deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 15:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update notes

Browse Source
This commit is contained in:
Joey Caparas 2018-03-07 18:32:56 -08:00
parent 99f7a82322
commit ea5f6190fe
2 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
View File

@ -63,16 +63,13 @@ You'll also see details such as logon types for each user account, the user grou
For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md). For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
**Machine risk**</br> **Machine risk**</br>
The Machine risk tile shows the overall risk assesment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically (and also by suppressing an alert). It also gives a quick indicator of the active threats that machines could be exposed to. The Machine risk tile shows the overall risk assessment of a machine. A machine's risk level is determined using the number of active alerts and their severity levels. You can influence a machine's risk level by resolving associated alerts manually or automatically (and also by suppressing an alert). It also gives a quick indicator of the active threats that machines could be exposed to.
**Azure Advanced Threat Protection**</br> (this feature is not Machine risk level feture, should have a different headline, the same as in User) **Azure Advanced Threat Protection**</br>
If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. (I deleted the extra information, we only have it in the user section and not in the machine page) If you have enabled the Azure ATP feature and there are alerts related to the machine, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided.
>[!NOTE] >[!NOTE]
>Youll need to enable the integration between Windows Defender ATP and Azure Advanced Threat Protection to use this feature. >You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
(the enablment should be in both side)
For more information on how to enable the Azure ATP integration, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
**Machine reporting**</br> **Machine reporting**</br>
Provides the last internal IP and exteral IP of the machine. It also shows when the machine was first and last seen reporting to the service. Provides the last internal IP and exteral IP of the machine. It also shows when the machine was first and last seen reporting to the service.

15
windows/security/threat-protection/windows-defender-atp/investigate-user-windows-defender-advanced-threat-protection.md
View File

@ -47,21 +47,18 @@ The user entity tile provides details about the user such as when the user was f
**Azure Advanced Threat Protection**</br> **Azure Advanced Threat Protection**</br>
If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user. If you have enabled the Azure ATP feature and there are alerts related to the user, you can click on the link that will take you to the Azure ATP page where more information about the alerts are provided. The Azure ATP tile also provides details such as the last AD site, total group memberships, and login failure associated with the user.
>[!NOTE]
>You'll need to enable the integration on both Azure ATP and Windows Defender ATP to use this feature. In Windows Defender ATP, you can enable this feature in advanced features. For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
**Logged on machines**</br> **Logged on machines**</br>
You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine. You'll also see a list of the machines that the user logged on to, and can expand these to see details of the logon events on each machine.
>[!NOTE]
>You'll need to enable the integration between Windows Defender ATP and Azure ATP to use this feature.
the same note that I added in the Machine page- it should be the same in both cases: (this should be done in both sides, and on WDATP it would be in the "advanced settings")
For more information on how to enable advanced features, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md). ## Alerts related to this user
**Alerts related to this user**</br>
This section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert. This section provides a list of alerts that are associated with the user account. This list is a filtered view of the [Alert queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows alerts where the user context is the selected user account, the date when the last activity was detected, a short description of the alert, the machine associated with the alert, the alert's severity, the alert's status in the queue, and who is assigned the alert.
**Observed in organization**</br> ## Observed in organization
Thissection allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines. This section allows you to specify a date range to see a list of machines where this user was observed logged on to, and the most frequent and least frequent logged on user account on each of these machines.
The machine health state is displayed in the machine icon and color as well as in a description text. Clicking on the icon displays additional details regarding machine health. The machine health state is displayed in the machine icon and color as well as in a description text. Clicking on the icon displays additional details regarding machine health.