deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Updated threat-and-vuln-mgt-scenarios.md

Browse Source
This commit is contained in:
Dolcita Montemayor 2019-04-10 00:33:39 +00:00
parent 3487cb7988
commit e7d9c98343
1 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
windows/security/threat-protection/windows-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -22,3 +22,59 @@ ms.topic: article
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease<73>information](prerelease.md)]
## Before you begin
Ensure that your machines:
- Are onboarded to Microsoft Defender Advanced Threat Protection
- Running with Windows 10 1709 (Fall Creators Update) or later
- Have at least one security recommendation that can be viewed in the machine page
- Are onboarded to Microsoft Intune or Microsoft System Center Configuration Manager (SCCM). If you are using SCCM, update your console to April version 1904
- Are tagged or marked as co-managed
## Lower down your threat and vulnerability exposure
Threat & Vulnerability Management introduces a new exposure score metric which visually represents how exposed your machines are to imminent threats.
The exposure score is continuously calculated on each device in the organization and influenced by the following factors:
- Weaknesses, such as vulnerabilities and misconfigurations discovered on the device
- External and internal threats such as public exploit code and security alerts
- Likelihood of the device getting breached given its current security posture
- Value of the device to the organization given its role and content
The exposure score is broken down into the following levels:
- 0 to 29: low exposure score
- 30 to 69: medium exposure score
- 70 to 100: high exposure score
You can reduce the exposure score by remediating issues based on prioritized security recommendations. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization. They can be remediated through Microsoft Intune and SCCM
1. From the Threat & Vulnerability Management dashboard, go through the **Top security recommendations** list and select the first item on the list.
2. In the **Security recommendations** page, you will see the description of what needs to be done and why. It will also show you the vulnerability details, such as the associated exploits affecting what machines and its business impact. Select **Request remediation**..
3. Select **Open a ticket in Intune** and indicate the remediation due date.
4. Add a note for the IT administrator who will pick up the remediation task for more context.
5. Click **Submit request**. This will take you to the Intune portal.
6. <Add Intune portal workflow here>
## Improve your security configuration
1. Step
2. Step
## Request for remediation and monitor its progress
1. Step
2. Step
## File for and manage exception
1. Step
2. Step