mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge pull request #1920 from MicrosoftDocs/FromPrivateRepo
From private repo
This commit is contained in:
huypub
GitHub
commit
e8b900cf9b
@ -6,7 +6,7 @@ ms.prod: w10
|
||||
ms.technology: Windows
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype:
|
||||
ms.pagetype: deploy
|
||||
ms.localizationpriority: medium
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
author: greg-lindsay
|
||||
ms.author: greg-lindsay
|
||||
ms.date: 10/19/2018
|
||||
ms.date: 10/22/2018
|
||||
---
|
||||
|
||||
# Windows Autopilot for existing devices
|
||||
@ -38,7 +38,13 @@ If desired, you can set up an [enrollment status page](https://docs.microsoft.co
|
||||
To enable and configure the enrollment and status page:
|
||||
|
||||
1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
|
||||
2. [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
|
||||
2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
|
||||
3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
|
||||
|
||||
See the following examples.
|
||||
|
||||
<br><br>
|
||||
|
||||
|
||||
### Create the JSON file
|
||||
|
||||
|
||||
BIN
windows/deployment/windows-autopilot/images/esp-config.png
Normal file
BIN
windows/deployment/windows-autopilot/images/esp-config.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
BIN
windows/deployment/windows-autopilot/images/mdm-config.png
Normal file
BIN
windows/deployment/windows-autopilot/images/mdm-config.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 39 KiB |
@ -7,7 +7,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
author: tedhardyMSFT
|
||||
ms.date: 10/18/2018
|
||||
ms.date: 10/22/2018
|
||||
---
|
||||
|
||||
# How to get a list of XML data name elements in EventData
|
||||
@ -85,9 +85,9 @@ PS C:\WINDOWS\system32> $SecEvents.events[100].Template
|
||||
|
||||
## Mapping data name elements to the names in an event description
|
||||
|
||||
You can use the <Template> and <Description> to map the data name elements that appear in XML view to the names that appear in the event description.
|
||||
You can use the <Template> and <Description> to map the data name elements that appear in XML view to the names that appear in the event description.
|
||||
|
||||
The <Description> is just the format string (if you’re used to Console.Writeline or sprintf statements) and the <Template> is the source of the input parameters for the <Description>.
|
||||
The <Description> is just the format string (if you’re used to Console.Writeline or sprintf statements) and the <Template> is the source of the input parameters for the <Description>.
|
||||
|
||||
Using Security event 4734 as an example:
|
||||
|
||||
@ -121,9 +121,9 @@ Description : A security-enabled local group was deleted.
|
||||
|
||||
```
|
||||
|
||||
For the "Subject: Security Id:" text element, it will use the fourth element in the Template, "SubjectUserSid".
|
||||
For the **Subject: Security Id:** text element, it will use the fourth element in the Template, **SubjectUserSid**.
|
||||
|
||||
For "Additional Information Privileges:", it would use the eighth element "PrivelegeList".
|
||||
For **Additional Information Privileges:**, it would use the eighth element **PrivilegeList**.
|
||||
|
||||
A caveat to this is an oft-overlooked property of events called Version (in the <SYSTEM> element) that indicates the revision of the event schema and description. Most events have 1 version (all events have Version =0 like the Security/4734 example) but a few events like Security/4624 or Security/4688 have at least 3 versions (versions 0, 1, 2) depending on the OS version where the event is generated. Only the latest version is used for generating events in the Security log. In any case, the Event Version where the Template is taken from should use the same Event Version for the Description.
|
||||
A caveat to this is an oft-overlooked property of events called Version (in the <SYSTEM> element) that indicates the revision of the event schema and description. Most events have 1 version (all events have Version =0 like the Security/4734 example) but a few events like Security/4624 or Security/4688 have at least 3 versions (versions 0, 1, 2) depending on the OS version where the event is generated. Only the latest version is used for generating events in the Security log. In any case, the Event Version where the Template is taken from should use the same Event Version for the Description.
|
||||
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure advanced features in Windows Defender ATP
|
||||
description: Turn on advanced features such as block file in Windows Defender Advanced Threat Protection.
|
||||
keywords: advanced features, settings, block file, automated investigation, auto-resolve, skype, azure atp, office 365, azure information protection, intune
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Advanced hunting best practices in Windows Defender ATP
|
||||
description: Learn about Advanced hunting best practices such as what filters and keywords to use to effectively query data.
|
||||
keywords: advanced hunting, best practices, keyword, filters, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Advanced hunting reference in Windows Defender ATP
|
||||
description: Learn about Advanced hunting table reference such as column name, data type, and description
|
||||
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics, column name, data type, description
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Query data using Advanced hunting in Windows Defender ATP
|
||||
description: Learn about Advanced hunting in Windows Defender ATP and how to query ATP data.
|
||||
keywords: advanced hunting, atp query, query atp data, intellisense, atp telemetry, events, events telemetry, azure log analytics
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Alerts queue in Windows Defender Security Center
|
||||
description: View and manage the alerts surfaced in Windows Defender Security Center
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: View and organize the Windows Defender ATP Alerts queue
|
||||
description: Learn about how the Windows Defender ATP alerts queues work, and how to sort and filter lists of alerts.
|
||||
keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Windows Defender ATP alert API fields
|
||||
description: Understand how the alert API fields map to the values in Windows Defender Security Center
|
||||
keywords: alerts, alert fields, fields, api, fields, pull alerts, rest api, request, response
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Assign user access to Windows Defender Security Center
|
||||
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
|
||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Experience Windows Defender ATP through simulated attacks
|
||||
description: Run the provided attack scenario simulations to experience how Windows Defender ATP can detect, investigate, and respond to breaches.
|
||||
keywords: wdatp, test, scenario, attack, simulation, simulated, diy, windows defender advanced threat protection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Use Automated investigations to investigate and remediate threats
|
||||
description: View the list of automated investigations, its status, detection source and other details.
|
||||
keywords: automated, investigation, detection, source, threat types, id, tags, machines, duration, filter export
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Use basic permissions to access Windows Defender Security Center
|
||||
description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
|
||||
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Block file API
|
||||
description: Use this API to blocking files from being running in the organization.
|
||||
keywords: apis, graph api, supported apis, block file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Check the health state of the sensor in Windows Defender ATP
|
||||
description: Check the sensor health on machines to identify which ones are misconfigured, inactive, or are not reporting sensor data.
|
||||
keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Collect investigation package API
|
||||
description: Use this API to create calls related to the collecting an investigation package from a machine.
|
||||
keywords: apis, graph api, supported apis, collect investigation package
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Access the Windows Defender ATP Community Center
|
||||
description: Access the Windows Defender ATP Community Center to share experiences, engange, and learn about the product.
|
||||
keywords: community, community center, tech community, conversation, announcements
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable conditional access to better protect users, devices, and data
|
||||
description: Enable conditional access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant.
|
||||
keywords: conditional access, block applications, security level, intune,
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure HP ArcSight to pull Windows Defender ATP alerts
|
||||
description: Configure HP ArcSight to receive and pull alerts from Windows Defender Security Center
|
||||
keywords: configure hp arcsight, security information and events management tools, arcsight
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title:
|
||||
description:
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure conditional access in Windows Defender ATP
|
||||
description:
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure alert notifications in Windows Defender ATP
|
||||
description: Send email notifications to specified recipients to receive new alerts based on severity with Windows Defender ATP on Windows 10 Enterprise, Pro, and Education editions.
|
||||
keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using Group Policy to Windows Defender ATP
|
||||
description: Use Group Policy to deploy the configuration package on Windows 10 machines so that they are onboarded to the service.
|
||||
keywords: configure machines using group policy, machine management, configure Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, group policy
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using Mobile Device Management tools
|
||||
description: Use Mobile Device Management tools to deploy the configuration package on machines so that they are onboarded to the service.
|
||||
keywords: onboard machines using mdm, machine management, onboard Windows ATP machines, onboard Windows Defender Advanced Threat Protection machines, mdm
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard non-Windows machines to the Windows Defender ATP service
|
||||
description: Configure non-Winodws machines so that they can send sensor data to the Windows Defender ATP service.
|
||||
keywords: onboard non-Windows machines, macos, linux, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using System Center Configuration Manager
|
||||
description: Use System Center Configuration Manager to deploy the configuration package on machines so that they are onboarded to the service.
|
||||
keywords: onboard machines using sccm, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines, sccm
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines using a local script
|
||||
description: Use a local script to deploy the configuration package on machines so that they are onboarded to the service.
|
||||
keywords: configure machines using a local script, machine management, configure Windows ATP machines, configure Windows Defender Advanced Threat Protection machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard non-persistent virtual desktop infrastructure (VDI) machines
|
||||
description: Deploy the configuration package on virtual desktop infrastructure (VDI) machine so that they are onboarded to Windows Defender ATP the service.
|
||||
keywords: configure virtual desktop infrastructure (VDI) machine, vdi, machine management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard Windows 10 machines on Windows Defender ATP
|
||||
description: Onboard Windows 10 machines so that they can send sensor data to the Windows Defender ATP sensor
|
||||
keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure managed security service provider support
|
||||
description: Take the necessary steps to configure the MSSP integration with Windows Defender ATP
|
||||
keywords: managed security service provider, mssp, configure, integration
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure machine proxy and Internet connection settings
|
||||
description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
|
||||
keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Onboard servers to the Windows Defender ATP service
|
||||
description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
|
||||
keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Pull alerts to your SIEM tools from Windows Defender Advanced Threat Prot
|
||||
description: Learn how to use REST API and configure supported security information and events management tools to receive and pull alerts.
|
||||
keywords: configure siem, security information and events management tools, splunk, arcsight, custom indicators, rest api, alert definitions, indicators of compromise
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Configure Splunk to pull Windows Defender ATP alerts
|
||||
description: Configure Splunk to receive and pull alerts from Windows Defender Security Center.
|
||||
keywords: configure splunk, security information and events management tools, splunk
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Create custom detection rules in Windows Defender ATP
|
||||
description: Learn how to create custom detections rules based on advanced hunting queries
|
||||
keywords: create custom detections, detections, advanced hunting, hunt, detect, query
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Create custom alerts using the threat intelligence API
|
||||
description: Create your custom alert definitions and indicators of compromise in Windows Defender ATP using the available APIs in Windows Enterprise, Education, and Pro editions.
|
||||
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Update data retention settings for Windows Defender Advanced Threat Prote
|
||||
description: Update data retention settings by selecting between 30 days to 180 days.
|
||||
keywords: data, storage, settings, retention, update
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Windows Defender ATP data storage and privacy
|
||||
description: Learn about how Windows Defender ATP handles privacy and data that it collects.
|
||||
keywords: Windows Defender ATP data storage and privacy, storage, privacy, licensing, geolocation, data retention, data
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Windows Defender Antivirus compatibility with Windows Defender ATP
|
||||
description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used.
|
||||
keywords: windows defender compatibility, defender, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable the custom threat intelligence API in Windows Defender ATP
|
||||
description: Learn how to setup the custom threat intelligence application in Windows Defender ATP to create custom threat intelligence (TI).
|
||||
keywords: enable custom threat intelligence application, custom ti application, application name, client id, authorization url, resource, client secret, access tokens
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable Secure Score in Windows Defender ATP
|
||||
description: Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard.
|
||||
keywords: enable secure score, baseline, calculation, analytics, score, secure score dashboard, dashboard
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Enable SIEM integration in Windows Defender ATP
|
||||
description: Enable SIEM integration to receive alerts in your security information and event management (SIEM) solution.
|
||||
keywords: enable siem connector, siem, connector, security information and events
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Evaluate Windows Defender Advanced Threat Protection
|
||||
description:
|
||||
keywords:
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Review events and errors using Event Viewer
|
||||
description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
|
||||
keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Experiment with custom threat intelligence alerts
|
||||
description: Use this end-to-end guide to start using the Windows Defender ATP threat intelligence API.
|
||||
keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Use the Windows Defender Advanced Threat Protection exposed APIs
|
||||
description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
|
||||
keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Find machine information by internal IP API
|
||||
description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP.
|
||||
keywords: ip, apis, graph api, supported apis, find machine, machine information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Fix unhealthy sensors in Windows Defender ATP
|
||||
description: Fix machine sensors that are reporting as misconfigured or inactive so that the service receives data from the machine.
|
||||
keywords: misconfigured, inactive, fix sensor, sensor health, no sensor data, sensor data, impaired communications, communication
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get actor information API
|
||||
description: Retrieves an actor information report.
|
||||
keywords: apis, graph api, supported apis, get, actor, information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get actor related alerts API
|
||||
description: Retrieves all alerts related to a given actor.
|
||||
keywords: apis, graph api, supported apis, get, actor, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert information by ID API
|
||||
description: Retrieves an alert by its ID.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related actor information API
|
||||
description: Retrieves the actor information related to the specific alert.
|
||||
keywords: apis, graph api, supported apis, get, alert, actor, information, related
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related domain information
|
||||
description: Retrieves all domains related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related domain
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related files information
|
||||
description: Retrieves all files related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related files
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related IP information
|
||||
description: Retrieves all IPs related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related ip
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related machine information
|
||||
description: Retrieves all machines related to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get alert information, alert information, related machine
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alert related user information
|
||||
description: Retrieves the user associated to a specific alert.
|
||||
keywords: apis, graph api, supported apis, get, alert, information, related, user
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get alerts API
|
||||
description: Retrieves top recent alerts.
|
||||
keywords: apis, graph api, supported apis, get, alerts, recent
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get CVE-KB map API
|
||||
description: Retrieves a map of CVE's to KB's.
|
||||
keywords: apis, graph api, supported apis, get, cve, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get domain related alerts API
|
||||
description: Retrieves a collection of alerts related to a given domain address.
|
||||
keywords: apis, graph api, supported apis, get, domain, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get domain related machines API
|
||||
description: Retrieves a collection of machines related to a given domain address.
|
||||
keywords: apis, graph api, supported apis, get, domain, related, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get domain statistics API
|
||||
description: Retrieves the prevalence for the given domain.
|
||||
keywords: apis, graph api, supported apis, get, domain, domain related machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file information API
|
||||
description: Retrieves a file by identifier Sha1, Sha256, or MD5.
|
||||
keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file related alerts API
|
||||
description: Retrieves a collection of alerts related to a given file hash.
|
||||
keywords: apis, graph api, supported apis, get, file, hash
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file related machines API
|
||||
description: Retrieves a collection of machines related to a given file hash.
|
||||
keywords: apis, graph api, supported apis, get, machines, hash
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get file statistics API
|
||||
description: Retrieves the prevalence for the given file.
|
||||
keywords: apis, graph api, supported apis, get, file, statistics
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get FileActions collection API
|
||||
description: Use this API to create calls related to get fileactions collection
|
||||
keywords: apis, graph api, supported apis, get, file, information, fileactions collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get FileMachineAction object API
|
||||
description: Use this API to create calls related to get machineaction object
|
||||
keywords: apis, graph api, supported apis, filemachineaction object
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get FileMachineActions collection API
|
||||
description: Use this API to create calls related to get filemachineactions collection
|
||||
keywords: apis, graph api, supported apis, filemachineactions collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get IP related alerts API
|
||||
description: Retrieves a collection of alerts related to a given IP address.
|
||||
keywords: apis, graph api, supported apis, get, ip, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get IP related machines API
|
||||
description: Retrieves a collection of machines related to a given IP address.
|
||||
keywords: apis, graph api, supported apis, get, ip, related, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get IP statistics API
|
||||
description: Retrieves the prevalence for the given IP.
|
||||
keywords: apis, graph api, supported apis, get, ip, statistics, prevalence
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get KB collection API
|
||||
description: Retrieves a collection of KB's.
|
||||
keywords: apis, graph api, supported apis, get, kb
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machine by ID API
|
||||
description: Retrieves a machine entity by ID.
|
||||
keywords: apis, graph api, supported apis, get, machines, entity, id
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machine log on users API
|
||||
description: Retrieves a collection of logged on users.
|
||||
keywords: apis, graph api, supported apis, get, machine, log on, users
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machine related alerts API
|
||||
description: Retrieves a collection of alerts related to a given machine ID.
|
||||
keywords: apis, graph api, supported apis, get, machines, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get MachineAction object API
|
||||
description: Use this API to create calls related to get machineaction object
|
||||
keywords: apis, graph api, supported apis, machineaction object
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get MachineActions collection API
|
||||
description: Use this API to create calls related to get machineactions collection
|
||||
keywords: apis, graph api, supported apis, machineaction collection
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get RBAC machine groups collection API
|
||||
description: Retrieves a collection of RBAC machine groups.
|
||||
keywords: apis, graph api, supported apis, get, RBAC, group
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machines API
|
||||
description: Retrieves a collection of recently seen machines.
|
||||
keywords: apis, graph api, supported apis, get, machines
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get machines security states collection API
|
||||
description: Retrieves a collection of machines security states.
|
||||
keywords: apis, graph api, supported apis, get, machine, security, state
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get package SAS URI API
|
||||
description: Use this API to get a URI that allows downloading an investigation package.
|
||||
keywords: apis, graph api, supported apis, get package, sas, uri
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get started with Windows Defender Advanced Threat Protection
|
||||
description: Learn about the minimum requirements and initial steps you need to take to get started with Windows Defender ATP.
|
||||
keywords: get started, minimum requirements, setup, subscription, features, data storage, privacy, user access
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get user information API
|
||||
description: Retrieve a User entity by key such as user name or domain.
|
||||
keywords: apis, graph api, supported apis, get, user, user information
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get user related alerts API
|
||||
description: Retrieves a collection of alerts related to a given user ID.
|
||||
keywords: apis, graph api, supported apis, get, user, related, alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Get user related machines API
|
||||
description: Retrieves a collection of machines related to a given user ID.
|
||||
keywords: apis, graph api, supported apis, get, user, user related alerts
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
title: How hardware-based containers help protect Windows 10 (Windows 10)
|
||||
description: Windows 10 uses containers to isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.
|
||||
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Incidents queue in Windows Defender ATP
|
||||
description:
|
||||
keywords: incidents, aggregate, investigations, queue, ttp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate Windows Defender Advanced Threat Protection alerts
|
||||
description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
|
||||
keywords: investigate, investigation, machines, machine, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate Windows Defender Advanced Threat Protection domains
|
||||
description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
|
||||
keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate Windows Defender Advanced Threat Protection files
|
||||
description: Use the investigation options to get details on files associated with alerts, behaviours, or events.
|
||||
keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate incidents in Windows Defender ATP
|
||||
description: See associated alerts, manage the incident, and see alert metadata to help you investigate an incident
|
||||
keywords: investigate, incident, alerts, metadata, risk, detection source, affected machines, patterns, correlation
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate an IP address associated with an alert
|
||||
description: Use the investigation options to examine possible communication between machines and external IP addresses.
|
||||
keywords: investigate, investigation, IP address, alert, windows defender atp, external IP
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate machines in the Windows Defender ATP Machines list
|
||||
description: Investigate affected machines by reviewing alerts, network connection information, adding machine tags and groups, and checking the service health.
|
||||
keywords: machines, tags, groups, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity, service heatlh
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Investigate a user account in Windows Defender ATP
|
||||
description: Investigate a user account for potential compromised credentials or pivot on the associated user account during an investigation.
|
||||
keywords: investigate, account, user, user entity, alert, windows defender atp
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Is domain seen in org API
|
||||
description: Use this API to create calls related to checking whether a domain was seen in the organization.
|
||||
keywords: apis, graph api, supported apis, domain, domain seen
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
@ -3,6 +3,7 @@ title: Is IP seen in org API
|
||||
description: Answers whether an IP was seen in the organization.
|
||||
keywords: apis, graph api, supported apis, is, ip, seen, org, organization
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
search.appverid: met150
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user