From ea5f6190fe12bc56b6df152463c3d8393e7bb265 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 7 Mar 2018 18:32:56 -0800 Subject: [PATCH] update notes --- ...windows-defender-advanced-threat-protection.md | 11 ++++------- ...windows-defender-advanced-threat-protection.md | 15 ++++++--------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 798c98e51e..f994a9a05d 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -63,16 +63,13 @@ You'll also see details such as logon types for each user account, the user grou For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md). **Machine risk**
-The Machine risk tile shows the overall risk assesment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically (and also by suppressing an alert). It also gives a quick indicator of the active threats that machines could be exposed to. +The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically (and also by suppressing an alert). It also gives a quick indicator of the active threats that machines could be exposed to. -**Azure Advanced Threat Protection**
(this feature is not Machine risk level feture, should have a different headline, the same as in User) -If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. (I deleted the extra information, we only have it in the user section and not in the machine page) +**Azure Advanced Threat Protection**
+If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. >[!NOTE] ->You’ll need to enable the integration between Windows Defender ATP and Azure Advanced Threat Protection to use this feature. -(the enablment should be in both side) - -For more information on how to enable the Azure ATP integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). +>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). **Machine reporting**
Provides the last internal IP and exteral IP of the machine. It also shows when the machine was first and last seen reporting to the service. diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md index c8423e616d..4d80bb8c2e 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md @@ -47,21 +47,18 @@ The user entity tile provides details about the user such as when the user was f **Azure Advanced Threat Protection**
If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user. +>[!NOTE] +>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). + **Logged on machines**
You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine. ->[!NOTE] ->You'll need to enable the integration between Windows Defender ATP and Azure ATP to use this feature. -the same note that I added in the Machine page- it should be the same in both cases: (this should be done in both sides, and on WDATP it would be in the "advanced settings") -For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). - - -**Alerts related to this user**
+## Alerts related to this user This section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert. -**Observed in organization**
-Thissection allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines. +## Observed in organization +This section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines. The machine health state is displayed in the machine icon and color as well as in a description text. Clicking on the icon displays additional details regarding machine health.