deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-29 13:47:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4501 from MicrosoftDocs/FromPrivateRepo

Browse Source 
From private repo
This commit is contained in:
huypub 2019-07-19 09:12:19 -07:00 committed by GitHub
commit e2da308383
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 1297 additions and 550 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
devices/surface-hub/downloads/Guide-SurfaceHub 2S-Navigation.pptx → devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx
View File

0
devices/surface-hub/downloads/Guide-Surface Hub 2S-Office365.pptx → devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx
View File

0
devices/surface-hub/downloads/Training Guide-SurfaceHub2S-HelpDesk.pdf → devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf
View File

1
devices/surface-hub/install-apps-on-surface-hub.md
View File

@ -12,6 +12,7 @@ ms.author: dansimp
ms.topic: article
ms.date: 10/23/2018
ms.localizationpriority: medium
audience: ITPro
---
# Install apps on your Microsoft Surface Hub

51
devices/surface-hub/surface-hub-2s-adoption-kit.md
View File

@ -6,36 +6,47 @@ ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.author: robmazz
manager: laurawi
audience: Admin
ms.topic: article
ms.date: 07/08/2019
ms.localizationpriority: Normal
---
# Surface Hub 2S adoption toolkit
# Surface Hub 2S adoption toolkit
Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S.
## Training guides
- Surface Hub adoption toolkit
- Training guide end user
- Training guide power user
- Training guide help desk
- Training guide Microsoft Teams desktop
- [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf)
- [Training guide end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf)
- [Training guide power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf)
- [Training guide help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf)
- [Training guide Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx)
[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
## End user guides
- Guide to Navigation on Surface Hub our
- Guide to Office 365 on Surface Hub
- Guide to Microsoft Whiteboard on Surface Hub
- Guide to Microsoft Teams on Surface Hub
- [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx)
- [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx)
- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx)
- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx)
## Quick reference cards
- Connect your PC
- Join a Teams Meeting
- Manage a Teams meeting
- Navigation basics
- Schedule a Teams meeting
- Start a new Teams meeting
- Share or send a file
- Sign in to view meetings and files
- Whiteboard advanced
- Whiteboard tools
- [Connect your PC](downloads/QRCConnectYourPC.pdf)
- [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf)
- [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf)
- [Navigation basics](downloads/QRCNavigationBasics.pdf)
- [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf)
- [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf)
- [Share or send a file](downloads/QRCShareSendFile.pdf)
- [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf)
- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf)
- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf)
[Download all user guides and quick reference cards](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)

10
devices/surface-hub/surface-hub-2s-change-history.md
View File

@ -7,6 +7,7 @@ ms.sitesec: library
author: robmazz
ms.author: robmazz
audience: Admin
ms.manager: laurawi
ms.topic: article
ms.date: 06/20/2019
ms.localizationpriority: Normal
@ -16,6 +17,15 @@ ms.localizationpriority: Normal
This topic summarizes new and updated content in the Surface Hub 2S documentation library.
## July 2019
Changes | Description
|:--- |:--- |
| Reset and recovery for Surface Hub 2S | Added link to Surface recovery website that enables customers to download a recovery image for Surface Hub 2S |
| Surface Hub 2S tech specs | Updated power consumption data |
| Surface Hub 2S Adoption Kit | New |
## June 2019
Changes | Description

2
devices/surface-hub/surface-hub-2s-recover-reset.md
View File

@ -37,7 +37,7 @@ New in Surface Hub 2S, you can now reinstall the device using a recovery image.
Surface Hub 2S lets you reinstall the device using a recovery image, which allows you to reinstall the device to factory settings if you lost the Bitlocker key or no longer have admin credentials to the Settings app.
1. Begin with a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
2. Download recovery image from the Surface Recovery website onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
2. Download recovery image from the [Surface Recovery website](https://support.microsoft.com/en-us/surfacerecoveryimage?devicetype=surfacehub2s) onto the USB drive and connect it to any USB-C or USB A port on Surface Hub 2S.
3. Turn off the device. While holding down the Volume down button, press the Power button. Keep holding both buttons until you see the Windows logo. Release the Power button but continue to hold the Volume until the Install UI begins.
![*Use Volume down and power buttons to initiate recovery*](images/sh2-keypad.png) <br>

7
devices/surface-hub/surface-hub-2s-techspecs.md
View File

@ -5,6 +5,7 @@ keywords: separate values with commas
ms.prod: surface-hub
ms.sitesec: library
author: robmazz
ms.manager: laurawi
ms.author: robmazz
audience: Admin
ms.topic: article
@ -17,6 +18,7 @@ ms.localizationpriority: Normal
|**Item**|**Details**|
|:------ |:--------- |
|**Dimensions**| 29.2" x 43.2" x 3.0” (741 mm x 1097 mm x 76 mm) |
|**Shipping dimensions**| 47.64" x 36.89" x 9.92" (1,210 mm x 937 mm x 252 mm)|
|**Weight**| 61.6 lbs. (28 kg) |
|**Resolution**| 3840 x 2560 |
|**Display**| PixelSense Display, 3:2 aspect ratio, 10-bit color, 15.5 mm border, anti-glare, IPS LCD |
@ -31,6 +33,11 @@ ms.localizationpriority: Normal
|**Exterior**| Casing: Precision machined aluminum with mineral-composite resin <br> Color: Platinum <br> Physical Buttons: Power, Volume, Source |
|**Whats in the box**| One Surface Hub 2S <br> One Surface Hub 2 Pen <br> One Surface Hub 2 Camera <br> 2.5 m AC Power Cable <br> Quick Start Guide |
|**Warranty**| 1-year limited hardware warranty |
|**BTU**| 1518 BTU/hr |
|**Input Voltage**| 50/60Hz 110/230v nominal, 90-265v max |
|**Input power, operating**| 445 W (495 W Surge Load) |
|**Input Current**| 5.46 A |
|**Input Power, standby**| 5 W max |
> [!NOTE]
> <sup>1</sup> System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. <br> <sup>2</sup> Software license required for some features. Sold separately.<br>

2
windows/client-management/mdm/TOC.md
View File

@ -55,6 +55,8 @@
### [AllJoynManagement CSP](alljoynmanagement-csp.md)
#### [AllJoynManagement DDF](alljoynmanagement-ddf.md)
### [APPLICATION CSP](application-csp.md)
### [ApplicationControl CSP](applicationcontrol-csp.md)
#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md)
### [AppLocker CSP](applocker-csp.md)
#### [AppLocker DDF file](applocker-ddf-file.md)
#### [AppLocker XSD](applocker-xsd.md)

274
windows/client-management/mdm/applicationcontrol-csp-ddf.md Normal file
View File

@ -0,0 +1,274 @@
---
title: ApplicationControl CSP
description: ApplicationControl CSP
ms.author: dansimp@microsoft.com
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
ms.date: 07/10/2019
---
# ApplicationControl CSP DDF
This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
### ApplicationControl CSP
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>ApplicationControl</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Root Node of the ApplicationControl CSP</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Policies</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Beginning of a Subtree that contains all policies.</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFTitle>Policies</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName></NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The GUID of the Policy</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrMore />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Policy GUID</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Policy</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<Description>The policy binary encoded as base64</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Policy</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PolicyInfo</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Information Describing the Policy indicated by the GUID</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>PolicyInfo</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Version</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Version of the Policy indicated by the GUID, as a string. When parsing use a uint64 as the containing data type</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Version</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IsEffective</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Whether the Policy indicated by the GUID is Effective on the system (loaded by the enforcement engine and in effect)</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>IsEffective</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IsDeployed</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Whether the Policy indicated by the GUID is deployed on the system (on the physical machine)</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>IsDeployed</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IsAuthorized</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system </Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>IsAuthorized</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The Current Status of the Policy Indicated by the Policy GUID</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Status</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>FriendlyName</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>The FriendlyName of the Policy Indicated by the Policy GUID</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>FriendlyName</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</Node>
</Node>
</MgmtTree>
```

236
windows/client-management/mdm/applicationcontrol-csp.md Normal file
View File

@ -0,0 +1,236 @@
---
title: ApplicationControl CSP
description: ApplicationControl CSP
ms.author: dansimp@microsoft.com
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
ms.date: 05/21/2019
---
# ApplicationControl CSP
Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot.
Existing WDAC policies deployed using AppLocker CSPs CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only.
ApplicationControl CSP was added in Windows 10, version 1903.
The following diagram shows ApplicationControl CSP in tree format.
![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png)
<a href="" id="vendor-msft-applicationcontrol"></a>**./Vendor/MSFT/ApplicationControl**
Defines the root node for ApplicationControl CSP.
Scope is permanent. Supported operation is Get.
<a href="" id="applicationcontrol-policies"></a>**ApplicationControl/Policies**
An interior node that contains all the policies, each identified by their globally unique identifier (GUID).
Scope is permanent. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid"></a>**ApplicationControl/Policies/_Policy GUID_**
ApplicationControl CSP enforces that the “ID” segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node.
Scope is dynamic. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid-policy"></a>**ApplicationControl/Policies/_Policy GUID_/Policy**
This node is the policy binary itself, which is encoded as base64.
Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
Value type is b64. Supported value is any well-formed WDAC policy, i.e. the base64-encoded content output by the ConvertFrom-CIPolicy cmdlet.
Default value is empty.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo**
An interior node that contains the nodes that describe the policy indicated by the GUID.
Scope is dynamic. Supported operation is Get.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-version"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version**
This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing use a uint64 as the containing data type.
Scope is dynamic. Supported operation is Get.
Value type is char.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-iseffective"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective**
This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
- True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system.
- False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-isdeployed"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed**
This node specifies whether a policy is deployed on the system and is present on the physical machine.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
- True — Indicates that the policy is deployed on the system and is present on the physical machine.
- False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-isauthorized"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized**
This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system.
Scope is dynamic. Supported operation is Get.
Value type is bool. Supported values are as follows:
- True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system.
- False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default.
The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes:
|IsAuthorized | IsDeployed | IsEffective | Resultant |
|------------ | ---------- | ----------- | --------- |
|True|True|True|Policy is currently running and in effect.|
|True|True|False|Policy requires a reboot to take effect.|
|True|False|True|Policy requires a reboot to unload from CI.|
|False|True|True|Not Reachable.|
|True|False|False|*Not Reachable.|
|False|True|False|*Not Reachable.|
|False|False|True|Not Reachable.|
|False|False|False|*Not Reachable.|
`*` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-status"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status**
This node specifies whether the deployment of the policy indicated by the GUID was successful.
Scope is dynamic. Supported operation is Get.
Value type is integer. Default value is 0 == OK.
<a href="" id="applicationcontrol-policies-policyguid-policyinfo-friendlyname"></a>**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName**
This node provides the friendly name of the policy indicated by the policy GUID.
Scope is dynamic. Supported operation is Get.
Value type is char.
## Usage guidance
To use ApplicationControl CSP, you must:
- Know a generated policys GUID, which can be found in the policy xml as `<PolicyTypeID>`.
- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool.
Here is a sample certutil invocation:
```
certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
```
An alternative to using certutil would be to use the following PowerShell invocation:
```
[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
```
If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI
functionality to apply the Code Integrity policy.
### Deploy policies
To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below.
To deploy base policy and supplemental policies:
- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy.
- Repeat for each base or supplemental policy (with its own GUID and data).
The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD).
**Example 1: Add first base policy**
```xml
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{Base1GUID}/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
</Meta>
<Data> {Base1Data} </Data>
</Item>
</Add>
```
**Example 2: Add second base policy**
```xml
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{Base2GUID}/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
</Meta>
<Data> {Base2Data} </Data>
</Item>
</Add>
```
**Example 3: Add supplemental policy**
```xml
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{Supplemental1GUID}/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
</Meta>
<Data> {Supplemental1Data} </Data>
</Item>
</Add>
```
### Get policies
Perform a GET using a deployed policys GUID to interrogate/inspect the policy itself or information about it.
The following table displays the result of Get operation on different nodes:
|Nodes | Get Results|
|------------- | ------|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy|raw p7b|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version|Policy version|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective|Is the policy in effect|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed|Is the policy on the system|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized|Is the policy authorized on the system|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful|
|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy|
The following is an example of Get command:
```xml
<Get>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy</LocURI>
</Target>
</Item>
</Get>
```
### Delete policies
To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**.
> [!Note]
> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy.
To delete a signed policy:
1. Replace it with a signed update allowing unsigned policy.
2. Deploy another update with unsigned policy.
3. Perform delete.
The following is an example of Delete command:
```xml
<Delete>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy</LocURI>
</Target>
</Item>
</Delete>
```

28
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -172,6 +172,34 @@ Additional lists:
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[ApplicationControl CSP](applicationcontrol-csp.md)
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>6</sup></td>
</tr>
</table>
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[AppLocker CSP](applocker-csp.md)

BIN
windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

5
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -142,6 +142,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top"><a href="enrollmentstatustracking-csp.md" data-raw-source="[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)">EnrollmentStatusTracking CSP</a></td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
</td></tr>
<tr>
<td style="vertical-align:top"><a href="applicationcontrol-csp.md" data-raw-source="[ApplicationControl CSP](applicationcontrol-csp.md)">ApplicationControl CSP</a></td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
</td></tr>
</tbody>
</table>
@ -1887,6 +1891,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
|New or updated topic | Description|
|--- | ---|
|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider|

3
windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
View File

@ -52,6 +52,9 @@ The trust model determines how you want users to authenticate to the on-premises
* The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today.
* The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers.
>[!NOTE]
>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this time.
Following are the various deployment guides included in this topic:
- [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md)
- [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md)

3
windows/security/identity-protection/hello-for-business/hello-faq.md
View File

@ -27,6 +27,9 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10.
## What about convenience PIN?
Microsoft is committed to its vision of a <u>world without passwords.</u> We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business.
## Can I use Windows Hello for Business key trust and RDP?
RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments.
## Can I deploy Windows Hello for Business using System Center Configuration Manager?
Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018.

4
windows/security/identity-protection/hello-for-business/hello-overview.md
View File

@ -98,7 +98,9 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md).
## Comparing key-based and certificate-based authentication
Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust.
Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments.
## Learn more

3
windows/security/identity-protection/hello-for-business/hello-planning-guide.md
View File

@ -80,6 +80,9 @@ The key trust type does not require issuing authentication certificates to end u
The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
>[!NOTE]
>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this tim
#### Device registration
All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. For cloud only and hybrid deployment, the identity provider is Azure Active Directory. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role.

837
windows/security/threat-protection/TOC.md
View File

@ -1,436 +1,493 @@
# [Threat protection](index.md)
## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
## [Overview]()
### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md)
### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md)
### [Attack surface reduction]()
#### [Hardware-based isolation]()
##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
### [Overview](microsoft-defender-atp/overview.md)
#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md)
###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md)
####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
##### [Application isolation]()
###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
##### [Incidents queue](microsoft-defender-atp/incidents-queue.md)
###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
###### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
#### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
#### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
#### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
#### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
##### Alerts queue
###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
###### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
###### [Investigate files](microsoft-defender-atp/investigate-files.md)
###### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
###### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
### [Endpoint detection and response]()
#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
##### Machines list
###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline)
####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
#### [Incidents queue]()
##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
#### [Alerts queue]()
##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
##### [Investigate files](microsoft-defender-atp/investigate-files.md)
##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
##### [Take response actions](microsoft-defender-atp/response-actions.md)
###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md)
####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
#### [Machines list]()
##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine)
##### [Machine timeline]()
###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline)
###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events)
###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date)
###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events)
###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages)
#### [Take response actions]()
##### [Take response actions on a machine]()
###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction)
###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation)
####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md)
####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
##### [Take response actions on a file]()
###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine)
###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network)
###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md)
#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
##### [Investigate entities using Live response]()
###### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
### [Automated investigation and remediation]()
#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)
### [Secure score](microsoft-defender-atp/overview-secure-score.md)
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
#### [Secure score](microsoft-defender-atp/overview-secure-score.md)
#### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
### [Advanced hunting]()
#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md)
#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md)
##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md)
###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md)
###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md)
###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
#### [Custom detections]()
##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md)
##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md)
#### [Management and APIs](microsoft-defender-atp/management-apis.md)
#### [Management and APIs]()
##### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md)
##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md)
#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md)
#### [Integrations]()
##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md)
##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md)
##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md)
##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md)
###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
#### [Information protection in Windows overview]()
##### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
### [Portal overview](microsoft-defender-atp/portal-overview.md)
## [Get started]()
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
### [Preview features](microsoft-defender-atp/preview.md)
### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
#### [Portal overview](microsoft-defender-atp/portal-overview.md)
### [Get started](microsoft-defender-atp/get-started.md)
#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md)
#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md)
#### [Preview features](microsoft-defender-atp/preview.md)
#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md)
#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md)
#####Evaluate attack surface reduction
###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
### [Evaluate Microsoft Defender ATP]()
#### [Attack surface reduction and next-generation capability evaluation]()
##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md)
##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md)
### [Configure and manage capabilities](microsoft-defender-atp/onboard.md)
#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md)
#####Hardware-based isolation
###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### Device control
###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
###### [Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
####### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md)
######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
## [Configure and manage capabilities]()
### [Configure attack surface reduction]()
#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
#### [Hardware-based isolation]()
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
##### [Application isolation]()
###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
#### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
#### [Device control]()
##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
##### [Device Guard]()
###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
###### [Memory integrity]()
####### [Understand memory integrity](windows-defender-exploit-guard/memory-integrity.md)
####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
#### [Exploit protection]()
##### [Enable exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
##### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
#### [Attack surface reduction controls]()
##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md)
#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
### [Configure next generation protection]()
#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
##### [Prevent security settings changes with tamper protection](windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md)
##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection]()
##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
#### [Antivirus compatibility]()
##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
#### [Deploy, manage updates, and report on antivirus]()
##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md)
###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
##### [Report on antivirus protection]()
###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md)
##### [Manage updates and apply baselines]()
###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
#### [Customize, initiate, and review the results of scans and remediation]()
##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage antivirus in your business]()
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage scans and remediation]()
##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md)
###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage next generation protection in your business]()
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
### [Management and API support]()
#### [Onboard devices to the service]()
##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
##### [Onboard Windows 10 machines]()
###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
###### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
##### [Troubleshoot onboarding issues]()
###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
#### [Microsoft Defender ATP API]()
##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
##### [Get started with Microsoft Defender ATP APIs]()
###### [Introduction](microsoft-defender-atp/apis-intro.md)
###### [Hello World](microsoft-defender-atp/api-hello-world.md)
###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
##### [APIs]()
###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md)
###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
###### [Alert]()
####### [Alert methods and properties](microsoft-defender-atp/alerts.md)
####### [List alerts](microsoft-defender-atp/get-alerts.md)
####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
####### [Update Alert](microsoft-defender-atp/update-alert.md)
####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
####### [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
####### [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
####### [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
###### [Machine]()
####### [Machine methods and properties](microsoft-defender-atp/machine.md)
####### [List machines](microsoft-defender-atp/get-machines.md)
####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
###### [Machine Action]()
####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md)
####### [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
####### [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
####### [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
####### [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
####### [Isolate machine](microsoft-defender-atp/isolate-machine.md)
####### [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
####### [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
####### [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
###### [Indicators]()
####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md)
####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
###### [Domain]()
####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
###### [File]()
####### [File methods and properties](microsoft-defender-atp/files.md)
####### [Get file information](microsoft-defender-atp/get-file-information.md)
####### [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
####### [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
####### [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
###### [IP]()
####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
###### [User]()
####### [User methods](microsoft-defender-atp/user.md)
####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
##### [How to use APIs - Samples]()
###### [Advanced Hunting API]()
####### [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
####### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
####### [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
####### [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
###### [Multiple APIs]()
####### [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
#### [Windows updates (KB) info]()
##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
#### [Common Vulnerabilities and Exposures (CVE) to KB map]()
##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
#### [API for custom alerts (Deprecated)]()
##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
#### [Pull alerts to your SIEM tools]()
##### [Learn about different ways to pull alerts](microsoft-defender-atp/configure-siem.md)
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
##### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
##### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
##### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
##### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
#### [Reporting]()
##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
#### [Interoperability]()
##### [Partner applications](microsoft-defender-atp/partner-applications.md)
#### [Role-based access control]()
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
##### [Create and manage roles](microsoft-defender-atp/user-roles.md)
##### [Create and manage machine groups]()
###### [Using machine groups](microsoft-defender-atp/machine-groups.md)
###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
### [Configure Microsoft threat protection integration]()
#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
### [Configure portal settings]()
#### [General]()
##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
#### [Permissions]()
##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
###### [Create and manage roles](microsoft-defender-atp/user-roles.md)
###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
#### [APIs]()
##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
#### [Rules]()
##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
##### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
#### [Machine management]()
##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md)
## [Troubleshoot Microsoft Defender ATP]()
### [Troubleshoot sensor state]()
#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
### [Troubleshoot Microsoft Defender ATP service issues]()
#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
#### [Check service health](microsoft-defender-atp/service-status.md)
### [Troubleshoot live response issues]()
#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
### [Troubleshoot attack surface reduction]()
#### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
#### Management and API support
##### [Onboard machines](microsoft-defender-atp/onboard-configure.md)
###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md)
####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md)
####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md)
###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md)
###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md)
####### [Hello World](microsoft-defender-atp/api-hello-world.md)
####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md)
####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md)
###### [APIs](microsoft-defender-atp/exposed-apis-list.md)
####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md)
####### [Alert](microsoft-defender-atp/alerts.md)
######## [List alerts](microsoft-defender-atp/get-alerts.md)
######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md)
######## [Update Alert](microsoft-defender-atp/update-alert.md)
######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md)
######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md)
######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md)
######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md)
######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md)
######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md)
####### [Machine](microsoft-defender-atp/machine.md)
######## [List machines](microsoft-defender-atp/get-machines.md)
######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md)
######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md)
######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md)
######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md)
######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md)
####### [Machine Action](microsoft-defender-atp/machineaction.md)
######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md)
######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md)
######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md)
######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md)
######## [Isolate machine](microsoft-defender-atp/isolate-machine.md)
######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md)
######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md)
######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md)
######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md)
######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md)
######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md)
######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md)
####### [Indicators](microsoft-defender-atp/ti-indicator.md)
######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md)
######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md)
######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md)
####### Domain
######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md)
######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md)
######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md)
######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md)
####### [File](microsoft-defender-atp/files.md)
######## [Get file information](microsoft-defender-atp/get-file-information.md)
######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md)
######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md)
######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md)
####### IP
######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md)
######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md)
######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md)
######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md)
####### [User](microsoft-defender-atp/user.md)
######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md)
######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md)
###### How to use APIs - Samples
####### Advanced Hunting API
######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md)
######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md)
######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md)
######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md)
####### Multiple APIs
######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md)
####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md)
#####Windows updates (KB) info
###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md)
#####Common Vulnerabilities and Exposures (CVE) to KB map
###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md)
##### API for custom alerts (Deprecated)
###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md)
###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md)
###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md)
###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md)
###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md)
###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md)
##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md)
###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md)
###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md)
###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md)
###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md)
###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md)
##### Reporting
###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md)
###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
##### Interoperability
###### [Partner applications](microsoft-defender-atp/partner-applications.md)
##### Role-based access control
###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md)
#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
#### Configure Microsoft threat protection integration
##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md)
##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md)
##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md)
##### General
###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md)
###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md)
###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md)
###### [Configure advanced features](microsoft-defender-atp/advanced-features.md)
##### Permissions
###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md)
###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md)
####### [Create and manage roles](microsoft-defender-atp/user-roles.md)
####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md)
######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md)
##### APIs
###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md)
###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md)
#####Rules
###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md)
###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md)
###### [Manage indicators](microsoft-defender-atp/manage-indicators.md)
###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md)
###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md)
#####Machine management
###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md)
###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md)
##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md)
### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md)
####Troubleshoot sensor state
##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md)
##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md)
##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines)
##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines)
##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md)
#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md)
##### [Check service health](microsoft-defender-atp/service-status.md)
#### [Troubleshoot live response issues](microsoft-defender-atp/troubleshoot-live-response.md)
##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md)
####Troubleshoot attack surface reduction
##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
## [Security intelligence](intelligence/index.md)
### [Understand malware & other threats](intelligence/understanding-malware.md)

5
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
View File

@ -1,5 +1,5 @@
---
title: Onboard Windows 10 machines on Microsoft Defender ATP
title: Onboarding tools and methods for Windows 10 machines
description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
search.product: eADQiWindows 10XVcnh
@ -15,10 +15,9 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 07/12/2018
---
# Onboard Windows 10 machines
# Onboarding tools and methods for Windows 10 machines
**Applies to:**

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: article
---
# Optimize ASR rule deployment and detections

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: article
---
# Get machines onboarded to Microsoft Defender ATP

5
windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: article
---
# Increase compliance to the Microsoft Defender ATP security baseline
@ -41,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended
Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls.
>[!NOTE]
>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
## Get permissions to manage security baselines in Intune
By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you havent been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group.

2
windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
View File

@ -14,7 +14,7 @@ ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: procedural
ms.topic: conceptual
---
# Ensure your machines are configured properly

BIN
windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 81 KiB

After

Width:  |  Height:  |  Size: 91 KiB

18
windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md
View File

@ -109,7 +109,7 @@ To see a full page view of an alert including incident graph and process tree, s
The **Timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This can help you correlate any events, files, and IP addresses in relation to the machine.
Timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns.
The timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns.
>[!NOTE]
> For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection).
@ -131,15 +131,15 @@ Some of the functionality includes:
- Export detailed machine timeline events
- Export the machine timeline for the current date or a specified date range up to seven days.
Along with event time and users, one of the main categories on the timeline is "Details". They describe what happened in the events. The list of possible details are:
More details about certain events are provided in the **Additional information** section. These details vary depending on the type of event, for example:
- Contained by Application Guard
- Active threat detected - when the detection happened, the threat was executing (i.e. it was running)
- Remediation unsuccessful - remediation was invoked but failed
- Remediation successful - the threat was stopped and cleaned up
- Warning bypassed by user - SmartScreen warning appeared but the user dismissed it
- Suspicious script detected
- Alert category (e.g. lateral movement)- if the event is correlated to an alert, the tag will show the alert category
- Contained by Application Guard - the web browser event was restricted by an isolated container
- Active threat detected - the threat detection occurred while the threat was running
- Remediation unsuccessful - an attempt to remediate the detected threat was invoked but failed
- Remediation successful - the detected threat was stopped and cleaned
- Warning bypassed by user - the SmartScreen warning was dismissed and overridden by a user
- Suspicious script detected - a potentially malicious script was found running
- The alert category - if the event led to the generation of an alert, the alert category ("Lateral Movement", for example) is provided
You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine.

335
windows/security/threat-protection/microsoft-defender-atp/TOC.md → windows/security/threat-protection/microsoft-defender-atp/oldTOC.md
View File

@ -1,7 +1,9 @@
# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
## [Overview](overview.md)
### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
## [Overview]()
### [Overview of Microsoft Defender ATP capabilities](overview.md)
### [Threat & Vulnerability Management]()
#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
#### [Exposure score](tvm-exposure-score.md)
#### [Configuration score](configuration-score.md)
@ -12,29 +14,39 @@
#### [Scenarios](threat-and-vuln-mgt-scenarios.md)
### [Attack surface reduction](overview-attack-surface-reduction.md)
#### [Hardware-based isolation](overview-hardware-based-isolation.md)
##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md)
### [Attack surface reduction]()
#### [Hardware-based isolation]()
##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
##### [Application isolation]()
###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
#### [Application control]()
##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md)
#### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md)
#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
### [Endpoint detection and response](overview-endpoint-detection-response.md)
### [Endpoint detection and response]()
#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
#### [Security operations dashboard](security-operations-dashboard.md)
#### [Incidents queue](incidents-queue.md)
#### [Incidents queue]()
##### [View and organize the Incidents queue](view-incidents-queue.md)
##### [Manage incidents](manage-incidents.md)
##### [Investigate incidents](investigate-incidents.md)
#### Alerts queue
#### [Alerts queue]()
##### [View and organize the Alerts queue](alerts-queue.md)
##### [Manage alerts](manage-alerts.md)
##### [Investigate alerts](investigate-alerts.md)
@ -44,16 +56,18 @@
##### [Investigate a domain](investigate-domain.md)
##### [Investigate a user account](investigate-user.md)
#### [Machines list](machines-view-overview.md)
##### [Investigate machines](investigate-machines.md#machine-timeline)
#### [Machines list]()
##### [View and organize the Machines list](machines-view-overview.md)
##### [Investigate machines]()
###### [Machine details](investigate-machines.md#machine-details)
###### [Response actions](investigate-machines.md#response-actions)
###### [Cards](investigate-machines.md#cards)
###### [Tabs](investigate-machines.md#tabs)
#### [Take response actions](response-actions.md)
##### [Take response actions on a machine](respond-machine-alerts.md)
#### [Take response actions]()
##### [Take response actions on a machine]()
###### [Understand response actions](respond-machine-alerts.md)
###### [Manage tags](respond-machine-alerts.md#manage-tags)
###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
@ -63,46 +77,60 @@
###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
##### [Take response actions on a file](respond-file-alerts.md)
##### [Take response actions on a file]()
###### [Understand response actions](respond-file-alerts.md)
###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine)
###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network)
###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list)
###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center)
###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
###### [Deep analysis](respond-file-alerts.md#deep-analysis)
##### [Investigate entities using Live response](live-response.md)
##### [Live response]()
###### [Investigate entities on machines](live-response.md)
###### [Live response command examples](live-response-command-examples.md)
### [Automated investigation and remediation](automated-investigations.md)
### [Automated investigation and remediation]()
#### [Understand Automated investigations](automated-investigations.md)
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
### [Secure score](overview-secure-score.md)
### [Threat analytics](threat-analytics.md)
### [Microsoft Threat Experts](microsoft-threat-experts.md)
### [Advanced hunting](overview-hunting.md)
#### [Query data using Advanced hunting](advanced-hunting.md)
### [Advanced hunting]()
#### [Advanced hunting overview](overview-hunting.md)
#### [Query data using Advanced hunting]()
##### [Data querying basics](advanced-hunting.md)
##### [Advanced hunting reference](advanced-hunting-reference.md)
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
#### [Custom detections](overview-custom-detections.md)
#### [Custom detections]()
##### [Understand custom detection rules](overview-custom-detections.md)
##### [Create custom detections rules](custom-detection-rules.md)
### [Management and APIs](management-apis.md)
### [Management and APIs]()
#### [Overview of management and APIs](management-apis.md)
#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
#### [Microsoft Defender ATP APIs](apis-intro.md)
#### [Managed security service provider support](mssp-support.md)
### [Microsoft Threat Protection](threat-protection-integration.md)
#### [Protect users, data, and devices with Conditional Access](conditional-access.md)
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
#### [Information protection in Windows overview](information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
### [Integrations]()
#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
#### [Conditional Access integration overview](conditional-access.md)
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
#### [Information protection in Windows overview]()
##### [Windows integration](information-protection-in-windows-overview.md)
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
### [Microsoft Threat Experts](microsoft-threat-experts.md)
@ -111,7 +139,8 @@
### [Portal overview](portal-overview.md)
## [Get started](get-started.md)
## [Get started]()
### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
### [Minimum requirements](minimum-requirements.md)
### [Validate licensing and complete setup](licensing.md)
@ -119,92 +148,137 @@
### [Data storage and privacy](data-storage-privacy.md)
### [Assign user access to the portal](assign-portal-access.md)
### [Evaluate Microsoft Defender ATP](evaluate-atp.md)
#### Evaluate attack surface reduction
##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
##### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
#### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
### [Evaluate Microsoft Defender ATP capabilities]()
#### [Evaluate attack surface reduction]()
##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
### [Access the Microsoft Defender Security Center Community Center](community.md)
## [Configure and manage capabilities](onboard.md)
## [Configure and manage capabilities]()
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
### Hardware-based isolation
### [Hardware-based isolation]()
#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md)
#### [Application isolation]()
##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
#### Device control
#### [Device control]()
##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
##### [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
###### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
##### [Device Guard]()
###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
###### [Memory integrity]()
####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
#### [Exploit protection]()
##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
#### [Controlled folder access]()
##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md)
#### [Attack surface reduction controls](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
#### [Attack surface reduction controls]()
##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
#### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
### [Configure next generation protection]()
#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
#### [Utilize Microsoft cloud-delivered protection]()
##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
#### [Configure behavioral, heuristic, and real-time protection]()
##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
#### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
#### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
#### [Antivirus compatibility]()
##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
#### [Deploy, manage updates, and report on antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
##### [Deploy and enable antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
#### [Deploy, manage updates, and report on antivirus]()
##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
##### [Deploy and enable antivirus]()
###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
##### [Report on antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
##### [Report on antivirus protection]()
###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md)
##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
##### [Manage updates and apply baselines]()
###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
#### [Customize, initiate, and review the results of scans and remediation]()
##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
#### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage antivirus in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
#### [Manage antivirus in your business]()
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
#### [Manage scans and remediation]()
##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
##### [Configure and validate exclusions in antivirus scans]()
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
@ -212,7 +286,9 @@
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
#### [Manage next generation protection in your business]()
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
@ -222,39 +298,54 @@
### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
### Management and API support
#### [Onboard machines](onboard-configure.md)
### [Endpoint detection and response management and API support]()
#### [Onboard machines]()
##### [Onboarding overview](onboard-configure.md)
##### [Onboard previous versions of Windows](onboard-downlevel.md)
##### [Onboard Windows 10 machines](configure-endpoints.md)
##### [Onboard Windows 10 machines]()
###### [Ways to onboard](configure-endpoints.md)
###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md)
###### [Onboard machines using Mobile Device Management tools]()
####### [Overview](configure-endpoints-mdm.md)
####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
###### [Onboard machines using a local script](configure-endpoints-script.md)
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
##### [Onboard servers](configure-server-endpoints.md)
##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
##### [Onboard machines without Internet access](onboard-offline-machines.md)
##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
##### [Run simulated attacks on machines](attack-simulations.md)
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md)
##### [Troubleshoot onboarding issues]()
###### [Troubleshooting basics](troubleshoot-onboarding.md)
###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
#### [Microsoft Defender ATP API](use-apis.md)
#### [Microsoft Defender ATP API]()
##### [Understand Microsoft Defender ATP APIs](use-apis.md)
##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
##### [Get started with Microsoft Defender ATP APIs](apis-intro.md)
##### [Get started with Microsoft Defender ATP APIs]()
###### [Introduction](apis-intro.md)
###### [Hello World](api-hello-world.md)
###### [Get access with application context](exposed-apis-create-app-webapp.md)
###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
##### [APIs](exposed-apis-list.md)
##### [APIs]()
###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md)
###### [Advanced Hunting](run-advanced-query-api.md)
###### [Alert](alerts.md)
###### [Alert]()
####### [Methods, properties, and JSON representation](alerts.md)
####### [List alerts](get-alerts.md)
####### [Create alert](create-alert-by-reference.md)
####### [Update Alert](update-alert.md)
@ -265,7 +356,8 @@
####### [Get alert related machine information](get-alert-related-machine-info.md)
####### [Get alert related user information](get-alert-related-user-info.md)
###### [Machine](machine.md)
###### [Machine]()
####### [Methods and properties](machine.md)
####### [List machines](get-machines.md)
####### [Get machine by ID](get-machine-by-id.md)
####### [Get machine log on users](get-machine-log-on-users.md)
@ -273,7 +365,8 @@
####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
####### [Find machines by IP](find-machines-by-ip.md)
###### [Machine Action](machineaction.md)
###### [Machine Action]()
####### [Methods and properties](machineaction.md)
####### [List Machine Actions](get-machineactions-collection.md)
####### [Get Machine Action](get-machineaction-object.md)
####### [Collect investigation package](collect-investigation-package.md)
@ -287,45 +380,49 @@
####### [Stop and quarantine file](stop-and-quarantine-file.md)
####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
###### [Indicators](ti-indicator.md)
###### [Indicators]()
####### [Methods and properties](ti-indicator.md)
####### [Submit Indicator](post-ti-indicator.md)
####### [List Indicators](get-ti-indicators-collection.md)
####### [Delete Indicator](delete-ti-indicator-by-id.md)
###### Domain
###### [Domain]()
####### [Get domain related alerts](get-domain-related-alerts.md)
####### [Get domain related machines](get-domain-related-machines.md)
####### [Get domain statistics](get-domain-statistics.md)
####### [Is domain seen in organization](is-domain-seen-in-org.md)
###### [File](files.md)
###### [File]()
####### [Methods and properties](files.md)
####### [Get file information](get-file-information.md)
####### [Get file related alerts](get-file-related-alerts.md)
####### [Get file related machines](get-file-related-machines.md)
####### [Get file statistics](get-file-statistics.md)
###### IP
###### [IP]()
####### [Get IP related alerts](get-ip-related-alerts.md)
####### [Get IP related machines](get-ip-related-machines.md)
####### [Get IP statistics](get-ip-statistics.md)
####### [Is IP seen in organization](is-ip-seen-org.md)
###### [User](user.md)
###### [User]()
####### [Methods](user.md)
####### [Get user related alerts](get-user-related-alerts.md)
####### [Get user related machines](get-user-related-machines.md)
##### How to use APIs - Samples
###### Advanced Hunting API
##### [How to use APIs - Samples]()
###### [Advanced Hunting API]()
####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md)
####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
####### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md)
###### Multiple APIs
###### [Multiple APIs]()
####### [PowerShell](exposed-apis-full-sample-powershell.md)
###### [Using OData Queries](exposed-apis-odata-samples.md)
#### API for custom alerts
#### [API for custom alerts]()
##### [Enable the custom threat intelligence application](enable-custom-ti.md)
##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
##### [Create custom threat intelligence alerts](custom-ti-api.md)
@ -334,8 +431,8 @@
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
#### [Pull alerts to your SIEM tools](configure-siem.md)
#### [Pull alerts to your SIEM tools]()
##### [Learn about different ways to pull alerts](configure-siem.md)
##### [Enable SIEM integration](enable-siem-integration.md)
##### [Configure Splunk to pull alerts](configure-splunk.md)
##### [Configure HP ArcSight to pull alerts](configure-arcsight.md)
@ -343,88 +440,94 @@
##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
#### Reporting
#### [Reporting]()
##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
##### [Threat protection reports](threat-protection-reports.md)
##### [Machine health and compliance reports](machine-reports.md)
#### Interoperability
#### [Interoperability]()
##### [Partner applications](partner-applications.md)
#### [Manage machine configuration](configure-machines.md)
#### [Manage machine configuration]()
##### [Ensure your machines are configured properly](configure-machines.md)
##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
#### Role-based access control
##### [Manage portal access using RBAC](rbac.md)
#### [Role-based access control]()
##### [Manage portal access using RBAC]()
###### [Using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md)
###### [Create and manage machine groups](machine-groups.md)
###### [Create and manage machine groups]()
####### [Using machine groups](machine-groups.md)
####### [Create and manage machine tags](machine-tags.md)
#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
### Configure Microsoft Threat Protection integration
### [Configure Microsoft threat protection integration]()
#### [Configure Conditional Access](configure-conditional-access.md)
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
#### [Configure information protection in Windows](information-protection-in-windows-config.md)
### [Configure Microsoft Defender Security Center settings](preferences-setup.md)
#### General
### [Configure portal settings]()
#### [Set up preferences](preferences-setup.md)
#### [General]()
##### [Update data retention settings](data-retention-settings.md)
##### [Configure alert notifications](configure-email-notifications.md)
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
##### [Enable Secure score security controls](enable-secure-score.md)
##### [Configure advanced features](advanced-features.md)
#### Permissions
#### [Permissions]()
##### [Use basic permissions to access the portal](basic-permissions.md)
##### [Manage portal access using RBAC](rbac.md)
###### [Create and manage roles](user-roles.md)
###### [Create and manage machine groups](machine-groups.md)
####### [Create and manage machine tags](machine-tags.md)
#### APIs
#### [APIs]()
##### [Enable Threat intel](enable-custom-ti.md)
##### [Enable SIEM integration](enable-siem-integration.md)
#### Rules
#### [Rules]()
##### [Manage suppression rules](manage-suppression-rules.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
##### [Manage indicators](manage-indicators.md)
##### [Manage automation file uploads](manage-automation-file-uploads.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
#### Machine management
#### [Machine management]()
##### [Onboarding machines](onboard-configure.md)
##### [Offboarding machines](offboard-machines.md)
#### [Configure Windows Security app time zone settings](time-settings.md)
#### [Configure time zone settings](time-settings.md)
## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md)
### Troubleshoot sensor state
## [Troubleshoot Microsoft Defender ATP]()
### [Troubleshoot sensor state]()
#### [Check sensor state](check-sensor-status.md)
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md)
### [Troubleshoot service issues]()
#### [Troubleshooting issues](troubleshoot-mdatp.md)
#### [Check service health](service-status.md)
### [Troubleshoot live response issues](troubleshoot-live-response.md)
#### [Troubleshoot issues related to live response](troubleshoot-live-response.md)
### Troubleshoot attack surface reduction
### [Troubleshoot attack surface reduction issues]()
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)