diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 077c749617..c0bc2bebbc 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -98,4 +98,4 @@ When you enable this feature, you'll be able to share Windows Defender ATP devic - [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Configure automation notifications](configure-automation-notifications-windows-defender-advanced-threat-protection.md) - [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) +- [Enable Secure Score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-automation-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-automation-notifications-windows-defender-advanced-threat-protection.md index 37de07ab6d..5daa2ec50f 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-automation-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-automation-notifications-windows-defender-advanced-threat-protection.md @@ -65,5 +65,5 @@ You can configure Windows Defender ATP to send automation notifications to speci - [Update data retention settings](general-settings-windows-defender-advanced-threat-protection.md) - [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) +- [Enable Secure Score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) - [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index e0a562fe4b..7532bcb577 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -77,5 +77,5 @@ This section lists various issues that you may encounter when using email notifi - [Update data retention settings](general-settings-windows-defender-advanced-threat-protection.md) - [Configure automation notifications](configure-automation-notifications-windows-defender-advanced-threat-protection.md) - [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) +- [Enable Secure Score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) - [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index a53e331a88..071b3bf438 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -135,11 +135,14 @@ To offboard the server, you can use either of the following methods: #### Run a PowerShell command to remove the configuration -1. Get your workspace ID by going to **Endpoint management** > **Servers**: - - ![Image of server onboarding](images/atp-server-onboarding-workspaceid.png) +1. Get your Workspace ID: + a. In the navigation pane, select **Settings** > **Machine management** > **Onboarding**. -2. Open an elevated PowerShell and run the following command. Use the workspace ID you obtained and replacing `WorkspaceID`: + b. Select Windows server 2012, 2012R2 and 2016 as the operating system and get your Workspace ID: + + ![Image of server onboarding](images/atp-server-offboarding-workspaceid.png) + +2. Open an elevated PowerShell and run the following command. Use the Workspace ID you obtained and replacing `WorkspaceID`: ``` # Load agent scripting object diff --git a/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md index d1043aff2b..6c10661f38 100644 --- a/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/dashboard-windows-defender-advanced-threat-protection.md @@ -155,6 +155,6 @@ For more information on the service health, see [Check the Windows Defender ATP ## Related topics - [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) - [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) -- [View the Secure score dashboard and improve your secure score](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) +- [View the Secure Score dashboard and improve your secure score](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) - [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md index b114f55057..0b09bb3ced 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- title: Enable Secure score in Windows Defender ATP -description: Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard. +description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -13,7 +13,7 @@ ms.localizationpriority: high ms.date: 04/16/2018 --- -# Enable Secure score security controls +# Enable Secure Score security controls **Applies to:** @@ -25,21 +25,21 @@ ms.date: 04/16/2018 [!include[Prerelease information](prerelease.md)] -Set the baselines for calculating the score of Windows Defender security controls on the Secure score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations. +Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations. >[!NOTE] >Changes might take up to a few hours to reflect on the dashboard. -1. In the navigation pane, select **Settings** > **General** > **Secure score**. +1. In the navigation pane, select **Settings** > **General** > **Secure Score**. - ![Image of Secure score controls from Preferences setup menu](images/atp-enable-security-analytics.png) + ![Image of Secure Score controls from Preferences setup menu](images/atp-enable-security-analytics.png) 2. Select the security control, then toggle the setting between **On** and **Off**. 3. Click **Save preferences**. ## Related topics -- [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) +- [View the Secure Score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) - [Update data retention settings for Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md) - [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Configure automation notifications in Windows Defender ATP](configure-automation-notifications-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md index f61369ccb6..773515d741 100644 --- a/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md @@ -43,5 +43,5 @@ During the onboarding process, a wizard takes you through the general settings o - [Configure alert notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) - [Configure automation notifications](configure-automation-notifications-windows-defender-advanced-threat-protection.md) - [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) -- [Enable Secure score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) +- [Enable Secure Score security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md) - [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png index 053795e6f2..df43379ab5 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png and b/windows/security/threat-protection/windows-defender-atp/images/atp-mma.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png b/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png new file mode 100644 index 0000000000..1d1cbb4448 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-server-offboarding-workspaceid.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md index 4247db91c4..ddb474d04d 100644 --- a/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -84,7 +84,7 @@ Filter the list to view specific machines that are well configured or require at - **Well configured** - Machines have the Windows Defender security controls well configured. - **Requires attention** - Machines where improvements can be made to increase the overall security posture of your organization. -For more information, see [View the Secure score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md). +For more information, see [View the Secure Score dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md). **Malware category alerts**
Filter the list to view specific machines grouped together by the following malware categories: diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index df541c6421..f39c999ed8 100644 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -51,7 +51,7 @@ You can navigate through the portal using the menu options available in all sect Area | Description :---|:--- (1) Navigation pane | Use the navigation pane to move between the **Dashboards**, **Alerts queue**, **Automated investigations**, **Machines list**, **Service health**, **Advanced hunting**, and **Settings**. -**Dashboards** | Access the Security operations, the Secure score, or Threat analytics dashboard. +**Dashboards** | Access the Security operations, the Secure Score, or Threat analytics dashboard. **Alerts** | View separate queues of new, in progress, resolved alerts, alerts assigned to you. **Automated investigations** | Displays a list of automated investigations that's been conducted in the network, the status of each investigation and other details such as when the investigation started and the duration of the investigation. **Machines list** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 40d4134566..24de43f40a 100644 --- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -194,9 +194,9 @@ There are a couple of tabs on the report that's generated: - Machine and alerts - Investigation results and action center -- Secure score +- Secure Score -In general, if you know of a specific threat name, CVE, or KB, you can identify machines with upatched vulnerabilities that might be leveraged by threats. This report also helps you determine whether machine-level mitigations are configured correctly on the machines and prioritize those that might need attention. +In general, if you know of a specific threat name, CVE, or KB, you can identify machines with unpatched vulnerabilities that might be leveraged by threats. This report also helps you determine whether machine-level mitigations are configured correctly on the machines and prioritize those that might need attention. diff --git a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md index 396fec186d..55147df786 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-analytics-windows-defender-advanced-threat-protection.md @@ -54,6 +54,6 @@ Click a section of each chart to get a list of the machines in the corresponding - [Understand the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) - [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) - [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) -- [View the Secure score dashboard and improve your secure score](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) +- [View the Secure Score dashboard and improve your secure score](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md index 65ed26ab81..889ce61814 100644 --- a/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/use-windows-defender-advanced-threat-protection.md @@ -31,7 +31,7 @@ You can use the Windows Defender ATP portal to carry out an end-to-end security Use the **Security operations** dashboard to gain insight on the various alerts on machines and users in your network. -Use the **Secure score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization. +Use the **Secure Score** dashboard to expand your visibility on the overall security posture of your organization. You'll see machines that require attention and recommendations that can help you reduce the attack surface in your organization. Use the **Threat analytics** dashboard to continually assess and control risk exposure to Spectre and Meltdown. @@ -42,7 +42,7 @@ Topic | Description :---|:--- [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the portal layout and area descriptions. [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md) | The Windows Defender ATP **Security operations dashboard** provides a snapshot of your network. You can view aggregates of alerts, the overall status of the service of the machines on your network, investigate machines, files, and URLs, and see snapshots of threats seen on machines. -[View the Secure score dashboard and improve your secure score](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. +[View the Secure Score dashboard and improve your secure score](security-analytics-dashboard-windows-defender-advanced-threat-protection.md) | The **Secure score dashboard** expands your visibility into the overall security posture of your organization. From this dashboard, you'll be able to quickly assess the security posture of your organization, see machines that require attention, as well as recommendations for actions to further reduce the attack surface in your organization - all in one place. [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics-windows-defender-advanced-threat-protection.md) | The **Threat analytics** dashboard helps you continually assess and control risk exposure to Spectre and Meltdown. Use the charts to quickly identify machines for the presence or absence of mitigations. diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 7b06f44795..bb7301d690 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -92,7 +92,7 @@ Topic | Description :---|:--- Get started | Learn about the minimum requirements, validate licensing and complete setup, know about preview features, understand data storage and privacy, and how to assign user access to the portal. [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) | Learn about configuring client, server, and non-Windows machines. Learn how to run a detection test, configure proxy and Internet connectivity settings, and how to troubleshoot potential onboarding issues. -[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations and Secure score dashboard, and how to navigate the portal. +[Understand the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) | Understand the Security operations and Secure Score dashboard, and how to navigate the portal. Investigate and remediate threats | Investigate alerts, machines, and take response actions to remediate threats. Prevent threats | Use conditional access to help better protect your users and enterprise information by making sure only secure devices have access to applications. API and SIEM support | Use the supported APIs to pull and create custom alerts, or automate workflows. Use the supported SIEM tools to pull alerts from the Windows Defender ATP portal.