mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-25 23:33:35 +00:00
Merge pull request #4501 from MicrosoftDocs/FromPrivateRepo
From private repo
This commit is contained in:
huypub
GitHub
@ -1,436 +1,493 @@
|
||||
# [Threat protection](index.md)
|
||||
|
||||
## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
|
||||
## [Overview]()
|
||||
### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
|
||||
### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md)
|
||||
### [Attack surface reduction]()
|
||||
#### [Hardware-based isolation]()
|
||||
##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
|
||||
|
||||
### [Overview](microsoft-defender-atp/overview.md)
|
||||
#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
|
||||
##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md)
|
||||
###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
|
||||
###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
|
||||
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
|
||||
##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
|
||||
##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
|
||||
##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
|
||||
##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
|
||||
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
|
||||
#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
|
||||
##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
|
||||
##### [Application isolation]()
|
||||
###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
|
||||
|
||||
##### [Incidents queue](microsoft-defender-atp/incidents-queue.md)
|
||||
###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
|
||||
###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
|
||||
###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
|
||||
##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
|
||||
|
||||
#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
|
||||
#### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
|
||||
#### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
|
||||
#### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
|
||||
#### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
|
||||
#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
|
||||
|
||||
### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
|
||||
##### Alerts queue
|
||||
###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
|
||||
###### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
|
||||
###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
|
||||
###### [Investigate files](microsoft-defender-atp/investigate-files.md)
|
||||
###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
|
||||
###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
|
||||
###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
|
||||
###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
|
||||
### [Endpoint detection and response]()
|
||||
#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
|
||||
#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
|
||||
|
||||
#### [Incidents queue]()
|
||||
##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
|
||||
##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
|
||||
##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
|
||||
|
||||
#### [Alerts queue]()
|
||||
##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
|
||||
##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
|
||||
##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
|
||||
##### [Investigate files](microsoft-defender-atp/investigate-files.md)
|
||||
##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
|
||||
##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
|
||||
##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
|
||||
##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
|
||||
|
||||
##### Machines list
|
||||
###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
|
||||
###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
|
||||
###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
|
||||
###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline)
|
||||
####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
|
||||
####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
|
||||
####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
|
||||
####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
|
||||
#### [Machines list]()
|
||||
##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
|
||||
##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
|
||||
##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
|
||||
|
||||
##### [Machine timeline]()
|
||||
###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline)
|
||||
###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
|
||||
###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
|
||||
###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
|
||||
###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
|
||||
|
||||
##### [Take response actions](microsoft-defender-atp/response-actions.md)
|
||||
###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md)
|
||||
####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
|
||||
####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
|
||||
####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
|
||||
####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
|
||||
####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
|
||||
####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
|
||||
#### [Take response actions]()
|
||||
##### [Take response actions on a machine]()
|
||||
###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
|
||||
###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
|
||||
###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
|
||||
###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
|
||||
###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
|
||||
###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
|
||||
###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
|
||||
####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
|
||||
|
||||
###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md)
|
||||
####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
|
||||
####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
|
||||
####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
|
||||
####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
|
||||
####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
|
||||
####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
|
||||
####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
|
||||
####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
|
||||
##### [Take response actions on a file]()
|
||||
###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
|
||||
###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
|
||||
###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
|
||||
###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
|
||||
###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
|
||||
###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
|
||||
###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
|
||||
###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
|
||||
###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
|
||||
####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
|
||||
|
||||
###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md)
|
||||
#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
|
||||
|
||||
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
|
||||
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
|
||||
##### [Investigate entities using Live response]()
|
||||
###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
|
||||
######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
|
||||
|
||||
### [Automated investigation and remediation]()
|
||||
#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
|
||||
#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
|
||||
#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
|
||||
|
||||
### [Secure score](microsoft-defender-atp/overview-secure-score.md)
|
||||
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
|
||||
|
||||
#### [Secure score](microsoft-defender-atp/overview-secure-score.md)
|
||||
#### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
|
||||
### [Advanced hunting]()
|
||||
#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md)
|
||||
#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
|
||||
##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
|
||||
##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
|
||||
|
||||
#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md)
|
||||
##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
|
||||
###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
|
||||
###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
|
||||
##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md)
|
||||
###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
|
||||
#### [Custom detections]()
|
||||
##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
|
||||
##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
|
||||
|
||||
|
||||
|
||||
#### [Management and APIs](microsoft-defender-atp/management-apis.md)
|
||||
#### [Management and APIs]()
|
||||
##### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
|
||||
##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
|
||||
##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
|
||||
##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
|
||||
|
||||
#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md)
|
||||
#### [Integrations]()
|
||||
##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
|
||||
##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
|
||||
##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
|
||||
##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md)
|
||||
###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
|
||||
|
||||
#### [Information protection in Windows overview]()
|
||||
##### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
|
||||
##### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
|
||||
|
||||
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
|
||||
|
||||
### [Portal overview](microsoft-defender-atp/portal-overview.md)
|
||||
|
||||
|
||||
## [Get started]()
|
||||
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
|
||||
### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
|
||||
### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
|
||||
### [Preview features](microsoft-defender-atp/preview.md)
|
||||
### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
|
||||
### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
|
||||
|
||||
#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
|
||||
|
||||
|
||||
|
||||
#### [Portal overview](microsoft-defender-atp/portal-overview.md)
|
||||
|
||||
|
||||
|
||||
### [Get started](microsoft-defender-atp/get-started.md)
|
||||
#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
|
||||
#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
|
||||
#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
|
||||
#### [Preview features](microsoft-defender-atp/preview.md)
|
||||
#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
|
||||
#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
|
||||
|
||||
#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md)
|
||||
#####Evaluate attack surface reduction
|
||||
###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
|
||||
###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
|
||||
###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
|
||||
###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
|
||||
###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
|
||||
###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
|
||||
###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
|
||||
### [Evaluate Microsoft Defender ATP]()
|
||||
#### [Attack surface reduction and next-generation capability evaluation]()
|
||||
##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
|
||||
##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
|
||||
##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
|
||||
##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
|
||||
##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
|
||||
##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
|
||||
##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
|
||||
##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
|
||||
##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
|
||||
|
||||
#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
|
||||
### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
|
||||
|
||||
### [Configure and manage capabilities](microsoft-defender-atp/onboard.md)
|
||||
#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md)
|
||||
#####Hardware-based isolation
|
||||
###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
|
||||
###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
|
||||
####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
|
||||
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
|
||||
##### Device control
|
||||
###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
|
||||
###### [Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
|
||||
####### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md)
|
||||
######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
|
||||
######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
|
||||
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
|
||||
###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
|
||||
##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
|
||||
##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
|
||||
##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
|
||||
###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
|
||||
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
|
||||
## [Configure and manage capabilities]()
|
||||
### [Configure attack surface reduction]()
|
||||
#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
|
||||
|
||||
#### [Hardware-based isolation]()
|
||||
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
|
||||
|
||||
##### [Application isolation]()
|
||||
###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
|
||||
###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
|
||||
|
||||
#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
|
||||
##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
||||
###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
|
||||
###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
|
||||
###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
|
||||
###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
|
||||
###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
|
||||
##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
|
||||
###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
|
||||
###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
|
||||
##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
|
||||
##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
|
||||
###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
|
||||
#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
|
||||
|
||||
##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
|
||||
###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
|
||||
####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
|
||||
###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
|
||||
####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
|
||||
###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
|
||||
####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
|
||||
####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
|
||||
####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
|
||||
####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
|
||||
####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
|
||||
#### [Device control]()
|
||||
##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
|
||||
|
||||
##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
||||
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
||||
####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
||||
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
||||
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
||||
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
||||
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
|
||||
##### [Device Guard]()
|
||||
###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
|
||||
|
||||
###### [Memory integrity]()
|
||||
####### [Understand memory integrity](windows-defender-exploit-guard/memory-integrity.md)
|
||||
####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
|
||||
####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
|
||||
|
||||
#### [Exploit protection]()
|
||||
##### [Enable exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
|
||||
##### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
|
||||
|
||||
#### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
|
||||
#### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
|
||||
|
||||
#### [Attack surface reduction controls]()
|
||||
##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
|
||||
##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
|
||||
#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
|
||||
|
||||
### [Configure next generation protection]()
|
||||
#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
|
||||
#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
||||
##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
|
||||
##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
|
||||
##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
|
||||
##### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
|
||||
##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
|
||||
##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
|
||||
|
||||
#### [Configure behavioral, heuristic, and real-time protection]()
|
||||
##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
|
||||
##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
|
||||
##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
|
||||
|
||||
#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
|
||||
|
||||
#### [Antivirus compatibility]()
|
||||
##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
|
||||
##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
|
||||
|
||||
#### [Deploy, manage updates, and report on antivirus]()
|
||||
##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
|
||||
##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
|
||||
###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
|
||||
|
||||
##### [Report on antivirus protection]()
|
||||
###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
|
||||
###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
|
||||
|
||||
##### [Manage updates and apply baselines]()
|
||||
###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
|
||||
###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
|
||||
###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
|
||||
###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
|
||||
###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
|
||||
###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
|
||||
|
||||
#### [Customize, initiate, and review the results of scans and remediation]()
|
||||
##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure and validate exclusions in antivirus scans]()
|
||||
###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
||||
##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
||||
##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
||||
##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
||||
##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
|
||||
|
||||
#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
||||
|
||||
#### [Manage antivirus in your business]()
|
||||
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
||||
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
||||
##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
||||
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
||||
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
|
||||
#### [Manage scans and remediation]()
|
||||
##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure and validate exclusions in antivirus scans]()
|
||||
###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
||||
|
||||
#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
||||
##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
||||
##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
||||
##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
|
||||
##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
||||
##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
||||
###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
||||
###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
||||
###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
||||
###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
|
||||
##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
||||
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
||||
####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
||||
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
||||
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
||||
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
||||
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
|
||||
###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
||||
##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
||||
###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
||||
###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
||||
###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
||||
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
#### [Manage next generation protection in your business]()
|
||||
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
||||
##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
||||
##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
||||
##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
||||
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
|
||||
### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
|
||||
|
||||
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
|
||||
|
||||
### [Management and API support]()
|
||||
#### [Onboard devices to the service]()
|
||||
##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
|
||||
##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
|
||||
##### [Onboard Windows 10 machines]()
|
||||
###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
|
||||
###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
|
||||
###### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
|
||||
###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
|
||||
###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
|
||||
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
|
||||
|
||||
##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
|
||||
##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
|
||||
##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
|
||||
##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
|
||||
##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
|
||||
##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
|
||||
|
||||
##### [Troubleshoot onboarding issues]()
|
||||
###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
|
||||
###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
|
||||
|
||||
#### [Microsoft Defender ATP API]()
|
||||
##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
|
||||
##### [Get started with Microsoft Defender ATP APIs]()
|
||||
###### [Introduction](microsoft-defender-atp/apis-intro.md)
|
||||
###### [Hello World](microsoft-defender-atp/api-hello-world.md)
|
||||
###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
|
||||
###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
|
||||
|
||||
##### [APIs]()
|
||||
###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md)
|
||||
###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
|
||||
|
||||
###### [Alert]()
|
||||
####### [Alert methods and properties](microsoft-defender-atp/alerts.md)
|
||||
####### [List alerts](microsoft-defender-atp/get-alerts.md)
|
||||
####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
|
||||
####### [Update Alert](microsoft-defender-atp/update-alert.md)
|
||||
####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
|
||||
####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
|
||||
####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
|
||||
####### [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
|
||||
####### [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
|
||||
####### [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
|
||||
|
||||
###### [Machine]()
|
||||
####### [Machine methods and properties](microsoft-defender-atp/machine.md)
|
||||
####### [List machines](microsoft-defender-atp/get-machines.md)
|
||||
####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
|
||||
####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
|
||||
####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
|
||||
####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
|
||||
####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
|
||||
|
||||
###### [Machine Action]()
|
||||
####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md)
|
||||
####### [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
|
||||
####### [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
|
||||
####### [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
|
||||
####### [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
|
||||
####### [Isolate machine](microsoft-defender-atp/isolate-machine.md)
|
||||
####### [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
|
||||
####### [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
|
||||
####### [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
|
||||
####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
|
||||
####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
|
||||
####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
|
||||
####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
|
||||
|
||||
###### [Indicators]()
|
||||
####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
|
||||
####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
|
||||
####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
|
||||
####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
|
||||
|
||||
###### [Domain]()
|
||||
####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
|
||||
####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
|
||||
####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
|
||||
####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
|
||||
|
||||
###### [File]()
|
||||
####### [File methods and properties](microsoft-defender-atp/files.md)
|
||||
####### [Get file information](microsoft-defender-atp/get-file-information.md)
|
||||
####### [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
|
||||
####### [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
|
||||
####### [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
|
||||
|
||||
###### [IP]()
|
||||
####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
|
||||
####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
|
||||
####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
|
||||
####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
|
||||
|
||||
###### [User]()
|
||||
####### [User methods](microsoft-defender-atp/user.md)
|
||||
####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
|
||||
####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
|
||||
|
||||
##### [How to use APIs - Samples]()
|
||||
###### [Advanced Hunting API]()
|
||||
####### [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
|
||||
####### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
|
||||
####### [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
|
||||
####### [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
|
||||
|
||||
###### [Multiple APIs]()
|
||||
####### [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
|
||||
|
||||
###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
|
||||
|
||||
#### [Windows updates (KB) info]()
|
||||
##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
|
||||
|
||||
#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
|
||||
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
|
||||
|
||||
#### [API for custom alerts (Deprecated)]()
|
||||
##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
|
||||
##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
|
||||
##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
|
||||
##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
|
||||
##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
|
||||
##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
|
||||
##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
|
||||
|
||||
#### [Pull alerts to your SIEM tools]()
|
||||
##### [Learn about different ways to pull alerts](microsoft-defender-atp/configure-siem.md)
|
||||
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
|
||||
##### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
|
||||
##### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
|
||||
##### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
|
||||
##### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
|
||||
##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
|
||||
|
||||
#### [Reporting]()
|
||||
##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
|
||||
##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
|
||||
##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
|
||||
|
||||
#### [Interoperability]()
|
||||
##### [Partner applications](microsoft-defender-atp/partner-applications.md)
|
||||
|
||||
#### [Role-based access control]()
|
||||
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
|
||||
##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
|
||||
##### [Create and manage machine groups]()
|
||||
###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
|
||||
###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
|
||||
|
||||
#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
|
||||
|
||||
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
|
||||
|
||||
### [Configure Microsoft threat protection integration]()
|
||||
#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
|
||||
#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
|
||||
#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
|
||||
|
||||
### [Configure portal settings]()
|
||||
#### [General]()
|
||||
##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
|
||||
##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
|
||||
##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
|
||||
##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
|
||||
##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
|
||||
|
||||
#### [Permissions]()
|
||||
##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
|
||||
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
|
||||
###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
|
||||
###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
|
||||
####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
|
||||
|
||||
#### [APIs]()
|
||||
##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
|
||||
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
|
||||
|
||||
#### [Rules]()
|
||||
##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
|
||||
##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
|
||||
##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
|
||||
##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
|
||||
##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
|
||||
|
||||
#### [Machine management]()
|
||||
##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
|
||||
##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
|
||||
|
||||
#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
|
||||
|
||||
|
||||
#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
|
||||
## [Troubleshoot Microsoft Defender ATP]()
|
||||
### [Troubleshoot sensor state]()
|
||||
#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
|
||||
#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
|
||||
#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
|
||||
#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
|
||||
#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
|
||||
|
||||
### [Troubleshoot Microsoft Defender ATP service issues]()
|
||||
#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
|
||||
#### [Check service health](microsoft-defender-atp/service-status.md)
|
||||
|
||||
#### Management and API support
|
||||
##### [Onboard machines](microsoft-defender-atp/onboard-configure.md)
|
||||
###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
|
||||
###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md)
|
||||
####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
|
||||
####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
|
||||
####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
|
||||
######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
|
||||
####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
|
||||
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
|
||||
###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
|
||||
###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
|
||||
###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
|
||||
###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
|
||||
###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
|
||||
###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
|
||||
###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md)
|
||||
####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
|
||||
|
||||
##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md)
|
||||
###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
|
||||
###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
|
||||
####### [Hello World](microsoft-defender-atp/api-hello-world.md)
|
||||
####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
|
||||
####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
|
||||
###### [APIs](microsoft-defender-atp/exposed-apis-list.md)
|
||||
### [Troubleshoot live response issues]()
|
||||
#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
|
||||
|
||||
####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
|
||||
|
||||
####### [Alert](microsoft-defender-atp/alerts.md)
|
||||
######## [List alerts](microsoft-defender-atp/get-alerts.md)
|
||||
######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
|
||||
######## [Update Alert](microsoft-defender-atp/update-alert.md)
|
||||
######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
|
||||
######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
|
||||
######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
|
||||
######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
|
||||
######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
|
||||
######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
|
||||
|
||||
####### [Machine](microsoft-defender-atp/machine.md)
|
||||
######## [List machines](microsoft-defender-atp/get-machines.md)
|
||||
######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
|
||||
######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
|
||||
######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
|
||||
######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
|
||||
######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
|
||||
|
||||
####### [Machine Action](microsoft-defender-atp/machineaction.md)
|
||||
######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
|
||||
######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
|
||||
######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
|
||||
######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
|
||||
######## [Isolate machine](microsoft-defender-atp/isolate-machine.md)
|
||||
######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
|
||||
######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
|
||||
######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
|
||||
######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
|
||||
######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
|
||||
######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
|
||||
######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
|
||||
|
||||
####### [Indicators](microsoft-defender-atp/ti-indicator.md)
|
||||
######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
|
||||
######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
|
||||
######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
|
||||
|
||||
####### Domain
|
||||
######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
|
||||
######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
|
||||
######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
|
||||
######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
|
||||
|
||||
####### [File](microsoft-defender-atp/files.md)
|
||||
######## [Get file information](microsoft-defender-atp/get-file-information.md)
|
||||
######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
|
||||
######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
|
||||
######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
|
||||
|
||||
####### IP
|
||||
######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
|
||||
######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
|
||||
######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
|
||||
######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
|
||||
|
||||
####### [User](microsoft-defender-atp/user.md)
|
||||
######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
|
||||
######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
|
||||
|
||||
|
||||
###### How to use APIs - Samples
|
||||
####### Advanced Hunting API
|
||||
######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
|
||||
######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
|
||||
######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
|
||||
######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
|
||||
####### Multiple APIs
|
||||
######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
|
||||
####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
|
||||
|
||||
|
||||
#####Windows updates (KB) info
|
||||
###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
|
||||
#####Common Vulnerabilities and Exposures (CVE) to KB map
|
||||
###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
|
||||
### [Troubleshoot attack surface reduction]()
|
||||
#### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
|
||||
#### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
|
||||
|
||||
|
||||
##### API for custom alerts (Deprecated)
|
||||
###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
|
||||
###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
|
||||
###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
|
||||
###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
|
||||
###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
|
||||
###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
|
||||
###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
|
||||
|
||||
|
||||
##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md)
|
||||
###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
|
||||
###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
|
||||
###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
|
||||
###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
|
||||
###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
|
||||
###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
|
||||
### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
|
||||
|
||||
|
||||
##### Reporting
|
||||
###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
|
||||
###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
|
||||
###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
|
||||
|
||||
##### Interoperability
|
||||
###### [Partner applications](microsoft-defender-atp/partner-applications.md)
|
||||
|
||||
|
||||
##### Role-based access control
|
||||
###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
|
||||
####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
|
||||
####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
|
||||
######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
|
||||
|
||||
|
||||
##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
|
||||
|
||||
|
||||
#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
|
||||
|
||||
|
||||
|
||||
#### Configure Microsoft threat protection integration
|
||||
##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
|
||||
##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
|
||||
##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
|
||||
|
||||
|
||||
|
||||
|
||||
#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md)
|
||||
##### General
|
||||
###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
|
||||
###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
|
||||
###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
|
||||
###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
|
||||
###### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
|
||||
|
||||
##### Permissions
|
||||
###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
|
||||
###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
|
||||
####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
|
||||
####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
|
||||
######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
|
||||
|
||||
##### APIs
|
||||
###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
|
||||
###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
|
||||
|
||||
#####Rules
|
||||
###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
|
||||
###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
|
||||
###### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
|
||||
###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
|
||||
###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
|
||||
|
||||
#####Machine management
|
||||
###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
|
||||
###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
|
||||
|
||||
##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
|
||||
|
||||
|
||||
### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md)
|
||||
####Troubleshoot sensor state
|
||||
##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
|
||||
##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
|
||||
##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
|
||||
##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
|
||||
##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
|
||||
|
||||
#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
|
||||
##### [Check service health](microsoft-defender-atp/service-status.md)
|
||||
|
||||
|
||||
#### [Troubleshoot live response issues](microsoft-defender-atp/troubleshoot-live-response.md)
|
||||
##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
|
||||
|
||||
|
||||
####Troubleshoot attack surface reduction
|
||||
##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
|
||||
##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
|
||||
|
||||
#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
|
||||
|
||||
## [Security intelligence](intelligence/index.md)
|
||||
### [Understand malware & other threats](intelligence/understanding-malware.md)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Onboard Windows 10 machines on Microsoft Defender ATP
|
||||
title: Onboarding tools and methods for Windows 10 machines
|
||||
description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
|
||||
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
@ -15,10 +15,9 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: conceptual
|
||||
ms.date: 07/12/2018
|
||||
---
|
||||
|
||||
# Onboard Windows 10 machines
|
||||
# Onboarding tools and methods for Windows 10 machines
|
||||
|
||||
**Applies to:**
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: procedural
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Optimize ASR rule deployment and detections
|
||||
|
||||
@ -14,7 +14,7 @@ ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: procedural
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Get machines onboarded to Microsoft Defender ATP
|
||||
|
||||
@ -14,7 +14,7 @@ ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: procedural
|
||||
ms.topic: article
|
||||
---
|
||||
|
||||
# Increase compliance to the Microsoft Defender ATP security baseline
|
||||
@ -41,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended
|
||||
|
||||
Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
|
||||
|
||||
>[!NOTE]
|
||||
>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
|
||||
|
||||
## Get permissions to manage security baselines in Intune
|
||||
|
||||
By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you haven’t been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group.
|
||||
|
||||
@ -14,7 +14,7 @@ ms.localizationpriority: medium
|
||||
manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: procedural
|
||||
ms.topic: conceptual
|
||||
---
|
||||
|
||||
# Ensure your machines are configured properly
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 81 KiB After Width: | Height: | Size: 91 KiB |
@ -109,7 +109,7 @@ To see a full page view of an alert including incident graph and process tree, s
|
||||
|
||||
The **Timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This can help you correlate any events, files, and IP addresses in relation to the machine.
|
||||
|
||||
Timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns.
|
||||
The timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns.
|
||||
|
||||
>[!NOTE]
|
||||
> For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection).
|
||||
@ -131,15 +131,15 @@ Some of the functionality includes:
|
||||
- Export detailed machine timeline events
|
||||
- Export the machine timeline for the current date or a specified date range up to seven days.
|
||||
|
||||
Along with event time and users, one of the main categories on the timeline is "Details". They describe what happened in the events. The list of possible details are:
|
||||
More details about certain events are provided in the **Additional information** section. These details vary depending on the type of event, for example:
|
||||
|
||||
- Contained by Application Guard
|
||||
- Active threat detected - when the detection happened, the threat was executing (i.e. it was running)
|
||||
- Remediation unsuccessful - remediation was invoked but failed
|
||||
- Remediation successful - the threat was stopped and cleaned up
|
||||
- Warning bypassed by user - SmartScreen warning appeared but the user dismissed it
|
||||
- Suspicious script detected
|
||||
- Alert category (e.g. lateral movement)- if the event is correlated to an alert, the tag will show the alert category
|
||||
- Contained by Application Guard - the web browser event was restricted by an isolated container
|
||||
- Active threat detected - the threat detection occurred while the threat was running
|
||||
- Remediation unsuccessful - an attempt to remediate the detected threat was invoked but failed
|
||||
- Remediation successful - the detected threat was stopped and cleaned
|
||||
- Warning bypassed by user - the SmartScreen warning was dismissed and overridden by a user
|
||||
- Suspicious script detected - a potentially malicious script was found running
|
||||
- The alert category - if the event led to the generation of an alert, the alert category ("Lateral Movement", for example) is provided
|
||||
|
||||
You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.
|
||||
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
|
||||
|
||||
## [Overview](overview.md)
|
||||
### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
|
||||
## [Overview]()
|
||||
### [Overview of Microsoft Defender ATP capabilities](overview.md)
|
||||
### [Threat & Vulnerability Management]()
|
||||
#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
|
||||
#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
|
||||
#### [Exposure score](tvm-exposure-score.md)
|
||||
#### [Configuration score](configuration-score.md)
|
||||
@ -12,29 +14,39 @@
|
||||
#### [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
||||
|
||||
|
||||
### [Attack surface reduction](overview-attack-surface-reduction.md)
|
||||
#### [Hardware-based isolation](overview-hardware-based-isolation.md)
|
||||
##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
### [Attack surface reduction]()
|
||||
#### [Hardware-based isolation]()
|
||||
##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
|
||||
|
||||
##### [Application isolation]()
|
||||
###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
|
||||
###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
|
||||
|
||||
##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
|
||||
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
|
||||
|
||||
#### [Application control]()
|
||||
##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
|
||||
|
||||
#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
|
||||
#### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md)
|
||||
#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
|
||||
#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
|
||||
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
|
||||
|
||||
|
||||
### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
||||
### [Endpoint detection and response](overview-endpoint-detection-response.md)
|
||||
|
||||
|
||||
### [Endpoint detection and response]()
|
||||
#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
|
||||
#### [Security operations dashboard](security-operations-dashboard.md)
|
||||
|
||||
|
||||
#### [Incidents queue](incidents-queue.md)
|
||||
#### [Incidents queue]()
|
||||
##### [View and organize the Incidents queue](view-incidents-queue.md)
|
||||
##### [Manage incidents](manage-incidents.md)
|
||||
##### [Investigate incidents](investigate-incidents.md)
|
||||
|
||||
|
||||
#### Alerts queue
|
||||
#### [Alerts queue]()
|
||||
##### [View and organize the Alerts queue](alerts-queue.md)
|
||||
##### [Manage alerts](manage-alerts.md)
|
||||
##### [Investigate alerts](investigate-alerts.md)
|
||||
@ -44,16 +56,18 @@
|
||||
##### [Investigate a domain](investigate-domain.md)
|
||||
##### [Investigate a user account](investigate-user.md)
|
||||
|
||||
#### [Machines list](machines-view-overview.md)
|
||||
##### [Investigate machines](investigate-machines.md#machine-timeline)
|
||||
#### [Machines list]()
|
||||
##### [View and organize the Machines list](machines-view-overview.md)
|
||||
|
||||
##### [Investigate machines]()
|
||||
###### [Machine details](investigate-machines.md#machine-details)
|
||||
###### [Response actions](investigate-machines.md#response-actions)
|
||||
###### [Cards](investigate-machines.md#cards)
|
||||
###### [Tabs](investigate-machines.md#tabs)
|
||||
|
||||
|
||||
#### [Take response actions](response-actions.md)
|
||||
##### [Take response actions on a machine](respond-machine-alerts.md)
|
||||
#### [Take response actions]()
|
||||
##### [Take response actions on a machine]()
|
||||
###### [Understand response actions](respond-machine-alerts.md)
|
||||
###### [Manage tags](respond-machine-alerts.md#manage-tags)
|
||||
###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
|
||||
###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
|
||||
@ -63,46 +77,60 @@
|
||||
###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
|
||||
###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
|
||||
|
||||
##### [Take response actions on a file](respond-file-alerts.md)
|
||||
##### [Take response actions on a file]()
|
||||
###### [Understand response actions](respond-file-alerts.md)
|
||||
###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
|
||||
###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine)
|
||||
###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network)
|
||||
###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list)
|
||||
###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center)
|
||||
###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
|
||||
###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
|
||||
###### [Deep analysis](respond-file-alerts.md#deep-analysis)
|
||||
|
||||
|
||||
##### [Investigate entities using Live response](live-response.md)
|
||||
##### [Live response]()
|
||||
###### [Investigate entities on machines](live-response.md)
|
||||
###### [Live response command examples](live-response-command-examples.md)
|
||||
|
||||
### [Automated investigation and remediation](automated-investigations.md)
|
||||
|
||||
### [Automated investigation and remediation]()
|
||||
#### [Understand Automated investigations](automated-investigations.md)
|
||||
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
|
||||
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
|
||||
|
||||
|
||||
### [Secure score](overview-secure-score.md)
|
||||
|
||||
|
||||
### [Threat analytics](threat-analytics.md)
|
||||
|
||||
|
||||
### [Microsoft Threat Experts](microsoft-threat-experts.md)
|
||||
|
||||
### [Advanced hunting](overview-hunting.md)
|
||||
#### [Query data using Advanced hunting](advanced-hunting.md)
|
||||
|
||||
### [Advanced hunting]()
|
||||
#### [Advanced hunting overview](overview-hunting.md)
|
||||
|
||||
#### [Query data using Advanced hunting]()
|
||||
##### [Data querying basics](advanced-hunting.md)
|
||||
##### [Advanced hunting reference](advanced-hunting-reference.md)
|
||||
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
|
||||
#### [Custom detections](overview-custom-detections.md)
|
||||
|
||||
#### [Custom detections]()
|
||||
##### [Understand custom detection rules](overview-custom-detections.md)
|
||||
##### [Create custom detections rules](custom-detection-rules.md)
|
||||
|
||||
### [Management and APIs](management-apis.md)
|
||||
### [Management and APIs]()
|
||||
#### [Overview of management and APIs](management-apis.md)
|
||||
#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
|
||||
#### [Microsoft Defender ATP APIs](apis-intro.md)
|
||||
#### [Managed security service provider support](mssp-support.md)
|
||||
|
||||
### [Microsoft Threat Protection](threat-protection-integration.md)
|
||||
#### [Protect users, data, and devices with Conditional Access](conditional-access.md)
|
||||
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
|
||||
#### [Information protection in Windows overview](information-protection-in-windows-overview.md)
|
||||
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
|
||||
|
||||
### [Integrations]()
|
||||
#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
|
||||
#### [Conditional Access integration overview](conditional-access.md)
|
||||
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
|
||||
|
||||
#### [Information protection in Windows overview]()
|
||||
##### [Windows integration](information-protection-in-windows-overview.md)
|
||||
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
|
||||
|
||||
|
||||
### [Microsoft Threat Experts](microsoft-threat-experts.md)
|
||||
@ -111,7 +139,8 @@
|
||||
### [Portal overview](portal-overview.md)
|
||||
|
||||
|
||||
## [Get started](get-started.md)
|
||||
|
||||
## [Get started]()
|
||||
### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
|
||||
### [Minimum requirements](minimum-requirements.md)
|
||||
### [Validate licensing and complete setup](licensing.md)
|
||||
@ -119,92 +148,137 @@
|
||||
### [Data storage and privacy](data-storage-privacy.md)
|
||||
### [Assign user access to the portal](assign-portal-access.md)
|
||||
|
||||
### [Evaluate Microsoft Defender ATP](evaluate-atp.md)
|
||||
#### Evaluate attack surface reduction
|
||||
##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
|
||||
##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
|
||||
##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
|
||||
##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
|
||||
##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
|
||||
##### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
|
||||
##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
|
||||
#### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
|
||||
### [Evaluate Microsoft Defender ATP capabilities]()
|
||||
#### [Evaluate attack surface reduction]()
|
||||
|
||||
##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
|
||||
###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
|
||||
###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
|
||||
###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
|
||||
###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
|
||||
###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
|
||||
###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
|
||||
###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
|
||||
##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
|
||||
|
||||
### [Access the Microsoft Defender Security Center Community Center](community.md)
|
||||
|
||||
## [Configure and manage capabilities](onboard.md)
|
||||
## [Configure and manage capabilities]()
|
||||
|
||||
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
|
||||
### Hardware-based isolation
|
||||
|
||||
### [Hardware-based isolation]()
|
||||
#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
|
||||
#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md)
|
||||
|
||||
#### [Application isolation]()
|
||||
##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
|
||||
##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
|
||||
|
||||
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
|
||||
#### Device control
|
||||
|
||||
#### [Device control]()
|
||||
##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
|
||||
##### [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
|
||||
###### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
|
||||
|
||||
##### [Device Guard]()
|
||||
###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
|
||||
|
||||
###### [Memory integrity]()
|
||||
####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
|
||||
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
|
||||
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
|
||||
#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
|
||||
|
||||
#### [Exploit protection]()
|
||||
##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
|
||||
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
|
||||
|
||||
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
|
||||
#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
|
||||
|
||||
#### [Controlled folder access]()
|
||||
##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
|
||||
##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md)
|
||||
#### [Attack surface reduction controls](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
|
||||
|
||||
#### [Attack surface reduction controls]()
|
||||
##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
|
||||
##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
|
||||
|
||||
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
|
||||
|
||||
|
||||
|
||||
### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
|
||||
#### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
||||
### [Configure next generation protection]()
|
||||
#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
|
||||
#### [Utilize Microsoft cloud-delivered protection]()
|
||||
##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
||||
##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
|
||||
##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
|
||||
##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
|
||||
##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
|
||||
##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
|
||||
#### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
|
||||
|
||||
#### [Configure behavioral, heuristic, and real-time protection]()
|
||||
##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
|
||||
##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
|
||||
##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
|
||||
|
||||
#### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
|
||||
#### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
|
||||
|
||||
#### [Antivirus compatibility]()
|
||||
##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
|
||||
##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
|
||||
|
||||
#### [Deploy, manage updates, and report on antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
|
||||
##### [Deploy and enable antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
|
||||
#### [Deploy, manage updates, and report on antivirus]()
|
||||
##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
|
||||
|
||||
##### [Deploy and enable antivirus]()
|
||||
###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
|
||||
###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
|
||||
##### [Report on antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
|
||||
|
||||
##### [Report on antivirus protection]()
|
||||
###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
|
||||
###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md)
|
||||
##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
|
||||
|
||||
##### [Manage updates and apply baselines]()
|
||||
###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
|
||||
###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
|
||||
###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
|
||||
###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
|
||||
###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
|
||||
###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
|
||||
|
||||
#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
#### [Customize, initiate, and review the results of scans and remediation]()
|
||||
##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure and validate exclusions in antivirus scans]()
|
||||
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
||||
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
||||
##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
||||
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
||||
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
|
||||
|
||||
#### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
||||
#### [Manage antivirus in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
|
||||
#### [Manage antivirus in your business]()
|
||||
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
||||
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
||||
##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
||||
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
||||
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
|
||||
#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
#### [Manage scans and remediation]()
|
||||
##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure and validate exclusions in antivirus scans]()
|
||||
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
||||
###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
||||
|
||||
##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
||||
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
||||
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
||||
@ -212,7 +286,9 @@
|
||||
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
||||
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
|
||||
##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
||||
#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
|
||||
#### [Manage next generation protection in your business]()
|
||||
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
||||
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
||||
##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
||||
##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
||||
@ -220,41 +296,56 @@
|
||||
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
||||
|
||||
|
||||
### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
|
||||
### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
|
||||
|
||||
|
||||
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
|
||||
|
||||
### Management and API support
|
||||
#### [Onboard machines](onboard-configure.md)
|
||||
|
||||
### [Endpoint detection and response management and API support]()
|
||||
|
||||
#### [Onboard machines]()
|
||||
##### [Onboarding overview](onboard-configure.md)
|
||||
##### [Onboard previous versions of Windows](onboard-downlevel.md)
|
||||
##### [Onboard Windows 10 machines](configure-endpoints.md)
|
||||
|
||||
##### [Onboard Windows 10 machines]()
|
||||
###### [Ways to onboard](configure-endpoints.md)
|
||||
###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
|
||||
###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
|
||||
###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md)
|
||||
|
||||
###### [Onboard machines using Mobile Device Management tools]()
|
||||
####### [Overview](configure-endpoints-mdm.md)
|
||||
####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
|
||||
###### [Onboard machines using a local script](configure-endpoints-script.md)
|
||||
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
|
||||
|
||||
##### [Onboard servers](configure-server-endpoints.md)
|
||||
##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
|
||||
##### [Onboard machines without Internet access](onboard-offline-machines.md)
|
||||
##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
|
||||
##### [Run simulated attacks on machines](attack-simulations.md)
|
||||
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
|
||||
##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md)
|
||||
|
||||
##### [Troubleshoot onboarding issues]()
|
||||
###### [Troubleshooting basics](troubleshoot-onboarding.md)
|
||||
###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
|
||||
|
||||
|
||||
#### [Microsoft Defender ATP API](use-apis.md)
|
||||
#### [Microsoft Defender ATP API]()
|
||||
##### [Understand Microsoft Defender ATP APIs](use-apis.md)
|
||||
##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
|
||||
##### [Get started with Microsoft Defender ATP APIs](apis-intro.md)
|
||||
|
||||
##### [Get started with Microsoft Defender ATP APIs]()
|
||||
###### [Introduction](apis-intro.md)
|
||||
###### [Hello World](api-hello-world.md)
|
||||
###### [Get access with application context](exposed-apis-create-app-webapp.md)
|
||||
###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
|
||||
##### [APIs](exposed-apis-list.md)
|
||||
|
||||
##### [APIs]()
|
||||
###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md)
|
||||
###### [Advanced Hunting](run-advanced-query-api.md)
|
||||
|
||||
###### [Alert](alerts.md)
|
||||
###### [Alert]()
|
||||
####### [Methods, properties, and JSON representation](alerts.md)
|
||||
####### [List alerts](get-alerts.md)
|
||||
####### [Create alert](create-alert-by-reference.md)
|
||||
####### [Update Alert](update-alert.md)
|
||||
@ -265,7 +356,8 @@
|
||||
####### [Get alert related machine information](get-alert-related-machine-info.md)
|
||||
####### [Get alert related user information](get-alert-related-user-info.md)
|
||||
|
||||
###### [Machine](machine.md)
|
||||
###### [Machine]()
|
||||
####### [Methods and properties](machine.md)
|
||||
####### [List machines](get-machines.md)
|
||||
####### [Get machine by ID](get-machine-by-id.md)
|
||||
####### [Get machine log on users](get-machine-log-on-users.md)
|
||||
@ -273,7 +365,8 @@
|
||||
####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
|
||||
####### [Find machines by IP](find-machines-by-ip.md)
|
||||
|
||||
###### [Machine Action](machineaction.md)
|
||||
###### [Machine Action]()
|
||||
####### [Methods and properties](machineaction.md)
|
||||
####### [List Machine Actions](get-machineactions-collection.md)
|
||||
####### [Get Machine Action](get-machineaction-object.md)
|
||||
####### [Collect investigation package](collect-investigation-package.md)
|
||||
@ -287,45 +380,49 @@
|
||||
####### [Stop and quarantine file](stop-and-quarantine-file.md)
|
||||
####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
|
||||
|
||||
###### [Indicators](ti-indicator.md)
|
||||
###### [Indicators]()
|
||||
####### [Methods and properties](ti-indicator.md)
|
||||
####### [Submit Indicator](post-ti-indicator.md)
|
||||
####### [List Indicators](get-ti-indicators-collection.md)
|
||||
####### [Delete Indicator](delete-ti-indicator-by-id.md)
|
||||
|
||||
###### Domain
|
||||
###### [Domain]()
|
||||
####### [Get domain related alerts](get-domain-related-alerts.md)
|
||||
####### [Get domain related machines](get-domain-related-machines.md)
|
||||
####### [Get domain statistics](get-domain-statistics.md)
|
||||
####### [Is domain seen in organization](is-domain-seen-in-org.md)
|
||||
|
||||
###### [File](files.md)
|
||||
###### [File]()
|
||||
####### [Methods and properties](files.md)
|
||||
####### [Get file information](get-file-information.md)
|
||||
####### [Get file related alerts](get-file-related-alerts.md)
|
||||
####### [Get file related machines](get-file-related-machines.md)
|
||||
####### [Get file statistics](get-file-statistics.md)
|
||||
|
||||
###### IP
|
||||
###### [IP]()
|
||||
####### [Get IP related alerts](get-ip-related-alerts.md)
|
||||
####### [Get IP related machines](get-ip-related-machines.md)
|
||||
####### [Get IP statistics](get-ip-statistics.md)
|
||||
####### [Is IP seen in organization](is-ip-seen-org.md)
|
||||
|
||||
###### [User](user.md)
|
||||
###### [User]()
|
||||
####### [Methods](user.md)
|
||||
####### [Get user related alerts](get-user-related-alerts.md)
|
||||
####### [Get user related machines](get-user-related-machines.md)
|
||||
|
||||
##### How to use APIs - Samples
|
||||
###### Advanced Hunting API
|
||||
##### [How to use APIs - Samples]()
|
||||
###### [Advanced Hunting API]()
|
||||
####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md)
|
||||
####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
|
||||
####### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
|
||||
####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md)
|
||||
###### Multiple APIs
|
||||
|
||||
###### [Multiple APIs]()
|
||||
####### [PowerShell](exposed-apis-full-sample-powershell.md)
|
||||
|
||||
###### [Using OData Queries](exposed-apis-odata-samples.md)
|
||||
|
||||
|
||||
#### API for custom alerts
|
||||
#### [API for custom alerts]()
|
||||
##### [Enable the custom threat intelligence application](enable-custom-ti.md)
|
||||
##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
|
||||
##### [Create custom threat intelligence alerts](custom-ti-api.md)
|
||||
@ -334,8 +431,8 @@
|
||||
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
|
||||
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
|
||||
|
||||
|
||||
#### [Pull alerts to your SIEM tools](configure-siem.md)
|
||||
#### [Pull alerts to your SIEM tools]()
|
||||
##### [Learn about different ways to pull alerts](configure-siem.md)
|
||||
##### [Enable SIEM integration](enable-siem-integration.md)
|
||||
##### [Configure Splunk to pull alerts](configure-splunk.md)
|
||||
##### [Configure HP ArcSight to pull alerts](configure-arcsight.md)
|
||||
@ -343,88 +440,94 @@
|
||||
##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md)
|
||||
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
|
||||
|
||||
|
||||
#### Reporting
|
||||
#### [Reporting]()
|
||||
##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
|
||||
##### [Threat protection reports](threat-protection-reports.md)
|
||||
##### [Machine health and compliance reports](machine-reports.md)
|
||||
|
||||
|
||||
#### Interoperability
|
||||
#### [Interoperability]()
|
||||
##### [Partner applications](partner-applications.md)
|
||||
|
||||
#### [Manage machine configuration](configure-machines.md)
|
||||
#### [Manage machine configuration]()
|
||||
##### [Ensure your machines are configured properly](configure-machines.md)
|
||||
##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
|
||||
##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
|
||||
##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
|
||||
|
||||
#### Role-based access control
|
||||
##### [Manage portal access using RBAC](rbac.md)
|
||||
#### [Role-based access control]()
|
||||
|
||||
##### [Manage portal access using RBAC]()
|
||||
###### [Using RBAC](rbac.md)
|
||||
###### [Create and manage roles](user-roles.md)
|
||||
###### [Create and manage machine groups](machine-groups.md)
|
||||
|
||||
###### [Create and manage machine groups]()
|
||||
####### [Using machine groups](machine-groups.md)
|
||||
####### [Create and manage machine tags](machine-tags.md)
|
||||
|
||||
#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
|
||||
|
||||
### Configure Microsoft Threat Protection integration
|
||||
|
||||
### [Configure Microsoft threat protection integration]()
|
||||
#### [Configure Conditional Access](configure-conditional-access.md)
|
||||
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
|
||||
#### [Configure information protection in Windows](information-protection-in-windows-config.md)
|
||||
|
||||
|
||||
### [Configure Microsoft Defender Security Center settings](preferences-setup.md)
|
||||
#### General
|
||||
### [Configure portal settings]()
|
||||
#### [Set up preferences](preferences-setup.md)
|
||||
|
||||
#### [General]()
|
||||
##### [Update data retention settings](data-retention-settings.md)
|
||||
##### [Configure alert notifications](configure-email-notifications.md)
|
||||
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
|
||||
##### [Enable Secure score security controls](enable-secure-score.md)
|
||||
##### [Configure advanced features](advanced-features.md)
|
||||
|
||||
#### Permissions
|
||||
|
||||
#### [Permissions]()
|
||||
##### [Use basic permissions to access the portal](basic-permissions.md)
|
||||
##### [Manage portal access using RBAC](rbac.md)
|
||||
###### [Create and manage roles](user-roles.md)
|
||||
###### [Create and manage machine groups](machine-groups.md)
|
||||
####### [Create and manage machine tags](machine-tags.md)
|
||||
|
||||
#### APIs
|
||||
|
||||
#### [APIs]()
|
||||
##### [Enable Threat intel](enable-custom-ti.md)
|
||||
##### [Enable SIEM integration](enable-siem-integration.md)
|
||||
|
||||
#### Rules
|
||||
|
||||
#### [Rules]()
|
||||
##### [Manage suppression rules](manage-suppression-rules.md)
|
||||
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
|
||||
##### [Manage indicators](manage-indicators.md)
|
||||
##### [Manage automation file uploads](manage-automation-file-uploads.md)
|
||||
##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
|
||||
|
||||
#### Machine management
|
||||
|
||||
#### [Machine management]()
|
||||
##### [Onboarding machines](onboard-configure.md)
|
||||
##### [Offboarding machines](offboard-machines.md)
|
||||
|
||||
#### [Configure Windows Security app time zone settings](time-settings.md)
|
||||
|
||||
|
||||
#### [Configure time zone settings](time-settings.md)
|
||||
|
||||
|
||||
## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md)
|
||||
### Troubleshoot sensor state
|
||||
|
||||
## [Troubleshoot Microsoft Defender ATP]()
|
||||
|
||||
### [Troubleshoot sensor state]()
|
||||
#### [Check sensor state](check-sensor-status.md)
|
||||
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
|
||||
#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
|
||||
#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
|
||||
#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
|
||||
|
||||
### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
|
||||
|
||||
### [Troubleshoot service issues]()
|
||||
#### [Troubleshooting issues](troubleshoot-mdatp.md)
|
||||
#### [Check service health](service-status.md)
|
||||
|
||||
|
||||
### [Troubleshoot live response issues](troubleshoot-live-response.md)
|
||||
#### [Troubleshoot issues related to live response](troubleshoot-live-response.md)
|
||||
|
||||
### Troubleshoot attack surface reduction
|
||||
### [Troubleshoot attack surface reduction issues]()
|
||||
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
|
||||
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
|
||||
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
|
||||
|
||||
|
||||
### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
|
||||
### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
|
||||
Reference in New Issue
Block a user