From e7d9c98343b5727f109cd1ec3341c28c5e3904db Mon Sep 17 00:00:00 2001 From: Dolcita Montemayor Date: Wed, 10 Apr 2019 00:33:39 +0000 Subject: [PATCH] Updated threat-and-vuln-mgt-scenarios.md --- .../threat-and-vuln-mgt-scenarios.md | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md index 784680a051..b89f51dc16 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -22,3 +22,59 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) [!include[Prerelease�information](prerelease.md)] + +## Before you begin +Ensure that your machines: +- Are onboarded to Microsoft Defender Advanced Threat Protection +- Running with Windows 10 1709 (Fall Creators Update) or later +- Have at least one security recommendation that can be viewed in the machine page +- Are onboarded to Microsoft Intune or Microsoft System Center Configuration Manager (SCCM). If you are using SCCM, update your console to April version 1904 +- Are tagged or marked as co-managed + +## Lower down your threat and vulnerability exposure +Threat & Vulnerability Management introduces a new exposure score metric which visually represents how exposed your machines are to imminent threats. + +The exposure score is continuously calculated on each device in the organization and influenced by the following factors: +- Weaknesses, such as vulnerabilities and misconfigurations discovered on the device +- External and internal threats such as public exploit code and security alerts +- Likelihood of the device getting breached given its current security posture +- Value of the device to the organization given its role and content + +The exposure score is broken down into the following levels: +- 0 to 29: low exposure score +- 30 to 69: medium exposure score +- 70 to 100: high exposure score + +You can reduce the exposure score by remediating issues based on prioritized security recommendations. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization. They can be remediated through Microsoft Intune and SCCM + +1. From the Threat & Vulnerability Management dashboard, go through the **Top security recommendations** list and select the first item on the list. + +2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It will also show you the vulnerability details, such as the associated exploits affecting what machines and its business impact. Select **Request remediation**.. + +3. Select **Open a ticket in Intune** and indicate the remediation due date. + +4. Add a note for the IT administrator who will pick up the remediation task for more context. + +5. Click **Submit request**. This will take you to the Intune portal. + +6. + + +## Improve your security configuration +1. Step + +2. Step + + +## Request for remediation and monitor its progress + +1. Step + +2. Step + + +## File for and manage exception + +1. Step + +2. Step