From 26b785174460fe100b5a1d5a6c21585c4232ddc2 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 14:27:15 -0600 Subject: [PATCH 1/7] New Note added from #5469 --- .../threat-protection/microsoft-defender-atp/live-response.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 151cc9a4d1..1493afdbfe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,6 +50,10 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. + + > [!ÏMPORTNAT] + > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
From 42cc42f33a6ef5c5b13e5d1562b6ff8600f2a4f9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Dec 2019 12:54:03 -0800 Subject: [PATCH 2/7] Update live-response.md --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 1493afdbfe..afa98aa766 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -51,7 +51,7 @@ You'll need to enable the live response capability in the [Advanced features set >Allowing the use of unsigned scripts may increase your exposure to threats. - > [!ÏMPORTNAT] + > [!ÏMPORTANT] > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From a271cb85322b4eae59e96fd33cd68d5e3d8b3f82 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 15:30:16 -0600 Subject: [PATCH 3/7] Suggestion taken --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 1493afdbfe..3c64fbaaa4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -52,7 +52,7 @@ You'll need to enable the live response capability in the [Advanced features set > [!ÏMPORTNAT] - > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From b0566d36e499f118cd7a71e85598c26cea5b9fbe Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 15:33:11 -0600 Subject: [PATCH 4/7] Suggestion taken --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index afa98aa766..2c8fd39528 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -52,7 +52,7 @@ You'll need to enable the live response capability in the [Advanced features set > [!ÏMPORTANT] - > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From 28b3ebaddf6cdc56fa11c932a9233cac2e174d1a Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 5 Dec 2019 10:31:52 -0600 Subject: [PATCH 5/7] Update windows/security/threat-protection/microsoft-defender-atp/live-response.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/live-response.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 2c8fd39528..0b762a0b99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -51,7 +51,7 @@ You'll need to enable the live response capability in the [Advanced features set >Allowing the use of unsigned scripts may increase your exposure to threats. - > [!ÏMPORTANT] + > [!IMPORTANT] > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. @@ -254,4 +254,3 @@ Each command is tracked with full details such as: - From fc38997abb47008adc8084687c6decfdba596d14 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 13 Dec 2019 21:19:07 -0600 Subject: [PATCH 6/7] Moved note --- .../microsoft-defender-atp/live-response.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 2c8fd39528..e55674234c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,10 +50,6 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. - - > [!ÏMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. - Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
@@ -61,6 +57,9 @@ You'll need to enable the live response capability in the [Advanced features set Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. + > [!IMPORTANT] + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + ## Live response dashboard overview When you initiate a live response session on a machine, a dashboard opens. The dashboard provides information about the session such as: From 98f5095e45b56eccc466f807ef1306aa1c175aa2 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 13 Dec 2019 21:44:41 -0600 Subject: [PATCH 7/7] Update --- .../microsoft-defender-atp/live-response.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 0b762a0b99..3003c707b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,15 +50,14 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. - - > [!IMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. - Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md). + > [!IMPORTANT] + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. ## Live response dashboard overview