mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 14:27:22 +00:00
Merge remote-tracking branch 'upstream/master' into Issue#3010
This commit is contained in:
Jose Ortega
commit
d7cd014fad
@ -360,9 +360,9 @@ You can turn on or turn off System Center diagnostic data gathering. The default
|
||||
|
||||
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
|
||||
|
||||
### Configure the operating system diagnostic data level
|
||||
## Configure the operating system diagnostic data level
|
||||
|
||||
You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
|
||||
You can configure your operating system diagnostic data settings using the management tools you’re already using, such as **Group Policy, MDM, or Windows Provisioning.** You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
|
||||
|
||||
Use the appropriate value in the table below when you configure the management policy.
|
||||
|
||||
@ -392,7 +392,7 @@ Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com
|
||||
|
||||
### Use Registry Editor to set the diagnostic data level
|
||||
|
||||
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
|
||||
Use Registry Editor to manually set the registry level on the devices in your organization, or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, the policy will replace the manually set registry level.
|
||||
|
||||
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
|
||||
|
||||
|
||||
@ -21,17 +21,17 @@ ms.date: 01/17/2018
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1809
|
||||
- Windows 10, version 1803
|
||||
- Windows 10, version 1803
|
||||
|
||||
## Introduction
|
||||
The Diagnostic Data Viewer is a Windows app that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
|
||||
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
|
||||
|
||||
## Install and Use the Diagnostic Data Viewer
|
||||
|
||||
You must turn on data viewing and download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
|
||||
You must download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
|
||||
|
||||
### Turn on data viewing
|
||||
Before you can use this tool, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device.
|
||||
Before you can use this tool for viewing Windows diagnostic data, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Note that this setting does not affect your Office data viewing or history.
|
||||
|
||||
**To turn on data viewing**
|
||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||
@ -44,7 +44,7 @@ Before you can use this tool, you must turn on data viewing in the **Settings**
|
||||
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
|
||||
|
||||
### Start the Diagnostic Data Viewer
|
||||
You must start this app from the **Settings** panel.
|
||||
You can start this app from the **Settings** panel.
|
||||
|
||||
**To start the Diagnostic Data Viewer**
|
||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||
@ -58,29 +58,25 @@ You must start this app from the **Settings** panel.
|
||||
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
|
||||
|
||||
>[!Important]
|
||||
>Turning on data viewing can use up to 1GB of disk space on your system drive. We strongly recommend that your turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
|
||||
>Turning on data viewing can use up to 1GB (by default) of disk space on your system drive. We strongly recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
|
||||
|
||||
### Use the Diagnostic Data Viewer
|
||||
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
|
||||
|
||||
- **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
|
||||
- **View your Windows diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
|
||||
|
||||
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
|
||||
|
||||
>[!Important]
|
||||
>Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.
|
||||
|
||||
|
||||
|
||||
|
||||
- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
|
||||
|
||||
Selecting an event opens the detailed JSON view, with the matching text highlighted.
|
||||
|
||||
- **Filter your diagnostic event categories.** The apps Menu button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft.
|
||||
|
||||
Selecting a check box lets you filter between the diagnostic event categories.
|
||||
|
||||
|
||||
- **Filter your diagnostic event categories.** The app's **Menu** button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft. Selecting a check box lets you filter between the diagnostic event categories.
|
||||
|
||||
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If you’re a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
|
||||
|
||||
@ -93,8 +89,20 @@ The Diagnostic Data Viewer provides you with the following features to view and
|
||||
>[!Important]
|
||||
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
|
||||
|
||||
- **View a summary of the data you've shared with us over time.** Available for users on build 19H1+, 'About my data' in Diagnostic Data Viewer lets you see an overview of the Windows data you've shared with Microsoft.
|
||||
|
||||
Through this feature, you can checkout how much data you send on average each day, the breakdown of your data by category, the top components and services that have sent data, and more.
|
||||
|
||||
>[!Important]
|
||||
>This content is a reflection of the history of Windows data the app has stored. If you'd like to have extended analyses, please modify the storage capacity of Diagnostic Data Viewer.
|
||||
|
||||
|
||||
|
||||
## View Office Diagnostic Data
|
||||
By default, Diagnostic Data Viewer shows you Windows data. You can also view Office diagnostic data by enabling the feature in the app settings page. To learn more about how to view Office diagnostic data, please visit this [page](https://go.microsoft.com/fwlink/?linkid=2023830).
|
||||
|
||||
## Turn off data viewing
|
||||
When you're done reviewing your diagnostic data, you should turn of data viewing.
|
||||
When you're done reviewing your diagnostic data, you should turn of data viewing. This will also remove your Windows data history. Note that this setting does not affect your Office data viewing or history.
|
||||
|
||||
**To turn off data viewing**
|
||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||
@ -103,8 +111,24 @@ When you're done reviewing your diagnostic data, you should turn of data viewing
|
||||
|
||||
|
||||
|
||||
## Modifying the size of your data history
|
||||
By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
|
||||
|
||||
>[!Important]
|
||||
>Note that if you have [Office diagnostic data viewing enabled](#view-office-diagnostic-data), the Office data history is fixed at 1 GB and cannot be modified.
|
||||
|
||||
**Modify the size of your data history**
|
||||
|
||||
To make changes to the size of your Windows diagnostic data history, visit the **app settings**, located at the bottom of the navigation menu. Data will be incrementally dropped with the oldest data points first once your chosen size or time limit is reached.
|
||||
|
||||
>[!Important]
|
||||
>Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
|
||||
|
||||
|
||||
|
||||
## View additional diagnostic data in the View problem reports tool
|
||||
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
|
||||
|
||||
This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
|
||||
We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
|
||||
|
||||
@ -123,3 +147,4 @@ Go to **Start** and search for _Problem Reports_.
|
||||
The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft.
|
||||
|
||||
|
||||
|
||||
|
||||
BIN
windows/privacy/images/ddv-analytics.png
Normal file
BIN
windows/privacy/images/ddv-analytics.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 53 KiB |
BIN
windows/privacy/images/ddv-event-view.jpg
Normal file
BIN
windows/privacy/images/ddv-event-view.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 337 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 149 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 105 KiB After Width: | Height: | Size: 108 KiB |
@ -258,279 +258,286 @@ The following tables provide descriptions of the default groups that are located
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td><p>[Device Owners](#bkmk-device-owners)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td><p>[Distributed COM Users](#bkmk-distributedcomusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[DnsUpdateProxy](#bkmk-dnsupdateproxy)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[DnsAdmins](#bkmk-dnsadmins)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Domain Admins](#bkmk-domainadmins)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Domain Computers](#bkmk-domaincomputers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Domain Controllers](#bkmk-domaincontrollers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Domain Guests](#bkmk-domainguests)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Domain Users](#bkmk-domainusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Enterprise Admins](#bkmk-entadmins)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Enterprise Key Admins](#bkmk-enterprise-key-admins)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Enterprise Read-only Domain Controllers](#bkmk-entrodc)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Event Log Readers](#bkmk-eventlogreaders)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Guests](#bkmk-guests)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[IIS_IUSRS](#bkmk-iis-iusrs)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Key Admins](#key-admins)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Performance Log Users](#bkmk-perflogusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Print Operators](#bkmk-printoperators)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Protected Users](#bkmk-protectedusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Replicator](#bkmk-replicator)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Schema Admins](#bkmk-schemaadmins)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Server Operators](#bkmk-serveroperators)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
<td><p></p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[Users](#bkmk-users)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<tr class="even">
|
||||
<td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
<td><p>Yes</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<tr class="odd">
|
||||
<td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td>
|
||||
<td><p></p></td>
|
||||
<td><p>Yes</p></td>
|
||||
@ -1208,6 +1215,68 @@ This security group includes the following changes since Windows Server 2008:
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
### <a href="" id="bkmk-device-owners"></a>Device Owners
|
||||
This group is not currently used in Windows.
|
||||
|
||||
Microsoft does not recommend changing the default configuration where this security group has zero members. Changing the default configuration could hinder future scenarios that rely on this group.
|
||||
|
||||
The Device Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
|
||||
|
||||
<table>
|
||||
<colgroup>
|
||||
<col width="50%" />
|
||||
<col width="50%" />
|
||||
</colgroup>
|
||||
<thead>
|
||||
<tr class="header">
|
||||
<th>Attribute</th>
|
||||
<th>Value</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr class="odd">
|
||||
<td><p>Well-Known SID/RID</p></td>
|
||||
<td><p>S-1-5-32-583</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td><p>Type</p></td>
|
||||
<td><p>BuiltIn Local</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td><p>Default container</p></td>
|
||||
<td><p>CN=BuiltIn, DC=<domain>, DC=</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td><p>Default members</p></td>
|
||||
<td><p>None</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td><p>Default member of</p></td>
|
||||
<td><p>None</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td><p>Protected by ADMINSDHOLDER?</p></td>
|
||||
<td><p>No</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td><p>Safe to move out of default container?</p></td>
|
||||
<td><p>Can be moved out but it is not recommended</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td><p>Safe to delegate management of this group to non-Service admins?</p></td>
|
||||
<td><p>No</p></td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td><p>Default User Rights</p></td>
|
||||
<td><p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p>
|
||||
<p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
|
||||
<p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p>
|
||||
<p>[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
|
||||
|
||||
### <a href="" id="bkmk-distributedcomusers"></a>Distributed COM Users
|
||||
@ -3692,6 +3761,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
|
||||
## See also
|
||||
|
||||
- [Security Principals](security-principals.md)
|
||||
|
||||
@ -28,6 +28,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
|
||||
[Azure AD joined provisioning in a Federated environment](#azure-ad-joined-provisioning-in-a-federated-environment)<br>
|
||||
[Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment)<br>
|
||||
[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-managed-environment)<br>
|
||||
[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-federated-environment)<br>
|
||||
[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-managed-environment)<br>
|
||||
[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment)<br>
|
||||
[Domain joined provisioning in an On-premises Key Trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment)<br>
|
||||
|
||||
@ -71,7 +71,7 @@ The minimum required enterprise certificate authority that can be used with Wind
|
||||
## Directory Synchronization ##
|
||||
The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory.
|
||||
|
||||
Organizations using older directory synchronization technology, such as DirSync or Azure AD sync need to upgrade to Azure AD Connect
|
||||
Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema).
|
||||
|
||||
### Section Review
|
||||
> [!div class="checklist"]
|
||||
|
||||
@ -228,6 +228,7 @@
|
||||
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||
###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
###### [Onboard machines without Internet access](windows-defender-atp/onboard-offline-machines.md)
|
||||
###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
|
||||
###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
|
||||
###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -20,9 +20,9 @@ ms.date: 10/02/2018
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can identify and block PUAs from downloading and installing on endpoints in your network.
|
||||
The potentially unwanted application (PUA) protection feature in Windows Defender Antivirus can detect and block PUAs on endpoints in your network.
|
||||
|
||||
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have a poor reputation.
|
||||
These applications are not considered viruses, malware, or other types of threats, but might perform actions on endpoints that adversely affect their performance or use. PUA can also refer to applications that are considered to have poor reputation.
|
||||
|
||||
Typical PUA behavior includes:
|
||||
|
||||
@ -37,25 +37,17 @@ These applications can increase the risk of your network being infected with mal
|
||||
|
||||
## How it works
|
||||
|
||||
PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
|
||||
Windows Defender Antivirus blocks detected PUA files and attempts to download, move, run, or install them. Blocked PUA files are then moved to quarantined.
|
||||
|
||||
- The file is being scanned from the browser
|
||||
- The file is in a folder with "**downloads**" in the path
|
||||
- The file is in a folder with "**temp**" in the path
|
||||
- The file is on the user's desktop
|
||||
- The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%*
|
||||
|
||||
The file is placed in the quarantine section so it won't run.
|
||||
|
||||
When a PUA is detected on an endpoint, the endpoint will present a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:").
|
||||
When a PUA is detected on an endpoint, Windows Defender Antivirus presents a notification to the user ([unless notifications have been disabled](configure-notifications-windows-defender-antivirus.md)) in the same format as normal threat detections (prefaced with "PUA:").
|
||||
|
||||
They will also appear in the usual [quarantine list in the Windows Security app](windows-defender-security-center-antivirus.md#detection-history).
|
||||
|
||||
## View PUA events
|
||||
|
||||
PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune.
|
||||
PUA events are reported in the Windows Event Viewer, but not in System Center Configuration Manager or Intune.
|
||||
|
||||
Hoever, PUA detections will be reported if you have set up email notifications for detections.
|
||||
You can turn on email notifications for PUA detections.
|
||||
|
||||
See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160.
|
||||
|
||||
|
||||
@ -227,6 +227,7 @@
|
||||
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||
##### [Onboard machines without Internet access](onboard-offline-machines.md)
|
||||
##### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
|
||||
##### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
|
||||
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -19,12 +19,9 @@ ms.topic: article
|
||||
# Add or Remove Machine Tags API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
- Adds or remove tag to a specific machine.
|
||||
This API adds or remove tag to a specific machine.
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -20,8 +20,6 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Represents an alert entity in Windows Defender ATP.
|
||||
|
||||
# Methods
|
||||
|
||||
@ -14,18 +14,16 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
|
||||
---
|
||||
|
||||
# Collect investigation package API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Collect investigation package from a machine.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -21,7 +21,7 @@ ms.date: 04/11/2019
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
>[!NOTE]
|
||||
> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page.
|
||||
|
||||
@ -20,7 +20,7 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft System Center Configuration Manager (SCCM) for a seamless collaboration of issue remediation.
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ ms.date: 02/28/2019
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
## Before you begin
|
||||
To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview.
|
||||
|
||||
@ -14,16 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
|
||||
---
|
||||
|
||||
# Create alert from event API
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity.
|
||||
|
||||
@ -21,10 +21,9 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
>[!Note]
|
||||
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
||||
> Currently this API is only supported for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
||||
|
||||
|
||||
- Deletes an Indicator entity by ID.
|
||||
|
||||
@ -19,12 +19,11 @@ ms.date: 09/03/2018
|
||||
|
||||
# Use Windows Defender ATP APIs
|
||||
|
||||
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
|
||||
|
||||
|
||||
@ -19,11 +19,11 @@ ms.date: 09/03/2018
|
||||
|
||||
# Create an app to access Windows Defender ATP without a user
|
||||
|
||||
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
This page describes how to create an application to get programmatic access to Windows Defender ATP without a user.
|
||||
|
||||
|
||||
@ -21,8 +21,6 @@ ms.date: 09/24/2018
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
Full scenario using multiple APIs from Windows Defender ATP.
|
||||
|
||||
|
||||
@ -14,18 +14,17 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 11/15/2018
|
||||
---
|
||||
|
||||
# OData queries with Windows Defender ATP
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
- If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
|
||||
|
||||
- Not all properties are filterable.
|
||||
If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
|
||||
|
||||
Not all properties are filterable.
|
||||
|
||||
### Properties that supports $filter:
|
||||
|
||||
|
||||
@ -20,7 +20,6 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Represent a file entity in Windows Defender ATP.
|
||||
|
||||
|
||||
@ -19,11 +19,8 @@ ms.date: 07/25/2018
|
||||
|
||||
# Find machine information by internal IP API
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Find a machine by internal IP.
|
||||
|
||||
@ -14,19 +14,16 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Find machines by internal IP API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp
|
||||
|
||||
- Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp
|
||||
- The given timestamp must be in the past 30 days.
|
||||
The given timestamp must be in the past 30 days.
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert information by ID API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves an alert by its ID.
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related domain information API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Retrieves all domains related to a specific alert.
|
||||
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related files information API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves all files related to a specific alert.
|
||||
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related IP information API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Retrieves all IPs related to a specific alert.
|
||||
|
||||
@ -14,17 +14,13 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related machine information API
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
- Retrieves machine that is related to a specific alert.
|
||||
Retrieves machine that is related to a specific alert.
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get alert related user information API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Retrieves the user associated to a specific alert.
|
||||
|
||||
@ -14,21 +14,20 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# List alerts API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
Retrieves a collection of Alerts.
|
||||
|
||||
Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||
|
||||
- Retrieves a collection of Alerts.
|
||||
- Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||
- The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
|
||||
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
|
||||
|
||||
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -14,19 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get domain related alerts API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves a collection of alerts related to a given domain address.
|
||||
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get domain related machines API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves a collection of machines that have communicated to or from a given domain address.
|
||||
|
||||
|
||||
@ -14,15 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get domain statistics API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves the prevalence for the given domain.
|
||||
|
||||
|
||||
@ -14,16 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file information API
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves a file by identifier Sha1, Sha256, or MD5.
|
||||
|
||||
|
||||
@ -14,16 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file related alerts API
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Retrieves a collection of alerts related to a given file hash.
|
||||
|
||||
@ -14,16 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file related machines API
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Retrieves a collection of machines related to a given file hash.
|
||||
|
||||
|
||||
@ -14,19 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get file statistics API
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves the prevalence for the given file.
|
||||
|
||||
|
||||
@ -14,15 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get IP related alerts API
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves a collection of alerts related to a given IP address.
|
||||
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get IP related machines API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
Retrieves a collection of machines that communicated with or from a particular IP.
|
||||
|
||||
@ -14,17 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get IP statistics API
|
||||
**Applies to:**
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves the prevalence for the given IP.
|
||||
|
||||
|
||||
@ -14,18 +14,14 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machine by ID API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
- Retrieves a machine entity by ID.
|
||||
Retrieves a machine entity by ID.
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -14,16 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machine log on users API
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
Retrieves a collection of logged on users.
|
||||
|
||||
## Permissions
|
||||
|
||||
@ -14,16 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machine related alerts API
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
Retrieves a collection of alerts related to a given machine ID.
|
||||
|
||||
## Permissions
|
||||
|
||||
@ -14,18 +14,14 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get machineAction API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
- Get action performed on a machine.
|
||||
Get action performed on a machine.
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -14,21 +14,21 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# List MachineActions API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
Gets collection of actions done on machines.
|
||||
|
||||
- Gets collection of actions done on machines.
|
||||
- Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||
- The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
|
||||
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
Get MachineAction collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||
|
||||
The OData's Filter query is supported on: "Id", "Status", "MachineId", "Type", "Requestor" and "CreationDateTimeUtc".
|
||||
|
||||
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
|
||||
## Permissions
|
||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||
|
||||
@ -17,16 +17,17 @@ ms.topic: article
|
||||
---
|
||||
|
||||
# List machines API
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
This API can do the following actions:
|
||||
|
||||
- Retrieves a collection of machines that have communicated with Windows Defender ATP cloud on the last 30 days.
|
||||
- Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||
- The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
|
||||
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
|
||||
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||
|
||||
## Permissions
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 10/07/2018
|
||||
---
|
||||
|
||||
# Get Machines security states collection API
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get package SAS URI API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Get a URI that allows downloading of an [investigation package](collect-investigation-package-windows-defender-advanced-threat-protection-new.md).
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# List Indicators API
|
||||
@ -22,9 +21,8 @@ ms.date: 12/08/2017
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
>[!Note]
|
||||
>[!NOTE]
|
||||
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
||||
|
||||
|
||||
|
||||
@ -20,7 +20,6 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Retrieve a User entity by key (user name).
|
||||
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get user related alerts API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves a collection of alerts related to a given user ID.
|
||||
|
||||
|
||||
@ -14,15 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Get user related machines API
|
||||
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Retrieves a collection of machines related to a given user ID.
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Improve request performance
|
||||
|
||||
@ -21,8 +21,6 @@ ms.date: 12/05/2018
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Learn how you can use Windows Defender ATP to expand the coverage of Windows Information Protection (WIP) to protect files based on their label, regardless of their origin.
|
||||
|
||||
>[!TIP]
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 12/05/2018
|
||||
---
|
||||
|
||||
# Information protection in Windows overview
|
||||
|
||||
@ -14,15 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Was domain seen in org
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Answers whether a domain was seen in the organization.
|
||||
|
||||
|
||||
@ -14,16 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Was IP seen in org
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Answers whether an IP was seen in the organization.
|
||||
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Isolate machine API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Isolates a machine from accessing external network.
|
||||
|
||||
|
||||
@ -16,11 +16,10 @@ audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Validate licensing provisioning and complete set up for Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
|
||||
@ -18,11 +18,8 @@ ms.topic: article
|
||||
---
|
||||
|
||||
# Machine health and compliance report in Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
The machines status report provides high-level information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, and Windows 10 versions.
|
||||
|
||||
|
||||
@ -14,16 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# MachineAction resource type
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Method|Return Type |Description
|
||||
:---|:---|:---
|
||||
[List MachineActions](get-machineactions-collection-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | List [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) entities.
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Manage Windows Defender Advanced Threat Protection alerts
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage automation file uploads
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage automation folder exclusions
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 07/01/2018
|
||||
---
|
||||
|
||||
# Manage endpoint detection and response capabilities
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Manage allowed/blocked lists
|
||||
title: Manage indicators
|
||||
description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
|
||||
keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Manage allowed/blocked lists
|
||||
# Manage indicators
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
@ -15,14 +15,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage suppression rules
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Overview of management and APIs
|
||||
|
||||
@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Configure Microsoft Cloud App Security in Windows
|
||||
# Configure Microsoft Cloud App Security in Windows Defender ATP
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
@ -18,11 +18,11 @@ ms.topic: conceptual
|
||||
ms.date: 10/18/2018
|
||||
---
|
||||
|
||||
# Microsoft Cloud App Security in Windows overview
|
||||
# Microsoft Cloud App Security in Windows Defender ATP overview
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Microsoft Cloud App Security (Cloud App Security) is a comprehensive solution that gives visibility into cloud apps and services by allowing you to control and limit access to cloud apps, while enforcing compliance requirements on data stored in the cloud. For more information, see [Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security).
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ ms.date: 02/28/2019
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed.
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 10/29/2018
|
||||
---
|
||||
|
||||
# Managed security service provider support
|
||||
|
||||
@ -21,7 +21,7 @@ ms.topic: conceptual
|
||||
**Applies to:**
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Effectively identifying, assessing, and remediating endpoint weaknesses is pivotal in running a healthy security program and reducing organizational risk. Threat & Vulnerability Management serves as an infrustructure for reducing organizational exposure, hardening endpoint surface area, and increasing organizational resilience.
|
||||
|
||||
|
||||
@ -20,8 +20,6 @@ ms.topic: article
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
Offboard machine from Windows Defender ATP.
|
||||
|
||||
[!include[Machine actions note](machineactionsnote.md)]
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Offboard machines from the Windows Defender ATP service
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 11/19/2018
|
||||
---
|
||||
|
||||
# Onboard machines to the Windows Defender ATP service
|
||||
|
||||
@ -0,0 +1,53 @@
|
||||
---
|
||||
title: Onboard machines without Internet access to Windows Defender ATP
|
||||
description: Onboard machines without Internet access so that they can send sensor data to the Windows Defender ATP sensor
|
||||
keywords: onboard, servers, vm, on-premise, oms gateway, log analytics, azure log analytics, mma
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Onboard machines without Internet access to Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
To onboard machines without Internet access, you'll need to take the following general steps:
|
||||
|
||||
|
||||
## On-premise machines
|
||||
|
||||
- Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
|
||||
- [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
|
||||
- [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints-windows-defender-advanced-threat-protection.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-windows-defender-atp) point to Microsoft Defender ATP Workspace key & ID
|
||||
|
||||
- Offline machines in the same network of Azure Log Analytics
|
||||
- Configure MMA to point to:
|
||||
- Azure Log Analytics IP as a proxy
|
||||
- Microsoft Defender ATP workspace key & ID
|
||||
|
||||
## Azure virtual machines
|
||||
- Configure and enable [Azure Log Analytics workspace](https://docs.microsoft.com/azure/azure-monitor/platform/gateway)
|
||||
|
||||
- Setup Azure Log Analytics (formerly known as OMS Gateway) to act as proxy or hub:
|
||||
- [Azure Log Analytics Agent](https://docs.microsoft.com/azure/azure-monitor/platform/gateway#download-the-log-analytics-gateway)
|
||||
- [Install and configure Microsoft Monitoring Agent (MMA)](configure-server-endpoints-windows-defender-advanced-threat-protection.md#install-and-configure-microsoft-monitoring-agent-mma-to-report-sensor-data-to-windows-defender-atp) point to Microsoft Defender ATP Workspace key & ID
|
||||
- Offline Azure VMs in the same network of OMS Gateway
|
||||
- Configure Azure Log Analytics IP as a proxy
|
||||
- Azure Log Analytics Workspace Key & ID
|
||||
|
||||
- Azure Security Center (ASC)
|
||||
- [Security Policy \> Log Analytics Workspace](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
|
||||
- [Threat Detection \> Allow Windows Defender ATP to access my data](https://docs.microsoft.com/azure/security-center/security-center-wdatp#enable-windows-defender-atp-integration)
|
||||
|
||||
For more information, see [Working with security policies](https://docs.microsoft.com/azure/security-center/tutorial-security-policy).
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Configure and manage Windows Defender ATP capabilities
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 02/21/2019
|
||||
---
|
||||
|
||||
# Overview of attack surface reduction
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 10/29/2018
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Overview of endpoint detection and response
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/12/2018
|
||||
---
|
||||
|
||||
# Overview of advanced hunting
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Overview of Secure score in Windows Defender Security Center
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Overview of Windows Defender ATP
|
||||
description:
|
||||
keywords:
|
||||
description: Understand the concepts behind the capabilities in Windows Defender ATP so you take full advantage of the complete threat protection platform
|
||||
keywords: atp, microsoft defender atp, defender, mdatp, threat protection, platform, threat, vulnerability, asr, attack, surface, reduction, next-gen, protection, edr, endpoint, detection, response, automated, air
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 11/20/2018
|
||||
---
|
||||
|
||||
# Overview of Windows Defender ATP capabilities
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Windows Defender Advanced Threat Protection portal overview
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Submit or Update Indicator API
|
||||
@ -22,7 +21,6 @@ ms.date: 12/08/2017
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
>[!Note]
|
||||
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 11/26/2018
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# PowerShell code examples for the custom threat intelligence API
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Configure Windows Defender Security Center settings
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Turn on the preview experience in Windows Defender ATP
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Python code examples for the custom threat intelligence API
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 05/08/2018
|
||||
---
|
||||
|
||||
# Manage portal access using role-based access control
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 11/28/2018
|
||||
---
|
||||
|
||||
# Take response actions on a machine
|
||||
|
||||
@ -15,7 +15,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 11/12/2017
|
||||
---
|
||||
|
||||
# Take response actions in Windows Defender ATP
|
||||
|
||||
@ -14,14 +14,11 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 12/08/2017
|
||||
---
|
||||
|
||||
# Restrict app execution API
|
||||
**Applies to:**
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
Restrict execution of all applications on the machine except a predefined set (see [Response machine alerts](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information)
|
||||
|
||||
|
||||
@ -14,14 +14,12 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 09/03/2018
|
||||
---
|
||||
|
||||
# Advanced hunting API
|
||||
|
||||
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
**Applies to:**
|
||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting).
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user