From 55e401cb1d79cd1ca2bc3f7f94ea48bfe3ee1258 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Tue, 19 Mar 2019 20:35:17 +0000 Subject: [PATCH 01/12] Updated advanced-features-windows-defender-advanced-threat-protection.md with MTE --- ...ures-windows-defender-advanced-threat-protection.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 9ed8d6f32a..1b7791f6fd 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ For tenants created on or after Windows 10, version 1809 the automated investiga >[!NOTE] > - The result of the auto-resolve action may influence the Machine risk level calculation which is based on the active alerts found on a machine. ->- If a security operations analyst manually sets the status of an alert to "In progress" or "Resolved" the auto-resolve capability will not overrite it. +>- If a security operations analyst manually sets the status of an alert to "In progress" or "Resolved" the auto-resolve capability will not overwrite it. ## Block file @@ -91,6 +91,14 @@ When you enable this feature, you'll be able to incorporate data from Office 365 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512). +## Microaoft Threat Experts +This feature is currently on public preview. When you enable this feature, you'll be able to receive targeted attack notification from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it. + +>[!NOTE] +>This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later. + + + ## Microsoft Cloud App Security Enabling this setting forwards Windows Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data. From d2953792ec3a82a86c19f6b969454fa1734f2faf Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:01:40 +0000 Subject: [PATCH 02/12] Updated configure-microsoft-threat-experts.md with sample EOD questions --- .../configure-microsoft-threat-experts.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index f518883f9b..ec7f93da99 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -103,6 +103,29 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number. +## Sample questions to ask a Microsoft threat expert +**Alert information** +• We see a new type of alert for a living-off-the-land binary: . Can you tell us something more about this alert and how we can investigate further? +• We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference? +• I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Windows Defender see these attempts? What type of sign-ins are being monitored? +• Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. + +**Possible machine compromise** +• Can you please help answer why we see “Unknown process observed?” This is seen quite frequently on many machines and we would appreciate input on whether this is related to malicious activity. +• Can you help validate a possible compromise on the following system on with similar behaviors as the previous malware detection on the same system in ? + +**Threat intelligence details** +• This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for malware. Do you have any information on this malware? If yes, can you please send me a link? +• I recently saw a post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? + +**Microsoft Threat Experts’ alert communications** +• Can your incident response team help us address the targeted attack notification that we got? +• I received this targeted attack notification from Microsoft Threat Experts. We don’t have our own incident response team. What can we do now, and how can we contain the incident? +• I received a targeted attack notification from Microsoft Threat Experts. What data can you provide to us that we can pass on to our incident response team? + + >[!NOTE] + >Microsoft Threat Experts is a managed cybersecurity hunting service and not an incident response service. However, the experts can seamlessly transition the investigation to Microsoft Cybersecurity Solutions Group (CSG)'s Detection and Response Team (DART) services, when necessary. You can also opt to engage with your own incident response team to address issues that requires an incident response. + ## Scenario ### Receive a progress report about your managed hunting inquiry From c65feac7fd45eee1fe6c1ecc5599548cb0208539 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:12:22 +0000 Subject: [PATCH 03/12] Updated configure-microsoft-threat-experts.md --- .../configure-microsoft-threat-experts.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index ec7f93da99..1b84783ff5 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -105,18 +105,18 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w ## Sample questions to ask a Microsoft threat expert **Alert information** -• We see a new type of alert for a living-off-the-land binary: . Can you tell us something more about this alert and how we can investigate further? +• We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further? • We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference? • I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Windows Defender see these attempts? What type of sign-ins are being monitored? • Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. **Possible machine compromise** • Can you please help answer why we see “Unknown process observed?” This is seen quite frequently on many machines and we would appreciate input on whether this is related to malicious activity. -• Can you help validate a possible compromise on the following system on with similar behaviors as the previous malware detection on the same system in ? +• Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]? **Threat intelligence details** • This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for malware. Do you have any information on this malware? If yes, can you please send me a link? -• I recently saw a post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? +• I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? **Microsoft Threat Experts’ alert communications** • Can your incident response team help us address the targeted attack notification that we got? From 36309df1b222093218a4b21c46f70f8e9c4cff9f Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:17:17 +0000 Subject: [PATCH 04/12] Updated configure-microsoft-threat-experts.md --- .../configure-microsoft-threat-experts.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index 1b84783ff5..752e346d4b 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -105,23 +105,23 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w ## Sample questions to ask a Microsoft threat expert **Alert information** -• We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further? -• We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference? -• I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Windows Defender see these attempts? What type of sign-ins are being monitored? -• Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. +- We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further? +- We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference? +- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Windows Defender see these attempts? What type of sign-ins are being monitored? +- Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. **Possible machine compromise** -• Can you please help answer why we see “Unknown process observed?” This is seen quite frequently on many machines and we would appreciate input on whether this is related to malicious activity. -• Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]? +- Can you please help answer why we see “Unknown process observed?” This is seen quite frequently on many machines and we would appreciate input on whether this is related to malicious activity. +- Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]? **Threat intelligence details** -• This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for malware. Do you have any information on this malware? If yes, can you please send me a link? -• I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? +- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for malware. Do you have any information on this malware? If yes, can you please send me a link? +- I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? **Microsoft Threat Experts’ alert communications** -• Can your incident response team help us address the targeted attack notification that we got? -• I received this targeted attack notification from Microsoft Threat Experts. We don’t have our own incident response team. What can we do now, and how can we contain the incident? -• I received a targeted attack notification from Microsoft Threat Experts. What data can you provide to us that we can pass on to our incident response team? +- Can your incident response team help us address the targeted attack notification that we got? +- I received this targeted attack notification from Microsoft Threat Experts. We don’t have our own incident response team. What can we do now, and how can we contain the incident? +- I received a targeted attack notification from Microsoft Threat Experts. What data can you provide to us that we can pass on to our incident response team? >[!NOTE] >Microsoft Threat Experts is a managed cybersecurity hunting service and not an incident response service. However, the experts can seamlessly transition the investigation to Microsoft Cybersecurity Solutions Group (CSG)'s Detection and Response Team (DART) services, when necessary. You can also opt to engage with your own incident response team to address issues that requires an incident response. From 740e21f48e101348508224414d83b64efe031829 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:18:51 +0000 Subject: [PATCH 05/12] Updated configure-microsoft-threat-experts.md --- .../configure-microsoft-threat-experts.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index 752e346d4b..cafd23e0dd 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -88,10 +88,10 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**:
- - **Select the product family**: **Security** - - **Select a product**: **Microsoft Threat Experts** - - **Select a category that best describes the issue**: **Windows Defender ATP** - - **Select a problem that best describes the issue**: Choose according to your inquiry category + - **Select the product family**: **Security** + - **Select a product**: **Microsoft Threat Experts** + - **Select a category that best describes the issue**: **Windows Defender ATP** + - **Select a problem that best describes the issue**: Choose according to your inquiry category b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**. From ca938fa06bf944489e5bbb8e692edf26298d36ae Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:21:08 +0000 Subject: [PATCH 06/12] Updated configure-microsoft-threat-experts.md --- .../configure-microsoft-threat-experts.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index cafd23e0dd..f6d7d767df 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -81,11 +81,10 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w c. Remember to use the ID number from the **Open a support ticket** tab page and include it to the details you will provide in the subsequent Customer Services and Support (CSS) pages.
- **Step 2: Open a support ticket** - - >[!NOTE] - >To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a Premier customer service and support account. However, you will not be charged for the Experts-on-demand service during the preview. - + **Step 2: Open a support ticket** + >[!NOTE] + >To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a Premier customer service and support account. However, you will not be charged for the Experts-on-demand service during the preview. + a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**:
- **Select the product family**: **Security** @@ -93,15 +92,15 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w - **Select a category that best describes the issue**: **Windows Defender ATP** - **Select a problem that best describes the issue**: Choose according to your inquiry category - b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**. + b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**.
- c. In the **Select a support plan** page, select **Professional No Charge**. + c. In the **Select a support plan** page, select **Professional No Charge**.
- d. The severity of your issue has been pre-selected by default, per the support plan, **Professional No Charge**, that you'll use for this public preview. Select the time zone by which you'd like to receive the correspondence. Then, click **Next**. + d. The severity of your issue has been pre-selected by default, per the support plan, **Professional No Charge**, that you'll use for this public preview. Select the time zone by which you'd like to receive the correspondence. Then, click **Next**.
- e. Verify your contact details and add another if necessary. Then, click **Next**. + e. Verify your contact details and add another if necessary. Then, click **Next**.
- f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number. + f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number.
## Sample questions to ask a Microsoft threat expert **Alert information** From 2d8681831020795ae55a9cee2f2dd74a9ad51a05 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:22:19 +0000 Subject: [PATCH 07/12] Updated configure-microsoft-threat-experts.md --- .../windows-defender-atp/configure-microsoft-threat-experts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index f6d7d767df..3aa49c32ea 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -102,7 +102,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number.
-## Sample questions to ask a Microsoft threat expert +## Sample questions to ask Microsoft Threat Experts **Alert information** - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further? - We’ve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference? From e9de3b07159d9960f1217990f9dd352d47f44fa3 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:24:21 +0000 Subject: [PATCH 08/12] Updated configure-microsoft-threat-experts.md --- .../configure-microsoft-threat-experts.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index 3aa49c32ea..8905fdc9f9 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -87,10 +87,10 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**:
- - **Select the product family**: **Security** - - **Select a product**: **Microsoft Threat Experts** - - **Select a category that best describes the issue**: **Windows Defender ATP** - - **Select a problem that best describes the issue**: Choose according to your inquiry category + **Select the product family**: **Security**
+ **Select a product**: **Microsoft Threat Experts**
+ **Select a category that best describes the issue**: **Windows Defender ATP**
+ **Select a problem that best describes the issue**: Choose according to your inquiry category
b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**.
From c193e1c8ca4b4eb5c9d5d728d3daa9769cb4da93 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 22:26:25 +0000 Subject: [PATCH 09/12] Updated configure-microsoft-threat-experts.md --- .../configure-microsoft-threat-experts.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md index 8905fdc9f9..8e6edc791b 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -87,10 +87,10 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**:
- **Select the product family**: **Security**
- **Select a product**: **Microsoft Threat Experts**
- **Select a category that best describes the issue**: **Windows Defender ATP**
- **Select a problem that best describes the issue**: Choose according to your inquiry category
+ **Select the product family**: **Security**
+ **Select a product**: **Microsoft Threat Experts**
+ **Select a category that best describes the issue**: **Windows Defender ATP**
+ **Select a problem that best describes the issue**: Choose according to your inquiry category
b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**.
@@ -114,7 +114,7 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w - Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]? **Threat intelligence details** -- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for malware. Do you have any information on this malware? If yes, can you please send me a link? +- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you please send me a link? - I recently saw a [social media reference e.g. Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection WDATP provides against this threat actor? **Microsoft Threat Experts’ alert communications** From 771edc914495c471516ac4251eeb1b2497829081 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 23:13:04 +0000 Subject: [PATCH 10/12] Updated advanced-features-windows-defender-advanced-threat-protection.md with MTE preview info --- ...ed-features-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 1b7791f6fd..353fafc416 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -91,11 +91,11 @@ When you enable this feature, you'll be able to incorporate data from Office 365 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512). -## Microaoft Threat Experts +## Microsoft Threat Experts This feature is currently on public preview. When you enable this feature, you'll be able to receive targeted attack notification from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it. >[!NOTE] ->This feature is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later. +>This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later. From f07051042d506f4c8c0ddbee2613855d12c375e4 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 23:15:28 +0000 Subject: [PATCH 11/12] Updated advanced-features-windows-defender-advanced-threat-protection.md --- ...nced-features-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 353fafc416..25eb9ec79a 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -92,7 +92,7 @@ When you enable this feature, you'll be able to incorporate data from Office 365 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512). ## Microsoft Threat Experts -This feature is currently on public preview. When you enable this feature, you'll be able to receive targeted attack notification from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it. +This feature is currently on public preview. When you enable this feature, you'll receive targeted attack notification from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it. >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later. From d65b50ac10f451016a9e0d9f8b0c00c899cb9724 Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 20 Mar 2019 23:40:59 +0000 Subject: [PATCH 12/12] Updated advanced-features-windows-defender-advanced-threat-protection.md --- ...nced-features-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index 25eb9ec79a..6e0dd42396 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -92,7 +92,7 @@ When you enable this feature, you'll be able to incorporate data from Office 365 To receive contextual machine integration in Office 365 Threat Intelligence, you'll need to enable the Windows Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512). ## Microsoft Threat Experts -This feature is currently on public preview. When you enable this feature, you'll receive targeted attack notification from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it. +This feature is currently on public preview. When you enable this feature, you'll receive targeted attack notifications from Microsoft Threat Experts through your Windows Defender ATP portal's alerts dashboard and via email if you configure it. >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10 version 1809 or later.