deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master' into Issue#3010

Browse Source
This commit is contained in:
Jose Ortega 2019-04-23 04:22:58 -05:00
commit d7cd014fad
134 changed files with 331 additions and 408 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
View File

@ -360,9 +360,9 @@ You can turn on or turn off System Center diagnostic data gathering. The default
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**. The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
### Configure the operating system diagnostic data level ## Configure the operating system diagnostic data level
You can configure your operating system diagnostic data settings using the management tools youre already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device. You can configure your operating system diagnostic data settings using the management tools youre already using, such as **Group Policy, MDM, or Windows Provisioning.** You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
Use the appropriate value in the table below when you configure the management policy. Use the appropriate value in the table below when you configure the management policy.
@ -392,7 +392,7 @@ Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com
### Use Registry Editor to set the diagnostic data level ### Use Registry Editor to set the diagnostic data level
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting. Use Registry Editor to manually set the registry level on the devices in your organization, or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, the policy will replace the manually set registry level.
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**. 1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.

53
windows/privacy/diagnostic-data-viewer-overview.md
View File

@ -21,17 +21,17 @@ ms.date: 01/17/2018
**Applies to** **Applies to**
- Windows 10, version 1809 - Windows 10, version 1809
- Windows 10, version 1803 - Windows 10, version 1803
## Introduction ## Introduction
The Diagnostic Data Viewer is a Windows app that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft. The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
## Install and Use the Diagnostic Data Viewer ## Install and Use the Diagnostic Data Viewer
You must turn on data viewing and download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data. You must download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
### Turn on data viewing ### Turn on data viewing
Before you can use this tool, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Before you can use this tool for viewing Windows diagnostic data, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Note that this setting does not affect your Office data viewing or history.
**To turn on data viewing** **To turn on data viewing**
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
@ -44,7 +44,7 @@ Before you can use this tool, you must turn on data viewing in the **Settings**
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page. Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
### Start the Diagnostic Data Viewer ### Start the Diagnostic Data Viewer
You must start this app from the **Settings** panel. You can start this app from the **Settings** panel.
**To start the Diagnostic Data Viewer** **To start the Diagnostic Data Viewer**
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
@ -58,29 +58,25 @@ You must start this app from the **Settings** panel.
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data. 3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
>[!Important] >[!Important]
>Turning on data viewing can use up to 1GB of disk space on your system drive. We strongly recommend that your turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article. >Turning on data viewing can use up to 1GB (by default) of disk space on your system drive. We strongly recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
### Use the Diagnostic Data Viewer ### Use the Diagnostic Data Viewer
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data. The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
- **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft. - **View your Windows diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system. Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
>[!Important] >[!Important]
>Seeing an event does not necessarily mean it has been uploaded yet. Its possible that some events are still queued and will be uploaded at a later time. >Seeing an event does not necessarily mean it has been uploaded yet. Its possible that some events are still queued and will be uploaded at a later time.
![View your diagnostic events](images/ddv-event-view.png) ![View your diagnostic events](images/ddv-event-view.jpg)
- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text. - **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
Selecting an event opens the detailed JSON view, with the matching text highlighted. Selecting an event opens the detailed JSON view, with the matching text highlighted.
- **Filter your diagnostic event categories.** The apps Menu button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft. - **Filter your diagnostic event categories.** The app's **Menu** button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft. Selecting a check box lets you filter between the diagnostic event categories.
Selecting a check box lets you filter between the diagnostic event categories.
![Filter your diagnostic event categories](images/ddv-event-view-filter.png)
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If youre a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others. - **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If youre a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
@ -93,8 +89,20 @@ The Diagnostic Data Viewer provides you with the following features to view and
>[!Important] >[!Important]
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments. >All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
- **View a summary of the data you've shared with us over time.** Available for users on build 19H1+, 'About my data' in Diagnostic Data Viewer lets you see an overview of the Windows data you've shared with Microsoft.
Through this feature, you can checkout how much data you send on average each day, the breakdown of your data by category, the top components and services that have sent data, and more.
>[!Important]
>This content is a reflection of the history of Windows data the app has stored. If you'd like to have extended analyses, please modify the storage capacity of Diagnostic Data Viewer.
![Look at an overview of what data you've shared with Microsoft through the 'About my data' page in Diagnostic Data Viewer](images/ddv-analytics.png)
## View Office Diagnostic Data
By default, Diagnostic Data Viewer shows you Windows data. You can also view Office diagnostic data by enabling the feature in the app settings page. To learn more about how to view Office diagnostic data, please visit this [page](https://go.microsoft.com/fwlink/?linkid=2023830).
## Turn off data viewing ## Turn off data viewing
When you're done reviewing your diagnostic data, you should turn of data viewing. When you're done reviewing your diagnostic data, you should turn of data viewing. This will also remove your Windows data history. Note that this setting does not affect your Office data viewing or history.
**To turn off data viewing** **To turn off data viewing**
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
@ -103,8 +111,24 @@ When you're done reviewing your diagnostic data, you should turn of data viewing
![Location to turn off data viewing](images/ddv-settings-off.png) ![Location to turn off data viewing](images/ddv-settings-off.png)
## Modifying the size of your data history
By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
>[!Important]
>Note that if you have [Office diagnostic data viewing enabled](#view-office-diagnostic-data), the Office data history is fixed at 1 GB and cannot be modified.
**Modify the size of your data history**
To make changes to the size of your Windows diagnostic data history, visit the **app settings**, located at the bottom of the navigation menu. Data will be incrementally dropped with the oldest data points first once your chosen size or time limit is reached.
>[!Important]
>Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
![Change the size of your data history through the app settings](images/ddv-change-db-size.png)
## View additional diagnostic data in the View problem reports tool ## View additional diagnostic data in the View problem reports tool
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer. Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting. This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system. We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
@ -123,3 +147,4 @@ Go to **Start** and search for _Problem Reports_.
The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft. The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft.
![View problem reports tool with report statuses](images/control-panel-problem-reports-screen.png) ![View problem reports tool with report statuses](images/control-panel-problem-reports-screen.png)

BIN
windows/privacy/images/ddv-analytics.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
windows/privacy/images/ddv-event-view.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 337 KiB

BIN
windows/privacy/images/ddv-event-view.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 149 KiB

BIN
windows/privacy/images/ddv-problem-reports.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 105 KiB

After

Width:  |  Height:  |  Size: 108 KiB

148
windows/security/identity-protection/access-control/active-directory-security-groups.md
View File

@ -258,279 +258,286 @@ The following tables provide descriptions of the default groups that are located
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>[Device Owners](#bkmk-device-owners)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<td><p>[Distributed COM Users](#bkmk-distributedcomusers)</p></td> <td><p>[Distributed COM Users](#bkmk-distributedcomusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[DnsUpdateProxy](#bkmk-dnsupdateproxy)</p></td> <td><p>[DnsUpdateProxy](#bkmk-dnsupdateproxy)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[DnsAdmins](#bkmk-dnsadmins)</p></td> <td><p>[DnsAdmins](#bkmk-dnsadmins)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Domain Admins](#bkmk-domainadmins)</p></td> <td><p>[Domain Admins](#bkmk-domainadmins)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Domain Computers](#bkmk-domaincomputers)</p></td> <td><p>[Domain Computers](#bkmk-domaincomputers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Domain Controllers](#bkmk-domaincontrollers)</p></td> <td><p>[Domain Controllers](#bkmk-domaincontrollers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Domain Guests](#bkmk-domainguests)</p></td> <td><p>[Domain Guests](#bkmk-domainguests)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Domain Users](#bkmk-domainusers)</p></td> <td><p>[Domain Users](#bkmk-domainusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Enterprise Admins](#bkmk-entadmins)</p></td> <td><p>[Enterprise Admins](#bkmk-entadmins)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Enterprise Key Admins](#bkmk-enterprise-key-admins)</p></td> <td><p>[Enterprise Key Admins](#bkmk-enterprise-key-admins)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Enterprise Read-only Domain Controllers](#bkmk-entrodc)</p></td> <td><p>[Enterprise Read-only Domain Controllers](#bkmk-entrodc)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Event Log Readers](#bkmk-eventlogreaders)</p></td> <td><p>[Event Log Readers](#bkmk-eventlogreaders)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td> <td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Guests](#bkmk-guests)</p></td> <td><p>[Guests](#bkmk-guests)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td> <td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[IIS_IUSRS](#bkmk-iis-iusrs)</p></td> <td><p>[IIS_IUSRS](#bkmk-iis-iusrs)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)</p></td> <td><p>[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Key Admins](#key-admins)</p></td> <td><p>[Key Admins](#key-admins)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td> <td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Performance Log Users](#bkmk-perflogusers)</p></td> <td><p>[Performance Log Users](#bkmk-perflogusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td> <td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[PreWindows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td> <td><p>[PreWindows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Print Operators](#bkmk-printoperators)</p></td> <td><p>[Print Operators](#bkmk-printoperators)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Protected Users](#bkmk-protectedusers)</p></td> <td><p>[Protected Users](#bkmk-protectedusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td> <td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td> <td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td> <td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td> <td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td> <td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td> <td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td> <td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Replicator](#bkmk-replicator)</p></td> <td><p>[Replicator](#bkmk-replicator)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Schema Admins](#bkmk-schemaadmins)</p></td> <td><p>[Schema Admins](#bkmk-schemaadmins)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Server Operators](#bkmk-serveroperators)</p></td> <td><p>[Server Operators](#bkmk-serveroperators)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td> <td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td> <td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
<td><p></p></td> <td><p></p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td> <td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[Users](#bkmk-users)</p></td> <td><p>[Users](#bkmk-users)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="odd"> <tr class="even">
<td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td> <td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
</tr> </tr>
<tr class="even"> <tr class="odd">
<td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td> <td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td>
<td><p></p></td> <td><p></p></td>
<td><p>Yes</p></td> <td><p>Yes</p></td>
@ -1208,6 +1215,68 @@ This security group includes the following changes since Windows Server 2008:
</tbody> </tbody>
</table> </table>
### <a href="" id="bkmk-device-owners"></a>Device Owners
This group is not currently used in Windows.
Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group.
The Device Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Attribute</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-32-583</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
<td><p>CN=BuiltIn, DC=&lt;domain&gt;, DC=</p></td>
</tr>
<tr class="even">
<td><p>Default members</p></td>
<td><p>None</p></td>
</tr>
<tr class="odd">
<td><p>Default member of</p></td>
<td><p>None</p></td>
</tr>
<tr class="even">
<td><p>Protected by ADMINSDHOLDER?</p></td>
<td><p>No</p></td>
</tr>
<tr class="odd">
<td><p>Safe to move out of default container?</p></td>
<td><p>Can be moved out but it is not recommended</p></td>
</tr>
<tr class="even">
<td><p>Safe to delegate management of this group to non-Service admins?</p></td>
<td><p>No</p></td>
</tr>
<tr class="odd">
<td><p>Default User Rights</p></td>
<td><p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p>
<p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
<p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p>
<p>[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege</p>
</td>
</tr>
</tbody>
</table>
   
### <a href="" id="bkmk-distributedcomusers"></a>Distributed COM Users ### <a href="" id="bkmk-distributedcomusers"></a>Distributed COM Users
@ -3692,6 +3761,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
</tbody> </tbody>
</table> </table>
## See also ## See also
- [Security Principals](security-principals.md) - [Security Principals](security-principals.md)

1
windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
View File

@ -28,6 +28,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
[Azure AD joined provisioning in a Federated environment](#azure-ad-joined-provisioning-in-a-federated-environment)<br> [Azure AD joined provisioning in a Federated environment](#azure-ad-joined-provisioning-in-a-federated-environment)<br>
[Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment)<br> [Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment)<br>
[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-managed-environment)<br> [Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-managed-environment)<br>
[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-federated-environment)<br>
[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-managed-environment)<br> [Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-managed-environment)<br>
[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment)<br> [Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment)<br>
[Domain joined provisioning in an On-premises Key Trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment)<br> [Domain joined provisioning in an On-premises Key Trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment)<br>

2
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
View File

@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind
## Directory Synchronization ## ## Directory Synchronization ##
The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory. The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory.
Organizations using older directory synchronization technology, such as DirSync or Azure AD sync need to upgrade to Azure AD Connect Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema).
### Section Review ### Section Review
> [!div class="checklist"] > [!div class="checklist"]

1
windows/security/threat-protection/TOC.md
View File

@ -228,6 +228,7 @@
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) ####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md) ###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) ###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
###### [Onboard machines without Internet access](windows-defender-atp/onboard-offline-machines.md)
###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md) ###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md) ###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md) ###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)

20
windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
View File

@ -20,9 +20,9 @@ ms.date: 10/02/2018
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network. The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network.
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation. These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
Typical PUA behavior includes: Typical PUA behavior includes:
@ -37,25 +37,17 @@ These applications can increase the risk of your network being infected with mal
## How it works ## How it works
PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions: Windows Defender Antivirus blocks detected PUA files and attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantined.
- The file is being scanned from the browser When a PUA is detected on an endpoint, Windows Defender Antivirus presents a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:").
- The file is in a folder with "**downloads**" in the path
- The file is in a folder with "**temp**" in the path
- The file is on the user's desktop
- The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%*
The file is placed in the quarantine section so it won't run.
When a PUA is detected on an endpoint, the endpoint will present a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:").
They will also appear in the usual [quarantine list in the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). They will also appear in the usual [quarantine list in the Windows Security app](windows-defender-security-center-antivirus.md#detection-history).
## View PUA events ## View PUA events
PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune. PUA events are reported in the Windows Event Viewer, but not in System Center Configuration Manager or Intune.
Hoever, PUA detections will be reported if you have set up email notifications for detections. You can turn on email notifications for PUA detections.
See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160. See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160.

1
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -227,6 +227,7 @@
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md) ###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
##### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) ##### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
##### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) ##### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
##### [Onboard machines without Internet access](onboard-offline-machines.md)
##### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) ##### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
##### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md) ##### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) ##### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)

7
windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
View File

@ -19,12 +19,9 @@ ms.topic: article
# Add or Remove Machine Tags API # Add or Remove Machine Tags API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP) This API adds or remove tag to a specific machine.
[!include[Prerelease information](prerelease.md)]
- Adds or remove tag to a specific machine.
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

2
windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -20,8 +20,6 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Represents an alert entity in Windows Defender ATP. Represents an alert entity in Windows Defender ATP.
# Methods # Methods

6
windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md
View File

@ -14,18 +14,16 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Collect investigation package API # Collect investigation package API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Collect investigation package from a machine. Collect investigation package from a machine.
[!include[Machine actions note](machineactionsnote.md)]
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

2
windows/security/threat-protection/windows-defender-atp/configuration-score.md
View File

@ -21,7 +21,7 @@ ms.date: 04/11/2019
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<EFBFBD>information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
>[!NOTE] >[!NOTE]
> Secure score is now part of Threat & Vulnerability Management as Configuration score. Well keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page. > Secure score is now part of Threat & Vulnerability Management as Configuration score. Well keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page.

2
windows/security/threat-protection/windows-defender-atp/configure-and-manage-tvm.md
View File

@ -20,7 +20,7 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<EFBFBD>information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft System Center Configuration Manager (SCCM) for a seamless collaboration of issue remediation. This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft System Center Configuration Manager (SCCM) for a seamless collaboration of issue remediation.

2
windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md
View File

@ -23,7 +23,7 @@ ms.date: 02/28/2019
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<EFBFBD>information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
## Before you begin ## Before you begin
To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview. To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview.

8
windows/security/threat-protection/windows-defender-atp/create-alert-by-reference-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Create alert from event API # Create alert from event API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity. Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity.

3
windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
View File

@ -21,10 +21,9 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
>[!Note] >[!Note]
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information) > Currently this API is only supported for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
- Deletes an Indicator entity by ID. - Deletes an Indicator entity by ID.

5
windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
View File

@ -19,12 +19,11 @@ ms.date: 09/03/2018
# Use Windows Defender ATP APIs # Use Windows Defender ATP APIs
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) > Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user. This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.

4
windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
View File

@ -19,11 +19,11 @@ ms.date: 09/03/2018
# Create an app to access Windows Defender ATP without a user # Create an app to access Windows Defender ATP without a user
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) > Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
This page describes how to create an application to get programmatic access to Windows Defender ATP without a user. This page describes how to create an application to get programmatic access to Windows Defender ATP without a user.

2
windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
View File

@ -21,8 +21,6 @@ ms.date: 09/24/2018
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Full scenario using multiple APIs from Windows Defender ATP. Full scenario using multiple APIs from Windows Defender ATP.

9
windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
View File

@ -14,18 +14,17 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/15/2018
--- ---
# OData queries with Windows Defender ATP # OData queries with Windows Defender ATP
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
- If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
- Not all properties are filterable. If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
Not all properties are filterable.
### Properties that supports $filter: ### Properties that supports $filter:

1
windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
View File

@ -20,7 +20,6 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Represent a file entity in Windows Defender ATP. Represent a file entity in Windows Defender ATP.

5
windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection-new.md
View File

@ -19,11 +19,8 @@ ms.date: 07/25/2018
# Find machine information by internal IP API # Find machine information by internal IP API
[!include[Prerelease information](prerelease.md)]
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Find a machine by internal IP. Find a machine by internal IP.

9
windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
View File

@ -14,19 +14,16 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Find machines by internal IP API # Find machines by internal IP API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)] Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp
- Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp The given timestamp must be in the past 30 days.
- The given timestamp must be in the past 30 days.
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

5
windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get alert information by ID API # Get alert information by ID API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves an alert by its ID. Retrieves an alert by its ID.

4
windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get alert related domain information API # Get alert related domain information API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves all domains related to a specific alert. Retrieves all domains related to a specific alert.

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get alert related files information API # Get alert related files information API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves all files related to a specific alert. Retrieves all files related to a specific alert.

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get alert related IP information API # Get alert related IP information API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves all IPs related to a specific alert. Retrieves all IPs related to a specific alert.

8
windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md
View File

@ -14,17 +14,13 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get alert related machine information API # Get alert related machine information API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)] Retrieves machine that is related to a specific alert.
- Retrieves machine that is related to a specific alert.
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

5
windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get alert related user information API # Get alert related user information API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves the user associated to a specific alert. Retrieves the user associated to a specific alert.

13
windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -14,21 +14,20 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# List alerts API # List alerts API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)] Retrieves a collection of Alerts.
Supports [OData V4 queries](https://www.odata.org/documentation/).
- Retrieves a collection of Alerts. The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
- Supports [OData V4 queries](https://www.odata.org/documentation/).
- The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category". See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

10
windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -14,19 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get domain related alerts API # Get domain related alerts API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of alerts related to a given domain address. Retrieves a collection of alerts related to a given domain address.

5
windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get domain related machines API # Get domain related machines API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of machines that have communicated to or from a given domain address. Retrieves a collection of machines that have communicated to or from a given domain address.

6
windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection-new.md
View File

@ -14,15 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get domain statistics API # Get domain statistics API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves the prevalence for the given domain. Retrieves the prevalence for the given domain.

7
windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get file information API # Get file information API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Retrieves a file by identifier Sha1, Sha256, or MD5. Retrieves a file by identifier Sha1, Sha256, or MD5.

7
windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get file related alerts API # Get file related alerts API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of alerts related to a given file hash. Retrieves a collection of alerts related to a given file hash.

6
windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get file related machines API # Get file related machines API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
- Retrieves a collection of machines related to a given file hash. - Retrieves a collection of machines related to a given file hash.

10
windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection-new.md
View File

@ -14,19 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get file statistics API # Get file statistics API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Retrieves the prevalence for the given file. Retrieves the prevalence for the given file.

6
windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -14,15 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get IP related alerts API # Get IP related alerts API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of alerts related to a given IP address. Retrieves a collection of alerts related to a given IP address.

5
windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get IP related machines API # Get IP related machines API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of machines that communicated with or from a particular IP. Retrieves a collection of machines that communicated with or from a particular IP.

8
windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md
View File

@ -14,17 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get IP statistics API # Get IP statistics API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Retrieves the prevalence for the given IP. Retrieves the prevalence for the given IP.

8
windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
View File

@ -14,18 +14,14 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get machine by ID API # Get machine by ID API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP) Retrieves a machine entity by ID.
[!include[Prerelease information](prerelease.md)]
- Retrieves a machine entity by ID.
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

6
windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get machine log on users API # Get machine log on users API
[!include[Prerelease information](prerelease.md)]
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Retrieves a collection of logged on users. Retrieves a collection of logged on users.
## Permissions ## Permissions

6
windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get machine related alerts API # Get machine related alerts API
[!include[Prerelease information](prerelease.md)]
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
Retrieves a collection of alerts related to a given machine ID. Retrieves a collection of alerts related to a given machine ID.
## Permissions ## Permissions

8
windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md
View File

@ -14,18 +14,14 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get machineAction API # Get machineAction API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP) Get action performed on a machine.
[!include[Prerelease information](prerelease.md)]
- Get action performed on a machine.
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

14
windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md
View File

@ -14,21 +14,21 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# List MachineActions API # List MachineActions API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)] Gets collection of actions done on machines.
- Gets collection of actions done on machines. Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc". The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
## Permissions ## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md) One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)

7
windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -17,16 +17,17 @@ ms.topic: article
--- ---
# List machines API # List machines API
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
This API can do the following actions:
- Retrieves a collection of machines that have communicated with Windows Defender ATP cloud on the last 30 days. - Retrieves a collection of machines that have communicated with Windows Defender ATP cloud on the last 30 days.
- Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/). - Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
- The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId". - The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
## Permissions ## Permissions

1
windows/security/threat-protection/windows-defender-atp/get-machinesecuritystates-collection-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 10/07/2018
--- ---
# Get Machines security states collection API # Get Machines security states collection API

5
windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get package SAS URI API # Get package SAS URI API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md). Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md).

4
windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# List Indicators API # List Indicators API
@ -22,9 +21,8 @@ ms.date: 12/08/2017
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
>[!Note] >[!NOTE]
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information) > Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)

1
windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md
View File

@ -20,7 +20,6 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieve a User entity by key (user name). Retrieve a User entity by key (user name).

5
windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get user related alerts API # Get user related alerts API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of alerts related to a given user ID. Retrieves a collection of alerts related to a given user ID.

6
windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
View File

@ -14,15 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Get user related machines API # Get user related machines API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Retrieves a collection of machines related to a given user ID. Retrieves a collection of machines related to a given user ID.

1
windows/security/threat-protection/windows-defender-atp/improverequestperformance-new.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Improve request performance # Improve request performance

2
windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-config.md
View File

@ -21,8 +21,6 @@ ms.date: 12/05/2018
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Learn how you can use Windows Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin. Learn how you can use Windows Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin.
>[!TIP] >[!TIP]

1
windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 12/05/2018
--- ---
# Information protection in Windows overview # Information protection in Windows overview

6
windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md
View File

@ -14,15 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Was domain seen in org # Was domain seen in org
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Answers whether a domain was seen in the organization. Answers whether a domain was seen in the organization.

6
windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Was IP seen in org # Was IP seen in org
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prerelease information](prerelease.md)]
Answers whether an IP was seen in the organization. Answers whether an IP was seen in the organization.

5
windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Isolate machine API # Isolate machine API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Isolates a machine from accessing external network. Isolates a machine from accessing external network.

3
windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
View File

@ -16,11 +16,10 @@ audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
--- ---
# Validate licensing provisioning and complete set up for Windows Defender ATP # Validate licensing provisioning and complete set up for Windows Defender ATP
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

5
windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection.md
View File

@ -18,11 +18,8 @@ ms.topic: article
--- ---
# Machine health and compliance report in Windows Defender ATP # Machine health and compliance report in Windows Defender ATP
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
The machines status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions. The machines status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions.

4
windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
View File

@ -14,16 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# MachineAction resource type # MachineAction resource type
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Method|Return Type |Description Method|Return Type |Description
:---|:---|:--- :---|:---|:---
[List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities. [List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.

1
windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 09/03/2018
--- ---
# Manage Windows Defender Advanced Threat Protection alerts # Manage Windows Defender Advanced Threat Protection alerts

1
windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Manage automation file uploads # Manage automation file uploads

1
windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Manage automation folder exclusions # Manage automation folder exclusions

1
windows/security/threat-protection/windows-defender-atp/manage-edr.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/01/2018
--- ---
# Manage endpoint detection and response capabilities # Manage endpoint detection and response capabilities

4
windows/security/threat-protection/windows-defender-atp/manage-indicators.md
View File

@ -1,5 +1,5 @@
--- ---
title: Manage allowed/blocked lists title: Manage indicators
description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities. description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
--- ---
# Manage allowed/blocked lists # Manage indicators
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

3
windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md
View File

@ -15,14 +15,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Manage suppression rules # Manage suppression rules
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

1
windows/security/threat-protection/windows-defender-atp/management-apis.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/03/2018
--- ---
# Overview of management and APIs # Overview of management and APIs

2
windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-config.md
View File

@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
--- ---
# Configure Microsoft Cloud App Security in Windows # Configure Microsoft Cloud App Security in Windows Defender ATP
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

4
windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration.md
View File

@ -18,11 +18,11 @@ ms.topic: conceptual
ms.date: 10/18/2018 ms.date: 10/18/2018
--- ---
# Microsoft Cloud App Security in Windows overview # Microsoft Cloud App Security in Windows Defender ATP overview
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<EFBFBD>information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that gives visibility into cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. For more information, see [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security). Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that gives visibility into cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. For more information, see [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security).

2
windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md
View File

@ -22,7 +22,7 @@ ms.date: 02/28/2019
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<EFBFBD>information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments dont get missed. Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments dont get missed.

1
windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 10/29/2018
--- ---
# Managed security service provider support # Managed security service provider support

2
windows/security/threat-protection/windows-defender-atp/next-gen-threat-and-vuln-mgt.md
View File

@ -21,7 +21,7 @@ ms.topic: conceptual
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<EFBFBD>information](prerelease.md)] [!include[Prerelease information](prerelease.md)]
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrustructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience. Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrustructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.

2
windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
View File

@ -20,8 +20,6 @@ ms.topic: article
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Offboard machine from Windows Defender ATP. Offboard machine from Windows Defender ATP.
[!include[Machine actions note](machineactionsnote.md)] [!include[Machine actions note](machineactionsnote.md)]

1
windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 04/24/2018
--- ---
# Offboard machines from the Windows Defender ATP service # Offboard machines from the Windows Defender ATP service

1
windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 11/19/2018
--- ---
# Onboard machines to the Windows Defender ATP service # Onboard machines to the Windows Defender ATP service

53
windows/security/threat-protection/windows-defender-atp/onboard-offline-machines.md Normal file
View File

@ -0,0 +1,53 @@
---
title: Onboard machines without Internet access to Windows Defender ATP
description: Onboard machines without Internet access so that they can send sensor data to the Windows Defender ATP sensor
keywords: onboard, servers, vm, on-premise, oms gateway, log analytics, azure log analytics, mma
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Onboard machines without Internet access to Windows Defender ATP
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
To onboard machines without Internet access, you'll need to take the following general steps:
## On-premise machines
- Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
- [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
- [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints-windows-defender-advanced-threat-protection.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-windows-defender-atp) point to Microsoft Defender ATP Workspace key & ID
- Offline machines in the same network of Azure Log Analytics
- Configure MMA to point to:
- Azure Log Analytics IP as a proxy
- Microsoft Defender ATP workspace key & ID
## Azure virtual machines
- Configure and enable [Azure Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/platform/gateway)
- Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
- [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
- [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints-windows-defender-advanced-threat-protection.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-windows-defender-atp) point to Microsoft Defender ATP Workspace key & ID
- Offline Azure VMs in the same network of OMS Gateway
- Configure Azure Log Analytics IP as a proxy
- Azure Log Analytics Workspace Key & ID
- Azure Security Center (ASC)
- [Security Policy \> Log Analytics Workspace](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
- [Threat Detection \> Allow Windows Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
For more information, see [Working with security policies](https://docs.microsoft.com/azure/security-center/tutorial-security-policy).

1
windows/security/threat-protection/windows-defender-atp/onboard.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/03/2018
--- ---
# Configure and manage Windows Defender ATP capabilities # Configure and manage Windows Defender ATP capabilities

1
windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 02/21/2019
--- ---
# Overview of attack surface reduction # Overview of attack surface reduction

1
windows/security/threat-protection/windows-defender-atp/overview-custom-detections.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 10/29/2018
--- ---

1
windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/03/2018
--- ---
# Overview of endpoint detection and response # Overview of endpoint detection and response

1
windows/security/threat-protection/windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/12/2018
--- ---
# Overview of advanced hunting # Overview of advanced hunting

1
windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 09/03/2018
--- ---
# Overview of Secure score in Windows Defender Security Center # Overview of Secure score in Windows Defender Security Center

5
windows/security/threat-protection/windows-defender-atp/overview.md
View File

@ -1,7 +1,7 @@
--- ---
title: Overview of Windows Defender ATP title: Overview of Windows Defender ATP
description: description: Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform
keywords: keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
search.appverid: met150 search.appverid: met150
ms.prod: w10 ms.prod: w10
@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 11/20/2018
--- ---
# Overview of Windows Defender ATP capabilities # Overview of Windows Defender ATP capabilities

1
windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 04/24/2018
--- ---
# Windows Defender Advanced Threat Protection portal overview # Windows Defender Advanced Threat Protection portal overview

2
windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Submit or Update Indicator API # Submit or Update Indicator API
@ -22,7 +21,6 @@ ms.date: 12/08/2017
**Applies to:** **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
>[!Note] >[!Note]
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information) > Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)

1
windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md
View File

@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/26/2018
--- ---

1
windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# PowerShell code examples for the custom threat intelligence API # PowerShell code examples for the custom threat intelligence API

1
windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Configure Windows Defender Security Center settings # Configure Windows Defender Security Center settings

1
windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Turn on the preview experience in Windows Defender ATP # Turn on the preview experience in Windows Defender ATP

1
windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 04/24/2018
--- ---
# Python code examples for the custom threat intelligence API # Python code examples for the custom threat intelligence API

1
windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 05/08/2018
--- ---
# Manage portal access using role-based access control # Manage portal access using role-based access control

1
windows/security/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/28/2018
--- ---
# Take response actions on a machine # Take response actions on a machine

1
windows/security/threat-protection/windows-defender-atp/response-actions-windows-defender-advanced-threat-protection.md
View File

@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 11/12/2017
--- ---
# Take response actions in Windows Defender ATP # Take response actions in Windows Defender ATP

5
windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md
View File

@ -14,14 +14,11 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/08/2017
--- ---
# Restrict app execution API # Restrict app execution API
**Applies to:** **Applies to:**
- Windows Defender Advanced Threat Protection (Windows Defender ATP) - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information) Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information)

6
windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
View File

@ -14,14 +14,12 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 09/03/2018
--- ---
# Advanced hunting API # Advanced hunting API
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) **Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting). This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting).

Some files were not shown because too many files have changed in this diff Show More