deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 14:17:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4501 from MicrosoftDocs/FromPrivateRepo

Browse Source 
From private repo
This commit is contained in:
huypub 2019-07-19 09:12:19 -07:00 committed by GitHub
commit e2da308383
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 1297 additions and 550 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
devices/surface-hub/downloads/Guide-SurfaceHub 2S-Navigation.pptx → devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx
View File

0
devices/surface-hub/downloads/Guide-Surface Hub 2S-Office365.pptx → devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx
View File

0
devices/surface-hub/downloads/Training Guide-SurfaceHub2S-HelpDesk.pdf → devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf
View File

1
devices/surface-hub/install-apps-on-surface-hub.md
View File

@ -12,6 +12,7 @@ ms.author: dansimp
ms.topic: article ms.topic: article
ms.date: 10/23/2018 ms.date: 10/23/2018
ms.localizationpriority: medium ms.localizationpriority: medium
audience: ITPro
--- ---
# Install apps on your Microsoft Surface Hub # Install apps on your Microsoft Surface Hub

51
devices/surface-hub/surface-hub-2s-adoption-kit.md
View File

@ -6,36 +6,47 @@ ms.prod: surface-hub
ms.sitesec: library ms.sitesec: library
author: robmazz author: robmazz
ms.author: robmazz ms.author: robmazz
manager: laurawi
audience: Admin audience: Admin
ms.topic: article ms.topic: article
ms.date: 07/08/2019 ms.date: 07/08/2019
ms.localizationpriority: Normal ms.localizationpriority: Normal
--- ---
# Surface Hub 2S adoption toolkit # Surface Hub 2S adoption toolkit
Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S. Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S.
## Training guides ## Training guides
- Surface Hub adoption toolkit
- Training guide end user - [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf)
- Training guide power user - [Training guide end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf)
- Training guide help desk - [Training guide power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf)
- Training guide Microsoft Teams desktop - [Training guide help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf)
- [Training guide Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx)
[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
## End user guides ## End user guides
- Guide to Navigation on Surface Hub our
- Guide to Office 365 on Surface Hub - [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx)
- Guide to Microsoft Whiteboard on Surface Hub - [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx)
- Guide to Microsoft Teams on Surface Hub - [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx)
- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx)
## Quick reference cards ## Quick reference cards
- Connect your PC
- Join a Teams Meeting - [Connect your PC](downloads/QRCConnectYourPC.pdf)
- Manage a Teams meeting - [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf)
- Navigation basics - [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf)
- Schedule a Teams meeting - [Navigation basics](downloads/QRCNavigationBasics.pdf)
- Start a new Teams meeting - [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf)
- Share or send a file - [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf)
- Sign in to view meetings and files - [Share or send a file](downloads/QRCShareSendFile.pdf)
- Whiteboard advanced - [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf)
- Whiteboard tools - [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf)
- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf)
[Download all user guides and quick reference cards](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)

10
devices/surface-hub/surface-hub-2s-change-history.md
View File

@ -7,6 +7,7 @@ ms.sitesec: library
author: robmazz author: robmazz
ms.author: robmazz ms.author: robmazz
audience: Admin audience: Admin
ms.manager: laurawi
ms.topic: article ms.topic: article
ms.date: 06/20/2019 ms.date: 06/20/2019
ms.localizationpriority: Normal ms.localizationpriority: Normal
@ -16,6 +17,15 @@ ms.localizationpriority: Normal
This topic summarizes new and updated content in the Surface Hub 2S documentation library. This topic summarizes new and updated content in the Surface Hub 2S documentation library.
## July 2019
Changes | Description
|:--- |:--- |
| Reset and recovery for Surface Hub 2S | Added link to Surface recovery website that enables customers to download a recovery image for Surface Hub 2S |
| Surface Hub 2S tech specs | Updated power consumption data |
| Surface Hub 2S Adoption Kit | New |
## June 2019 ## June 2019
Changes | Description Changes | Description

2
devices/surface-hub/surface-hub-2s-recover-reset.md
View File

@ -37,7 +37,7 @@ New in Surface Hub 2S, you can now reinstall the device using a recovery image.
Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app. Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app.
1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32. 1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
2. Download recovery image from the Surface Recovery website onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S. 2. Download recovery image from the [Surface Recovery website](https://support.microsoft.com/en-us/surfacerecoveryimage?devicetype=surfacehub2s) onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins. 3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
![*Use Volume down and power buttons to initiate recovery*](images/sh2-keypad.png) <br> ![*Use Volume down and power buttons to initiate recovery*](images/sh2-keypad.png) <br>

7
devices/surface-hub/surface-hub-2s-techspecs.md
View File

@ -5,6 +5,7 @@ keywords: separate values with commas
ms.prod: surface-hub ms.prod: surface-hub
ms.sitesec: library ms.sitesec: library
author: robmazz author: robmazz
ms.manager: laurawi
ms.author: robmazz ms.author: robmazz
audience: Admin audience: Admin
ms.topic: article ms.topic: article
@ -17,6 +18,7 @@ ms.localizationpriority: Normal
|**Item**|**Details**| |**Item**|**Details**|
|:------ |:--------- | |:------ |:--------- |
|**Dimensions**| 29.2" x 43.2" x 3.0” (741 mm x 1097 mm x 76 mm) | |**Dimensions**| 29.2" x 43.2" x 3.0” (741 mm x 1097 mm x 76 mm) |
|**Shipping dimensions**| 47.64" x 36.89" x 9.92" (1,210 mm x 937 mm x 252 mm)|
|**Weight**| 61.6 lbs. (28 kg) | |**Weight**| 61.6 lbs. (28 kg) |
|**Resolution**| 3840 x 2560 | |**Resolution**| 3840 x 2560 |
|**Display**| PixelSense Display, 3:2 aspect ratio, 10-bit color, 15.5 mm border, anti-glare, IPS LCD | |**Display**| PixelSense Display, 3:2 aspect ratio, 10-bit color, 15.5 mm border, anti-glare, IPS LCD |
@ -31,6 +33,11 @@ ms.localizationpriority: Normal
|**Exterior**| Casing: Precision machined aluminum with mineral-composite resin <br> Color: Platinum <br> Physical Buttons: Power, Volume, Source | |**Exterior**| Casing: Precision machined aluminum with mineral-composite resin <br> Color: Platinum <br> Physical Buttons: Power, Volume, Source |
|**Whats in the box**| One Surface Hub 2S <br> One Surface Hub 2 Pen <br> One Surface Hub 2 Camera <br> 2.5 m AC Power Cable <br> Quick Start Guide | |**Whats in the box**| One Surface Hub 2S <br> One Surface Hub 2 Pen <br> One Surface Hub 2 Camera <br> 2.5 m AC Power Cable <br> Quick Start Guide |
|**Warranty**| 1-year limited hardware warranty | |**Warranty**| 1-year limited hardware warranty |
|**BTU**| 1518 BTU/hr |
|**Input Voltage**| 50/60Hz 110/230v nominal, 90-265v max |
|**Input power, operating**| 445 W (495 W Surge Load) |
|**Input Current**| 5.46 A |
|**Input Power, standby**| 5 W max |
> [!NOTE] > [!NOTE]
> <sup>1</sup> System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. <br> <sup>2</sup> Software license required for some features. Sold separately.<br> > <sup>1</sup> System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. <br> <sup>2</sup> Software license required for some features. Sold separately.<br>

2
windows/client-management/mdm/TOC.md
View File

@ -55,6 +55,8 @@
### [AllJoynManagement CSP](alljoynmanagement-csp.md) ### [AllJoynManagement CSP](alljoynmanagement-csp.md)
#### [AllJoynManagement DDF](alljoynmanagement-ddf.md) #### [AllJoynManagement DDF](alljoynmanagement-ddf.md)
### [APPLICATION CSP](application-csp.md) ### [APPLICATION CSP](application-csp.md)
### [ApplicationControl CSP](applicationcontrol-csp.md)
#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md)
### [AppLocker CSP](applocker-csp.md) ### [AppLocker CSP](applocker-csp.md)
#### [AppLocker DDF file](applocker-ddf-file.md) #### [AppLocker DDF file](applocker-ddf-file.md)
#### [AppLocker XSD](applocker-xsd.md) #### [AppLocker XSD](applocker-xsd.md)

274
windows/client-management/mdm/applicationcontrol-csp-ddf.md Normal file
View File

@ -0,0 +1,274 @@
---
title: ApplicationControl CSP
description: ApplicationControl CSP
ms.author: dansimp@microsoft.com
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
ms.date: 07/10/2019
---
# ApplicationControl CSP DDF
This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
### ApplicationControl CSP
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>ApplicationControl</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Root Node of the ApplicationControl CSP</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Policies</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Beginning of a Subtree that contains all policies.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFTitle>Policies</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName></NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The GUID of the Policy</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrMore />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Policy GUID</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Policy</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<Description>The policy binary encoded as base64</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Policy</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PolicyInfo</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Information Describing the Policy indicated by the GUID</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>PolicyInfo</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Version</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Version of the Policy indicated by the GUID, as a string. When parsing use a uint64 as the containing data type</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Version</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IsEffective</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Whether the Policy indicated by the GUID is Effective on the system (loaded by the enforcement engine and in effect)</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>IsEffective</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IsDeployed</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Whether the Policy indicated by the GUID is deployed on the system (on the physical machine)</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>IsDeployed</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IsAuthorized</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system </Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>IsAuthorized</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The Current Status of the Policy Indicated by the Policy GUID</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Status</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FriendlyName</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The FriendlyName of the Policy Indicated by the Policy GUID</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>FriendlyName</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</Node>
</Node>
</MgmtTree>
```

236
windows/client-management/mdm/applicationcontrol-csp.md Normal file
View File

@ -0,0 +1,236 @@
---
title: ApplicationControl CSP
description: ApplicationControl CSP
ms.author: dansimp@microsoft.com
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
ms.date: 05/21/2019
---
# ApplicationControl CSP
Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using AppLocker CSPs CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only.
ApplicationControl CSP was added in Windows 10, version 1903.
The following diagram shows ApplicationControl CSP in tree format.
![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png)
<a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl**
Defines the root node for ApplicationControl CSP.
Scope is permanent. Supported operation is Get.
<a href="" id="applicationcontrol-policies"></a>**ApplicationControl/Policies**
An interior node that contains all the policies, each identified by their globally unique identifier (GUID).
Scope is permanent. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid"></a>**ApplicationControl/Policies/_Policy GUID_**
ApplicationControl CSP enforces that the “ID” segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node.
Scope is dynamic. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid-policy"></a>**ApplicationControl/Policies/_Policy GUID_/Policy**
This node is the policy binary itself, which is encoded as base64.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is b64. Supported value is any well-formed WDAC policy, i.e. the base64-encoded content output by the ConvertFrom-CIPolicy cmdlet.
Default value is empty.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo**
An interior node that contains the nodes that describe the policy indicated by the GUID.
Scope is dynamic. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-version"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version**
This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing use a uint64 as the containing data type.
Scope is dynamic. Supported operation is Get.
Value type is char.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-iseffective"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective**
This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
- True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system.
- False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-isdeployed"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed**
This node specifies whether a policy is deployed on the system and is present on the physical machine.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
- True — Indicates that the policy is deployed on the system and is present on the physical machine.
- False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-isauthorized"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized**
This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
- True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
- False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default.
The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes:
|IsAuthorized | IsDeployed | IsEffective | Resultant |
|------------ | ---------- | ----------- | --------- |
|True|True|True|Policy is currently running and in effect.|
|True|True|False|Policy requires a reboot to take effect.|
|True|False|True|Policy requires a reboot to unload from CI.|
|False|True|True|Not Reachable.|
|True|False|False|*Not Reachable.|
|False|True|False|*Not Reachable.|
|False|False|True|Not Reachable.|
|False|False|False|*Not Reachable.|
`*` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-status"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status**
This node specifies whether the deployment of the policy indicated by the GUID was successful.
Scope is dynamic. Supported operation is Get.
Value type is integer. Default value is 0 == OK.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-friendlyname"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName**
This node provides the friendly name of the policy indicated by the policy GUID.
Scope is dynamic. Supported operation is Get.
Value type is char.
## Usage guidance
To use ApplicationControl CSP, you must:
- Know a generated policys GUID, which can be found in the policy xml as `<PolicyTypeID>`.
- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool.
Here is a sample certutil invocation:
```
certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
```
An alternative to using certutil would be to use the following PowerShell invocation:
```
[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
```
If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI
functionality to apply the Code Integrity policy.
### Deploy policies
To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.
To deploy base policy and supplemental policies:
- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy.
- Repeat for each base or supplemental policy (with its own GUID and data).
The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD).
**Example 1: Add first base policy**
```xml
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{Base1GUID}/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
</Meta>
<Data> {Base1Data} </Data>
</Item>
</Add>
```
**Example 2: Add second base policy**
```xml
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{Base2GUID}/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
</Meta>
<Data> {Base2Data} </Data>
</Item>
</Add>
```
**Example 3: Add supplemental policy**
```xml
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{Supplemental1GUID}/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
</Meta>
<Data> {Supplemental1Data} </Data>
</Item>
</Add>
```
### Get policies
Perform a GET using a deployed policys GUID to interrogate/inspect the policy itself or information about it.
The following table displays the result of Get operation on different nodes:
|Nodes | Get Results|
|------------- | ------|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy|raw p7b|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version|Policy version|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective|Is the policy in effect|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed|Is the policy on the system|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized|Is the policy authorized on the system|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy|
The following is an example of Get command:
```xml
<Get>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy</LocURI>
</Target>
</Item>
</Get>
```
### Delete policies
To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**.
> [!Note]
> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy.
To delete a signed policy:
1. Replace it with a signed update allowing unsigned policy.
2. Deploy another update with unsigned policy.
3. Perform delete.
The following is an example of Delete command:
```xml
<Delete>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy</LocURI>
</Target>
</Item>
</Delete>
```

28
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -172,6 +172,34 @@ Additional lists:
<!--EndSKU--> <!--EndSKU-->
<!--EndCSP--> <!--EndCSP-->
<!--StartCSP-->
[ApplicationControl CSP](applicationcontrol-csp.md)
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP--> <!--StartCSP-->
[AppLocker CSP](applocker-csp.md) [AppLocker CSP](applocker-csp.md)

BIN
windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

5
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -142,6 +142,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top"><a href="enrollmentstatustracking-csp.md" data-raw-source="[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)">EnrollmentStatusTracking CSP</a></td> <td style="vertical-align:top"><a href="enrollmentstatustracking-csp.md" data-raw-source="[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)">EnrollmentStatusTracking CSP</a></td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p> <td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
</td></tr> </td></tr>
<tr>
<td style="vertical-align:top"><a href="applicationcontrol-csp.md" data-raw-source="[ApplicationControl CSP](applicationcontrol-csp.md)">ApplicationControl CSP</a></td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
</td></tr>
</tbody> </tbody>
</table> </table>
@ -1887,6 +1891,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|New or updated topic | Description| |New or updated topic | Description|
|--- | ---| |--- | ---|
|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider| |Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider|

3
windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
View File

@ -52,6 +52,9 @@ The trust model determines how you want users to authenticate to the on-premises
* The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. * The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today.
* The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers. * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
>[!NOTE]
>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this time.
Following are the various deployment guides included in this topic: Following are the various deployment guides included in this topic:
- [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md) - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
- [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md) - [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md)

3
windows/security/identity-protection/hello-for-business/hello-faq.md
View File

@ -27,6 +27,9 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10.
## What about convenience PIN? ## What about convenience PIN?
Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business.
## Can I use Windows Hello for Business key trust and RDP?
RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments.
## Can I deploy Windows Hello for Business using System Center Configuration Manager? ## Can I deploy Windows Hello for Business using System Center Configuration Manager?
Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018. Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018.

4
windows/security/identity-protection/hello-for-business/hello-overview.md
View File

@ -98,7 +98,9 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md).
## Comparing key-based and certificate-based authentication ## Comparing key-based and certificate-based authentication
Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments.
## Learn more ## Learn more

3
windows/security/identity-protection/hello-for-business/hello-planning-guide.md
View File

@ -80,6 +80,9 @@ The key trust type does not require issuing authentication certificates to end u
The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller. The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
>[!NOTE]
>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this tim
#### Device registration #### Device registration
All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. For cloud only and hybrid deployment, the identity provider is Azure Active Directory. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role. All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. For cloud only and hybrid deployment, the identity provider is Azure Active Directory. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role.

837
windows/security/threat-protection/TOC.md
View File

@ -1,436 +1,493 @@
# [Threat protection](index.md) # [Threat protection](index.md)
## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) ## [Overview]()
### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md)
### [Attack surface reduction]()
#### [Hardware-based isolation]()
##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
### [Overview](microsoft-defender-atp/overview.md) ##### [Application isolation]()
#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) ###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md) ###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md)
####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
##### [Incidents queue](microsoft-defender-atp/incidents-queue.md) ##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
#### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
#### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
#### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
#### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
##### Alerts queue ### [Endpoint detection and response]()
###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md) #### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
###### [Manage alerts](microsoft-defender-atp/manage-alerts.md) #### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
###### [Investigate files](microsoft-defender-atp/investigate-files.md)
###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
##### Machines list #### [Incidents queue]()
###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) ##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) ##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) ##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline)
####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
#### [Alerts queue]()
##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
##### [Investigate files](microsoft-defender-atp/investigate-files.md)
##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
##### [Take response actions](microsoft-defender-atp/response-actions.md) #### [Machines list]()
###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md) ##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) ##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) ##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) ##### [Machine timeline]()
####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) ###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline)
####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) ###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
#### [Take response actions]()
##### [Take response actions on a machine]()
###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center) ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md) ##### [Take response actions on a file]()
####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) ###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) ###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) ###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) ###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) ###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) ###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) ###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) ###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) ####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md) ##### [Investigate entities using Live response]()
#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md) ###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) ### [Automated investigation and remediation]()
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) #### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) #####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
### [Secure score](microsoft-defender-atp/overview-secure-score.md)
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
#### [Secure score](microsoft-defender-atp/overview-secure-score.md) ### [Advanced hunting]()
#### [Threat analytics](microsoft-defender-atp/threat-analytics.md) #### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md)
#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md) #### [Custom detections]()
##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) ##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) ##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md)
###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
#### [Management and APIs]()
##### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
#### [Management and APIs](microsoft-defender-atp/management-apis.md)
##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) ##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md) ##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md) #### [Integrations]()
##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) ##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md) ##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md)
###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) #### [Information protection in Windows overview]()
##### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
### [Portal overview](microsoft-defender-atp/portal-overview.md)
## [Get started]()
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
### [Preview features](microsoft-defender-atp/preview.md)
### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) ### [Evaluate Microsoft Defender ATP]()
#### [Attack surface reduction and next-generation capability evaluation]()
##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
#### [Portal overview](microsoft-defender-atp/portal-overview.md) ##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
### [Get started](microsoft-defender-atp/get-started.md) ##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) ##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
#### [Preview features](microsoft-defender-atp/preview.md)
#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md)
#####Evaluate attack surface reduction
###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md) ##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) ### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
### [Configure and manage capabilities](microsoft-defender-atp/onboard.md) ## [Configure and manage capabilities]()
#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md) ### [Configure attack surface reduction]()
#####Hardware-based isolation #### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### Device control
###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
###### [Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
####### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md)
######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
#### [Hardware-based isolation]()
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
##### [Application isolation]()
###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) #### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) #### [Device control]()
###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md) ##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) ##### [Device Guard]()
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Memory integrity]()
####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) ####### [Understand memory integrity](windows-defender-exploit-guard/memory-integrity.md)
###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) #### [Exploit protection]()
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Enable exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) ##### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
#### [Attack surface reduction controls]()
##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
### [Configure next generation protection]()
#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
##### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection]()
##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
#### [Antivirus compatibility]()
##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
#### [Deploy, manage updates, and report on antivirus]()
##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
##### [Report on antivirus protection]()
###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
##### [Manage updates and apply baselines]()
###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
#### [Customize, initiate, and review the results of scans and remediation]()
##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage antivirus in your business]()
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage scans and remediation]()
##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) ##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) #### [Manage next generation protection in your business]()
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) ##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) ### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ### [Management and API support]()
###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) #### [Onboard devices to the service]()
###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) ##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) ##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) ##### [Onboard Windows 10 machines]()
###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
###### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
##### [Troubleshoot onboarding issues]()
###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
#### [Microsoft Defender ATP API]()
##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
##### [Get started with Microsoft Defender ATP APIs]()
###### [Introduction](microsoft-defender-atp/apis-intro.md)
###### [Hello World](microsoft-defender-atp/api-hello-world.md)
###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
##### [APIs]()
###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md)
###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
###### [Alert]()
####### [Alert methods and properties](microsoft-defender-atp/alerts.md)
####### [List alerts](microsoft-defender-atp/get-alerts.md)
####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
####### [Update Alert](microsoft-defender-atp/update-alert.md)
####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
####### [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
####### [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
####### [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
###### [Machine]()
####### [Machine methods and properties](microsoft-defender-atp/machine.md)
####### [List machines](microsoft-defender-atp/get-machines.md)
####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
###### [Machine Action]()
####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md)
####### [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
####### [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
####### [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
####### [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
####### [Isolate machine](microsoft-defender-atp/isolate-machine.md)
####### [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
####### [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
####### [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
###### [Indicators]()
####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
###### [Domain]()
####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
###### [File]()
####### [File methods and properties](microsoft-defender-atp/files.md)
####### [Get file information](microsoft-defender-atp/get-file-information.md)
####### [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
####### [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
####### [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
###### [IP]()
####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
###### [User]()
####### [User methods](microsoft-defender-atp/user.md)
####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
##### [How to use APIs - Samples]()
###### [Advanced Hunting API]()
####### [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
####### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
####### [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
####### [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
###### [Multiple APIs]()
####### [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
#### [Windows updates (KB) info]()
##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
#### [API for custom alerts (Deprecated)]()
##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
#### [Pull alerts to your SIEM tools]()
##### [Learn about different ways to pull alerts](microsoft-defender-atp/configure-siem.md)
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
##### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
##### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
##### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
##### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
#### [Reporting]()
##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
#### [Interoperability]()
##### [Partner applications](microsoft-defender-atp/partner-applications.md)
#### [Role-based access control]()
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
##### [Create and manage machine groups]()
###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
### [Configure Microsoft threat protection integration]()
#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
### [Configure portal settings]()
#### [General]()
##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
#### [Permissions]()
##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
#### [APIs]()
##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
#### [Rules]()
##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
#### [Machine management]()
##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) ## [Troubleshoot Microsoft Defender ATP]()
### [Troubleshoot sensor state]()
#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
### [Troubleshoot Microsoft Defender ATP service issues]()
#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
#### [Check service health](microsoft-defender-atp/service-status.md)
### [Troubleshoot live response issues]()
#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
### [Troubleshoot attack surface reduction]()
#### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
#### Management and API support
##### [Onboard machines](microsoft-defender-atp/onboard-configure.md)
###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md)
####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md)
####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md)
###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
####### [Hello World](microsoft-defender-atp/api-hello-world.md)
####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
###### [APIs](microsoft-defender-atp/exposed-apis-list.md)
####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
####### [Alert](microsoft-defender-atp/alerts.md)
######## [List alerts](microsoft-defender-atp/get-alerts.md)
######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
######## [Update Alert](microsoft-defender-atp/update-alert.md)
######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
####### [Machine](microsoft-defender-atp/machine.md)
######## [List machines](microsoft-defender-atp/get-machines.md)
######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
####### [Machine Action](microsoft-defender-atp/machineaction.md)
######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
######## [Isolate machine](microsoft-defender-atp/isolate-machine.md)
######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
####### [Indicators](microsoft-defender-atp/ti-indicator.md)
######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
####### Domain
######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
####### [File](microsoft-defender-atp/files.md)
######## [Get file information](microsoft-defender-atp/get-file-information.md)
######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
####### IP
######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
####### [User](microsoft-defender-atp/user.md)
######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
###### How to use APIs - Samples
####### Advanced Hunting API
######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
####### Multiple APIs
######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
#####Windows updates (KB) info
###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
#####Common Vulnerabilities and Exposures (CVE) to KB map
###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
##### API for custom alerts (Deprecated)
###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md)
###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
##### Reporting
###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
##### Interoperability
###### [Partner applications](microsoft-defender-atp/partner-applications.md)
##### Role-based access control
###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
#### Configure Microsoft threat protection integration
##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md)
##### General
###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
###### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
##### Permissions
###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
##### APIs
###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
#####Rules
###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
###### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
#####Machine management
###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md)
####Troubleshoot sensor state
##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
##### [Check service health](microsoft-defender-atp/service-status.md)
#### [Troubleshoot live response issues](microsoft-defender-atp/troubleshoot-live-response.md)
##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
####Troubleshoot attack surface reduction
##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
## [Security intelligence](intelligence/index.md) ## [Security intelligence](intelligence/index.md)
### [Understand malware & other threats](intelligence/understanding-malware.md) ### [Understand malware & other threats](intelligence/understanding-malware.md)

5
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
View File

@ -1,5 +1,5 @@
--- ---
title: Onboard Windows 10 machines on Microsoft Defender ATP title: Onboarding tools and methods for Windows 10 machines
description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
search.product: eADQiWindows 10XVcnh search.product: eADQiWindows 10XVcnh
@ -15,10 +15,9 @@ manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: conceptual ms.topic: conceptual
ms.date: 07/12/2018
--- ---
# Onboard Windows 10 machines # Onboarding tools and methods for Windows 10 machines
**Applies to:** **Applies to:**

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: procedural ms.topic: article
--- ---
# Optimize ASR rule deployment and detections # Optimize ASR rule deployment and detections

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: procedural ms.topic: article
--- ---
# Get machines onboarded to Microsoft Defender ATP # Get machines onboarded to Microsoft Defender ATP

5
windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: procedural ms.topic: article
--- ---
# Increase compliance to the Microsoft Defender ATP security baseline # Increase compliance to the Microsoft Defender ATP security baseline
@ -41,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended
Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
>[!NOTE]
>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
## Get permissions to manage security baselines in Intune ## Get permissions to manage security baselines in Intune
By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you havent been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group. By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you havent been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group.

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp manager: dansimp
audience: ITPro audience: ITPro
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: procedural ms.topic: conceptual
--- ---
# Ensure your machines are configured properly # Ensure your machines are configured properly

BIN
windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 81 KiB

After

Width:  |  Height:  |  Size: 91 KiB

18
windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
View File

@ -109,7 +109,7 @@ To see a full page view of an alert including incident graph and process tree, s
The **Timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This can help you correlate any events, files, and IP addresses in relation to the machine. The **Timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This can help you correlate any events, files, and IP addresses in relation to the machine.
Timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns. The timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns.
>[!NOTE] >[!NOTE]
> For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection). > For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection).
@ -131,15 +131,15 @@ Some of the functionality includes:
- Export detailed machine timeline events - Export detailed machine timeline events
- Export the machine timeline for the current date or a specified date range up to seven days. - Export the machine timeline for the current date or a specified date range up to seven days.
Along with event time and users, one of the main categories on the timeline is "Details". They describe what happened in the events. The list of possible details are: More details about certain events are provided in the **Additional information** section. These details vary depending on the type of event, for example:
- Contained by Application Guard - Contained by Application Guard - the web browser event was restricted by an isolated container
- Active threat detected - when the detection happened, the threat was executing (i.e. it was running) - Active threat detected - the threat detection occurred while the threat was running
- Remediation unsuccessful - remediation was invoked but failed - Remediation unsuccessful - an attempt to remediate the detected threat was invoked but failed
- Remediation successful - the threat was stopped and cleaned up - Remediation successful - the detected threat was stopped and cleaned
- Warning bypassed by user - SmartScreen warning appeared but the user dismissed it - Warning bypassed by user - the SmartScreen warning was dismissed and overridden by a user
- Suspicious script detected - Suspicious script detected - a potentially malicious script was found running
- Alert category (e.g. lateral movement)- if the event is correlated to an alert, the tag will show the alert category - The alert category - if the event led to the generation of an alert, the alert category ("Lateral Movement", for example) is provided
You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine. You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.

335
windows/security/threat-protection/microsoft-defender-atp/TOC.md → windows/security/threat-protection/microsoft-defender-atp/oldTOC.md
View File

@ -1,7 +1,9 @@
# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md) # [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
## [Overview](overview.md) ## [Overview]()
### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) ### [Overview of Microsoft Defender ATP capabilities](overview.md)
### [Threat & Vulnerability Management]()
#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md) #### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
#### [Exposure score](tvm-exposure-score.md) #### [Exposure score](tvm-exposure-score.md)
#### [Configuration score](configuration-score.md) #### [Configuration score](configuration-score.md)
@ -12,29 +14,39 @@
#### [Scenarios](threat-and-vuln-mgt-scenarios.md) #### [Scenarios](threat-and-vuln-mgt-scenarios.md)
### [Attack surface reduction](overview-attack-surface-reduction.md) ### [Attack surface reduction]()
#### [Hardware-based isolation](overview-hardware-based-isolation.md) #### [Hardware-based isolation]()
##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md) ##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
##### [Application isolation]()
###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md) ###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) ##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
#### [Application control]()
##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
#### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) #### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md)
#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md) #### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) #### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
### [Endpoint detection and response](overview-endpoint-detection-response.md)
### [Endpoint detection and response]()
#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
#### [Security operations dashboard](security-operations-dashboard.md) #### [Security operations dashboard](security-operations-dashboard.md)
#### [Incidents queue]()
#### [Incidents queue](incidents-queue.md)
##### [View and organize the Incidents queue](view-incidents-queue.md) ##### [View and organize the Incidents queue](view-incidents-queue.md)
##### [Manage incidents](manage-incidents.md) ##### [Manage incidents](manage-incidents.md)
##### [Investigate incidents](investigate-incidents.md) ##### [Investigate incidents](investigate-incidents.md)
#### [Alerts queue]()
#### Alerts queue
##### [View and organize the Alerts queue](alerts-queue.md) ##### [View and organize the Alerts queue](alerts-queue.md)
##### [Manage alerts](manage-alerts.md) ##### [Manage alerts](manage-alerts.md)
##### [Investigate alerts](investigate-alerts.md) ##### [Investigate alerts](investigate-alerts.md)
@ -44,16 +56,18 @@
##### [Investigate a domain](investigate-domain.md) ##### [Investigate a domain](investigate-domain.md)
##### [Investigate a user account](investigate-user.md) ##### [Investigate a user account](investigate-user.md)
#### [Machines list](machines-view-overview.md) #### [Machines list]()
##### [Investigate machines](investigate-machines.md#machine-timeline) ##### [View and organize the Machines list](machines-view-overview.md)
##### [Investigate machines]()
###### [Machine details](investigate-machines.md#machine-details) ###### [Machine details](investigate-machines.md#machine-details)
###### [Response actions](investigate-machines.md#response-actions) ###### [Response actions](investigate-machines.md#response-actions)
###### [Cards](investigate-machines.md#cards) ###### [Cards](investigate-machines.md#cards)
###### [Tabs](investigate-machines.md#tabs) ###### [Tabs](investigate-machines.md#tabs)
#### [Take response actions]()
#### [Take response actions](response-actions.md) ##### [Take response actions on a machine]()
##### [Take response actions on a machine](respond-machine-alerts.md) ###### [Understand response actions](respond-machine-alerts.md)
###### [Manage tags](respond-machine-alerts.md#manage-tags) ###### [Manage tags](respond-machine-alerts.md#manage-tags)
###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation) ###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session) ###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
@ -63,46 +77,60 @@
###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) ###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center) ###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
##### [Take response actions on a file](respond-file-alerts.md) ##### [Take response actions on a file]()
###### [Understand response actions](respond-file-alerts.md)
###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network) ###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine) ###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network) ###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center)
###### [Deep analysis](respond-file-alerts.md#deep-analysis) ###### [Deep analysis](respond-file-alerts.md#deep-analysis)
##### [Live response]()
##### [Investigate entities using Live response](live-response.md) ###### [Investigate entities on machines](live-response.md)
###### [Live response command examples](live-response-command-examples.md) ###### [Live response command examples](live-response-command-examples.md)
### [Automated investigation and remediation](automated-investigations.md)
### [Automated investigation and remediation]()
#### [Understand Automated investigations](automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) #### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Secure score](overview-secure-score.md) ### [Secure score](overview-secure-score.md)
### [Threat analytics](threat-analytics.md) ### [Threat analytics](threat-analytics.md)
### [Microsoft Threat Experts](microsoft-threat-experts.md) ### [Microsoft Threat Experts](microsoft-threat-experts.md)
### [Advanced hunting](overview-hunting.md)
#### [Query data using Advanced hunting](advanced-hunting.md) ### [Advanced hunting]()
#### [Advanced hunting overview](overview-hunting.md)
#### [Query data using Advanced hunting]()
##### [Data querying basics](advanced-hunting.md)
##### [Advanced hunting reference](advanced-hunting-reference.md) ##### [Advanced hunting reference](advanced-hunting-reference.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md) ##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
#### [Custom detections](overview-custom-detections.md)
#### [Custom detections]()
##### [Understand custom detection rules](overview-custom-detections.md)
##### [Create custom detections rules](custom-detection-rules.md) ##### [Create custom detections rules](custom-detection-rules.md)
### [Management and APIs](management-apis.md) ### [Management and APIs]()
#### [Overview of management and APIs](management-apis.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts.md) #### [Understand threat intelligence concepts](threat-indicator-concepts.md)
#### [Microsoft Defender ATP APIs](apis-intro.md) #### [Microsoft Defender ATP APIs](apis-intro.md)
#### [Managed security service provider support](mssp-support.md) #### [Managed security service provider support](mssp-support.md)
### [Microsoft Threat Protection](threat-protection-integration.md)
#### [Protect users, data, and devices with Conditional Access](conditional-access.md)
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
#### [Information protection in Windows overview](information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
### [Integrations]()
#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
#### [Conditional Access integration overview](conditional-access.md)
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
#### [Information protection in Windows overview]()
##### [Windows integration](information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
### [Microsoft Threat Experts](microsoft-threat-experts.md) ### [Microsoft Threat Experts](microsoft-threat-experts.md)
@ -111,7 +139,8 @@
### [Portal overview](portal-overview.md) ### [Portal overview](portal-overview.md)
## [Get started](get-started.md)
## [Get started]()
### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md) ### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
### [Minimum requirements](minimum-requirements.md) ### [Minimum requirements](minimum-requirements.md)
### [Validate licensing and complete setup](licensing.md) ### [Validate licensing and complete setup](licensing.md)
@ -119,92 +148,137 @@
### [Data storage and privacy](data-storage-privacy.md) ### [Data storage and privacy](data-storage-privacy.md)
### [Assign user access to the portal](assign-portal-access.md) ### [Assign user access to the portal](assign-portal-access.md)
### [Evaluate Microsoft Defender ATP](evaluate-atp.md) ### [Evaluate Microsoft Defender ATP capabilities]()
#### Evaluate attack surface reduction #### [Evaluate attack surface reduction]()
##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md) ##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md) ###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md) ###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) ###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
##### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) ###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) ###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
#### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) ###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
### [Access the Microsoft Defender Security Center Community Center](community.md) ### [Access the Microsoft Defender Security Center Community Center](community.md)
## [Configure and manage capabilities](onboard.md) ## [Configure and manage capabilities]()
### [Configure attack surface reduction](configure-attack-surface-reduction.md) ### [Configure attack surface reduction](configure-attack-surface-reduction.md)
### Hardware-based isolation
### [Hardware-based isolation]()
#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) #### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md)
#### [Application isolation]()
##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) ##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md) #### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
#### Device control
#### [Device control]()
##### [Control USB devices](../device-control/control-usb-devices-using-intune.md) ##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
##### [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
###### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md) ##### [Device Guard]()
###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
###### [Memory integrity]()
####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) ####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) ####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
#### [Exploit protection]()
##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) ##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md) #### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
#### [Controlled folder access]()
##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md) ##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md)
#### [Attack surface reduction controls](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
#### [Attack surface reduction controls]()
##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
### [Configure next generation protection]()
### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) #### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
#### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) #### [Utilize Microsoft cloud-delivered protection]()
##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) ##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) ##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) ##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) ##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) ##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection]()
##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) ##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) ##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
#### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) #### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
#### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
#### [Antivirus compatibility]()
##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) ##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
#### [Deploy, manage updates, and report on antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) #### [Deploy, manage updates, and report on antivirus]()
##### [Deploy and enable antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md) ##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
##### [Deploy and enable antivirus]()
###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) ###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
##### [Report on antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
##### [Report on antivirus protection]()
###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md) ###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md)
##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
##### [Manage updates and apply baselines]()
###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) ###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) ###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) ###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) ###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) ###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) #### [Customize, initiate, and review the results of scans and remediation]()
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) ###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md) ##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
#### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) #### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage antivirus in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
#### [Manage antivirus in your business]()
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) ##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) ##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) ##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) #### [Manage scans and remediation]()
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) ###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
@ -212,7 +286,9 @@
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) ##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
#### [Manage next generation protection in your business]()
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) ##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
@ -222,39 +298,54 @@
### [Configure Secure score dashboard security controls](secure-score-dashboard.md) ### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) ### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
### Management and API support
#### [Onboard machines](onboard-configure.md) ### [Endpoint detection and response management and API support]()
#### [Onboard machines]()
##### [Onboarding overview](onboard-configure.md)
##### [Onboard previous versions of Windows](onboard-downlevel.md) ##### [Onboard previous versions of Windows](onboard-downlevel.md)
##### [Onboard Windows 10 machines](configure-endpoints.md)
##### [Onboard Windows 10 machines]()
###### [Ways to onboard](configure-endpoints.md)
###### [Onboard machines using Group Policy](configure-endpoints-gp.md) ###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md) ###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md)
###### [Onboard machines using Mobile Device Management tools]()
####### [Overview](configure-endpoints-mdm.md)
####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) ####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
###### [Onboard machines using a local script](configure-endpoints-script.md) ###### [Onboard machines using a local script](configure-endpoints-script.md)
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) ###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
##### [Onboard servers](configure-server-endpoints.md) ##### [Onboard servers](configure-server-endpoints.md)
##### [Onboard non-Windows machines](configure-endpoints-non-windows.md) ##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
##### [Onboard machines without Internet access](onboard-offline-machines.md) ##### [Onboard machines without Internet access](onboard-offline-machines.md)
##### [Run a detection test on a newly onboarded machine](run-detection-test.md) ##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
##### [Run simulated attacks on machines](attack-simulations.md) ##### [Run simulated attacks on machines](attack-simulations.md)
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) ##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md)
##### [Troubleshoot onboarding issues]()
###### [Troubleshooting basics](troubleshoot-onboarding.md)
###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md) ###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
#### [Microsoft Defender ATP API]()
#### [Microsoft Defender ATP API](use-apis.md) ##### [Understand Microsoft Defender ATP APIs](use-apis.md)
##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md) ##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
##### [Get started with Microsoft Defender ATP APIs](apis-intro.md)
##### [Get started with Microsoft Defender ATP APIs]()
###### [Introduction](apis-intro.md)
###### [Hello World](api-hello-world.md) ###### [Hello World](api-hello-world.md)
###### [Get access with application context](exposed-apis-create-app-webapp.md) ###### [Get access with application context](exposed-apis-create-app-webapp.md)
###### [Get access with user context](exposed-apis-create-app-nativeapp.md) ###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
##### [APIs](exposed-apis-list.md)
##### [APIs]()
###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md)
###### [Advanced Hunting](run-advanced-query-api.md) ###### [Advanced Hunting](run-advanced-query-api.md)
###### [Alert](alerts.md) ###### [Alert]()
####### [Methods, properties, and JSON representation](alerts.md)
####### [List alerts](get-alerts.md) ####### [List alerts](get-alerts.md)
####### [Create alert](create-alert-by-reference.md) ####### [Create alert](create-alert-by-reference.md)
####### [Update Alert](update-alert.md) ####### [Update Alert](update-alert.md)
@ -265,7 +356,8 @@
####### [Get alert related machine information](get-alert-related-machine-info.md) ####### [Get alert related machine information](get-alert-related-machine-info.md)
####### [Get alert related user information](get-alert-related-user-info.md) ####### [Get alert related user information](get-alert-related-user-info.md)
###### [Machine](machine.md) ###### [Machine]()
####### [Methods and properties](machine.md)
####### [List machines](get-machines.md) ####### [List machines](get-machines.md)
####### [Get machine by ID](get-machine-by-id.md) ####### [Get machine by ID](get-machine-by-id.md)
####### [Get machine log on users](get-machine-log-on-users.md) ####### [Get machine log on users](get-machine-log-on-users.md)
@ -273,7 +365,8 @@
####### [Add or Remove machine tags](add-or-remove-machine-tags.md) ####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
####### [Find machines by IP](find-machines-by-ip.md) ####### [Find machines by IP](find-machines-by-ip.md)
###### [Machine Action](machineaction.md) ###### [Machine Action]()
####### [Methods and properties](machineaction.md)
####### [List Machine Actions](get-machineactions-collection.md) ####### [List Machine Actions](get-machineactions-collection.md)
####### [Get Machine Action](get-machineaction-object.md) ####### [Get Machine Action](get-machineaction-object.md)
####### [Collect investigation package](collect-investigation-package.md) ####### [Collect investigation package](collect-investigation-package.md)
@ -287,45 +380,49 @@
####### [Stop and quarantine file](stop-and-quarantine-file.md) ####### [Stop and quarantine file](stop-and-quarantine-file.md)
####### [Initiate investigation (preview)](initiate-autoir-investigation.md) ####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
###### [Indicators](ti-indicator.md) ###### [Indicators]()
####### [Methods and properties](ti-indicator.md)
####### [Submit Indicator](post-ti-indicator.md) ####### [Submit Indicator](post-ti-indicator.md)
####### [List Indicators](get-ti-indicators-collection.md) ####### [List Indicators](get-ti-indicators-collection.md)
####### [Delete Indicator](delete-ti-indicator-by-id.md) ####### [Delete Indicator](delete-ti-indicator-by-id.md)
###### Domain ###### [Domain]()
####### [Get domain related alerts](get-domain-related-alerts.md) ####### [Get domain related alerts](get-domain-related-alerts.md)
####### [Get domain related machines](get-domain-related-machines.md) ####### [Get domain related machines](get-domain-related-machines.md)
####### [Get domain statistics](get-domain-statistics.md) ####### [Get domain statistics](get-domain-statistics.md)
####### [Is domain seen in organization](is-domain-seen-in-org.md) ####### [Is domain seen in organization](is-domain-seen-in-org.md)
###### [File](files.md) ###### [File]()
####### [Methods and properties](files.md)
####### [Get file information](get-file-information.md) ####### [Get file information](get-file-information.md)
####### [Get file related alerts](get-file-related-alerts.md) ####### [Get file related alerts](get-file-related-alerts.md)
####### [Get file related machines](get-file-related-machines.md) ####### [Get file related machines](get-file-related-machines.md)
####### [Get file statistics](get-file-statistics.md) ####### [Get file statistics](get-file-statistics.md)
###### IP ###### [IP]()
####### [Get IP related alerts](get-ip-related-alerts.md) ####### [Get IP related alerts](get-ip-related-alerts.md)
####### [Get IP related machines](get-ip-related-machines.md) ####### [Get IP related machines](get-ip-related-machines.md)
####### [Get IP statistics](get-ip-statistics.md) ####### [Get IP statistics](get-ip-statistics.md)
####### [Is IP seen in organization](is-ip-seen-org.md) ####### [Is IP seen in organization](is-ip-seen-org.md)
###### [User](user.md) ###### [User]()
####### [Methods](user.md)
####### [Get user related alerts](get-user-related-alerts.md) ####### [Get user related alerts](get-user-related-alerts.md)
####### [Get user related machines](get-user-related-machines.md) ####### [Get user related machines](get-user-related-machines.md)
##### How to use APIs - Samples ##### [How to use APIs - Samples]()
###### Advanced Hunting API ###### [Advanced Hunting API]()
####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) ####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md)
####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) ####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
####### [Advanced Hunting using Python](run-advanced-query-sample-python.md) ####### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md) ####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md)
###### Multiple APIs
###### [Multiple APIs]()
####### [PowerShell](exposed-apis-full-sample-powershell.md) ####### [PowerShell](exposed-apis-full-sample-powershell.md)
###### [Using OData Queries](exposed-apis-odata-samples.md) ###### [Using OData Queries](exposed-apis-odata-samples.md)
#### [API for custom alerts]()
#### API for custom alerts
##### [Enable the custom threat intelligence application](enable-custom-ti.md) ##### [Enable the custom threat intelligence application](enable-custom-ti.md)
##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md) ##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
##### [Create custom threat intelligence alerts](custom-ti-api.md) ##### [Create custom threat intelligence alerts](custom-ti-api.md)
@ -334,8 +431,8 @@
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md) ##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md) ##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
#### [Pull alerts to your SIEM tools]()
#### [Pull alerts to your SIEM tools](configure-siem.md) ##### [Learn about different ways to pull alerts](configure-siem.md)
##### [Enable SIEM integration](enable-siem-integration.md) ##### [Enable SIEM integration](enable-siem-integration.md)
##### [Configure Splunk to pull alerts](configure-splunk.md) ##### [Configure Splunk to pull alerts](configure-splunk.md)
##### [Configure HP ArcSight to pull alerts](configure-arcsight.md) ##### [Configure HP ArcSight to pull alerts](configure-arcsight.md)
@ -343,88 +440,94 @@
##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md) ##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) ##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
#### [Reporting]()
#### Reporting
##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) ##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
##### [Threat protection reports](threat-protection-reports.md) ##### [Threat protection reports](threat-protection-reports.md)
##### [Machine health and compliance reports](machine-reports.md) ##### [Machine health and compliance reports](machine-reports.md)
#### [Interoperability]()
#### Interoperability
##### [Partner applications](partner-applications.md) ##### [Partner applications](partner-applications.md)
#### [Manage machine configuration](configure-machines.md) #### [Manage machine configuration]()
##### [Ensure your machines are configured properly](configure-machines.md)
##### [Monitor and increase machine onboarding](configure-machines-onboarding.md) ##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
##### [Increase compliance to the security baseline](configure-machines-security-baseline.md) ##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
##### [Optimize ASR rule deployment and detections](configure-machines-asr.md) ##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
#### Role-based access control #### [Role-based access control]()
##### [Manage portal access using RBAC](rbac.md)
##### [Manage portal access using RBAC]()
###### [Using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md) ###### [Create and manage roles](user-roles.md)
###### [Create and manage machine groups](machine-groups.md)
###### [Create and manage machine groups]()
####### [Using machine groups](machine-groups.md)
####### [Create and manage machine tags](machine-tags.md) ####### [Create and manage machine tags](machine-tags.md)
#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md) #### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
### Configure Microsoft Threat Protection integration
### [Configure Microsoft threat protection integration]()
#### [Configure Conditional Access](configure-conditional-access.md) #### [Configure Conditional Access](configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md) #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
#### [Configure information protection in Windows](information-protection-in-windows-config.md) #### [Configure information protection in Windows](information-protection-in-windows-config.md)
### [Configure Microsoft Defender Security Center settings](preferences-setup.md) ### [Configure portal settings]()
#### General #### [Set up preferences](preferences-setup.md)
#### [General]()
##### [Update data retention settings](data-retention-settings.md) ##### [Update data retention settings](data-retention-settings.md)
##### [Configure alert notifications](configure-email-notifications.md) ##### [Configure alert notifications](configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md) ##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
##### [Enable Secure score security controls](enable-secure-score.md) ##### [Enable Secure score security controls](enable-secure-score.md)
##### [Configure advanced features](advanced-features.md) ##### [Configure advanced features](advanced-features.md)
#### Permissions #### [Permissions]()
##### [Use basic permissions to access the portal](basic-permissions.md) ##### [Use basic permissions to access the portal](basic-permissions.md)
##### [Manage portal access using RBAC](rbac.md) ##### [Manage portal access using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md) ###### [Create and manage roles](user-roles.md)
###### [Create and manage machine groups](machine-groups.md) ###### [Create and manage machine groups](machine-groups.md)
####### [Create and manage machine tags](machine-tags.md) ####### [Create and manage machine tags](machine-tags.md)
#### APIs #### [APIs]()
##### [Enable Threat intel](enable-custom-ti.md) ##### [Enable Threat intel](enable-custom-ti.md)
##### [Enable SIEM integration](enable-siem-integration.md) ##### [Enable SIEM integration](enable-siem-integration.md)
#### Rules #### [Rules]()
##### [Manage suppression rules](manage-suppression-rules.md) ##### [Manage suppression rules](manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md) ##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
##### [Manage indicators](manage-indicators.md) ##### [Manage indicators](manage-indicators.md)
##### [Manage automation file uploads](manage-automation-file-uploads.md) ##### [Manage automation file uploads](manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md) ##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
#### Machine management #### [Machine management]()
##### [Onboarding machines](onboard-configure.md) ##### [Onboarding machines](onboard-configure.md)
##### [Offboarding machines](offboard-machines.md) ##### [Offboarding machines](offboard-machines.md)
#### [Configure Windows Security app time zone settings](time-settings.md) #### [Configure time zone settings](time-settings.md)
## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md) ## [Troubleshoot Microsoft Defender ATP]()
### Troubleshoot sensor state
### [Troubleshoot sensor state]()
#### [Check sensor state](check-sensor-status.md) #### [Check sensor state](check-sensor-status.md)
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md) #### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines) #### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines) #### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md) #### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
### [Troubleshoot service issues]()
#### [Troubleshooting issues](troubleshoot-mdatp.md)
#### [Check service health](service-status.md) #### [Check service health](service-status.md)
### [Troubleshoot live response issues](troubleshoot-live-response.md) ### [Troubleshoot attack surface reduction issues]()
#### [Troubleshoot issues related to live response](troubleshoot-live-response.md)
### Troubleshoot attack surface reduction
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md) #### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md) #### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md) #### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) ### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)