^d_FEUc!LD|-2!g)4;fR|_Q)IP?SyP}AF-^tqH*jTP%QKD?%1f)<1r>dNZiQy| z`}G1u=_{N8%AY9F2uH2Q(DCPMDdp!Ev1Csan7?Kz!o+nO30htCs`K4b7D~MY1)2g| z3JTICSthK!5e1_Bj0h|aO(3#1qihIUTmR!7IqxWU-P~;*{}U&{<8cZqGk=|7DM#^i zI~fDa8?kKJt~cjX0dt?T^mVZA-^X5H^jK3C)9MOs9}R!$bM<9~z6OA;tFZ8@SvsN~ z^H4wrK}eP;V<+7iI;zPxB(B1(KZKo{_)+vLRHltlIb7A>XAmS_gy4Y*&mj9*8pP*B`I7K*+7>U*n*%jS#R08E0Q2O(cjMQ=TkiaVT@`V>( z6JeBm`+Hw{&q-Aw-JK|x&0-dN-irkXHOG^4Zl|MyU&^vzlkHwxp@XeN!mRIeb|vO*0VKg5AKH5PQb#8p$vSm z4Ul4ViPMmd{hrFTD9l&)hbqmJiK(p;XD(Z1MHB-ZJ04vi!#^cZxQXBp&8?Z%$#G#5 z*~HgVMII}B-kbTp_$!3vM3q>;+_!+Vk&T6mx{O$KuIKBl5GKM#CA|VJ{LDO8-ALa~ zIhiJYM=e^QG5|zHC%XSzxK&1{&-1mRQsE_8ic z5W0HwP3_G!=Q_qJ&#<||SRWprRDPu)rh0o$D^f>8!O(Hi?Ram+W@gDlIkbkJ`L0F3!_R-Pv;XQ#6se2pGaAqz}kSHs?ycSHG2?v0*%P$8tx@p z?`@!@Kb~Wq7cgralnr_=EJ6q6HtPl5$ny7bpvP2kB|`+w*3d<7g8io}y+!;@^!Ald zb0eo@xBj{buLlRb1E;a6DWFlt5Ph>bu}m%^^(H0!brP5G+%PJxh&eJxHIG0Ip?RW)(@729s2T z60?gX{IZtIVP*dKBr{#Gbpr`q*>L)0>+|(jcwXV$L#;G5%~xnE+q+V@?0wyR>h=2{ znt9URuK3W>?tJ!u;ifj2e8@6s@9C2|Kg(FA0Yxt~

Lp{(UBK`5wbb^!_~odD2yD z<9Va``J3o!3{AX;5OMSrV0rrI#EU#=H~P-=)2?o(|1c6xt-@huWW@em1wYCG^npl%2#kg3$(# zAu_f&_KQcHq@P#&^V$|?b_ampq=j8sJ&*MdsR(-UW_qA2>tm%%rGtM0#SBn@n7Fl7 zj@7QH*ORW6DVAj9YmJYKsT3mf9E^Uf(_c@J9w}jjwzk)!)cwWdqoTlR8*v=-+(IV1 zbKLp9oR$n`Awys6-VP!DfElRYcQJ2*UW^~r4nA`d@08lAhM5FXF-5aH2$QQhdl$v> z;N*1F6r)Mgb>ic|C>kT0k;q~40HGEmH7>f+Fza+5L39ys@VEXyz73@P|H**=m}oiv zj2W1rb|t6@dIv^Gh#ucRuwc*KI zc?Bcsb~t*FFtU?KccT^%jVPN?+?y9$K&`vS0p{~`q&vDmof6w2snW9 zYq0NSY~6c-YUKCaerTcA=h$}o_6!}5SZi^N{==TororInV5v^|R1Xpxoth>*s(T>B z;$mg_3*_fx!TJjML*Cb3q^$7YKrwZ@*IL-83|IYKr$ctc4y%&Xf4^1KRYm%H;9;ul z0hFJ;5hv}-y)k$byoRhkv;4kelE{Pa76FYS(PDs%nctfihsesxK2Nx4ZqaWXW^4MW zIWv_$ZWJ}}vv$VB`e;pma;Ky!<$*{n=GJgzWp35y&3LUR)nHj6Wt0O)3pE`@)VdYb zdj8X_I4Io{T>6y>U3t~%qv0dH9L}>4Ks0f1zsHkwF`dWJ#kn4Q;_*(&WxE%MdgaM` zd=@7yVdTw?C?A*BdokY^v1V$8#6#>e)T0ojnyZ6xs7w_)!(@b zPm6brM)OBcOP+-voVz1kIum!aoIW{;!(XgryGhuRd;US)!H%Q~E*Ku*IcL7|1bZG= zUQQwc-z|Kczdixo?gZU323=%}->_-29w=uAb;<^vB?Q%P?nmlH%6c&03_@4qjP==` zHD2uBH+y@QQ1*=K{M+*W*d}k8{|%*Ejt*p|xK^ma1QE;N&oheV;fh1jW390x$j+*- zDU)dfeYXlX2Yx`5@p6@lL z-!J9QwBMk!bvx|-a!he|X-Udb^J0f0LKlsem!$PJ`KV^bYM{@1CV7+_V}uU`%KbJt z9STOqrL|ozO`Fqp`S~&8P?gGc19|)+PSaAwWRHLH-sY(rBb}spx!h|r*1fo~a;_ca zdD*WxN%T9s2tr?x)Hf9>`e0xSSLBRkIcr^XA{xgKyAOvVUG&yfrSmL=g)pHVe1^$H zm`V#H26z$-l3jQU7R_U*YCphrCU;FE4Ec=HtWpmmq0$NP{O1Y%IyN#! zq|)I|%1Zgav>bu`Ha7udd80Pr+`Jv>i|vOvDP@QjjcM3R8G0@oaVoeJhzhxE>M{2L zXdR5MwvjVYj3~R|(8{K!_jg5Gat*)OZ*t@pDD|3$ExvqNgB&)DK^#VS-9W@cFQ$4Y z!KS6sS_W29jy6oCmM=VfT=7rAN|AAOF!c30oFC?;urlaPs+`5wEQebw8rZggqA^a{ zG7wdqigu1Y4zb8FoHj=k;l$+=x3Q@FS#JC^whh{ZY?EfiAB!90N1eExXdZy3!6x@t zcV0yzYl6%;(AH9Nw~G|Jfx04%{@u+)d}d6FJJJ26c7h`Ezoi3IzAF3V*UP;|#e6TI zI6;NYqA4^TsSg4mm8QrP9gJicW4?fQZysP6Giq0}f>-&?EBN+eQ z5)a4M71H{xhf+g)*K4Z3R{lyp?4vThggv^_tBsE@nRo@*sQ}W493q73%Y#GUxYbHY z-=Cp6Of{vhNo#T zABp}*oY1*{Bg~B9Us}RNSe#M>ow^nygCCP1rVGUmWi$Wf4n0j6pA9QWd2c$OG>L|M zuiVY8c(qeffOEE9km!~Q?Uja6%x*=uYtPn;TNmxyQ&~!o^3j5?%yd>%cuCij_9$Ia z3gt867tI8&W*;(o2LOu&pthG-goP-1uVuM8OCV5bw*+Wai?GbY T^+4Ru9e|3WhC=BJ^U(hS*^tCn literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 83f4fa34f0..17ec33ff29 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -69,6 +69,16 @@ Once you are in the Remediation page, select the remediation activity that you w >[!NOTE] > There is a 180 day retention period for completed remediation activities. To keep the Remediation page performing optimally, the remediation activity will be removed 6 months after its completion. +### Completed by + +Track who closed the remediation activity with the "Completed by" column on the Remediation page. + +- **Email address**: The email of the person who manually completed the task +- **System confirmation**: The task was automatically completed (all devices remediated) +- **N/A**: Information is not available because we don't know how this older task was completed + +![Created by and completed by columns with two rows. One row for completed by has example of an email, the other row says system confirmation.](images/tvm-completed-by.png) + ### Top remediation activities in the dashboard View **Top remediation activities** in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task. From 0902f1de628988eaecf4d9098c5afb7f164323e1 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Thu, 5 Nov 2020 16:43:25 -0800 Subject: [PATCH 2/3] update name --- .../threat-protection/microsoft-defender-atp/tvm-remediation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 17ec33ff29..41b47476e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -69,7 +69,7 @@ Once you are in the Remediation page, select the remediation activity that you w >[!NOTE] > There is a 180 day retention period for completed remediation activities. To keep the Remediation page performing optimally, the remediation activity will be removed 6 months after its completion. -### Completed by +### Completed by column Track who closed the remediation activity with the "Completed by" column on the Remediation page. From e624979559251339bcf0c679e4053ced51220e88 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 11 Nov 2020 15:07:01 -0800 Subject: [PATCH 3/3] value prop --- .../microsoft-defender-atp/tvm-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md index 8ccaa9eb8d..62b6d8fcfc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-prerequisites.md @@ -41,7 +41,7 @@ Ensure that your devices: > Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) > Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) -- Are onboarded to [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure). If you're using Configuration Manager, update your console to the latest version. +- Are onboarded to [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/endpoint-protection-configure) to help remediate threats found by threat and vulnerability management. If you're using Configuration Manager, update your console to the latest version. - Have at least one security recommendation that can be viewed in the device page - Are tagged or marked as co-managed