deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #4496 from MicrosoftDocs/repo_sync_working_branch

Browse Source 
Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windows-itpro-docs (branch public)
This commit is contained in:
Gary Moore 2021-01-04 15:54:42 -08:00 committed by GitHub
commit eb215e7c1d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
View File

@ -37,11 +37,13 @@ You can use either of the following solutions:
For granular control over permissions, [switch to role-based access control](rbac.md).
## Assign user access using Azure PowerShell
You can assign users with one of the following levels of permissions:
- Full access (Read and Write)
- Read-only access
### Before you begin
- Install Azure PowerShell. For more information, see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).<br>
> [!NOTE]
@ -61,19 +63,20 @@ Assigning read-only access rights requires adding the users to the "Security Rea
Use the following steps to assign security roles:
- For **read and write** access, assign users to the security administrator role by using the following command:
```text
```PowerShell
Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"
```
- For **read-only** access, assign users to the security reader role by using the following command:
```text
```PowerShell
Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress "reader@Contoso.onmicrosoft.com"
```
For more information, see, [Add, or remove group memberships](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
For more information, see [Add or remove group members using Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal).
## Assign user access using the Azure portal
For more information, see [Assign administrator and non-administrator roles to uses with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).
For more information, see [Assign administrator and non-administrator roles to users with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).
## Related topic
- [Manage portal access using RBAC](rbac.md)

12
windows/security/threat-protection/microsoft-defender-atp/get-ip-statistics.md
View File

@ -46,7 +46,7 @@ Permission type | Permission | Permission display name
Application | Ip.Read.All | 'Read IP address profiles'
Delegated (work or school account) | Ip.Read.All | 'Read IP address profiles'
>[!Note]
>[!NOTE]
> When obtaining a token using user credentials:
>- The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information)
@ -95,3 +95,13 @@ Content-type: application/json
"orgLastSeen": "2017-08-29T13:32:59Z"
}
```
| Name | Description |
| :--- | :---------- |
| Org prevalence | the distinct count of devices that opened network connection to this IP. |
| Org first seen | the first connection for this IP in the organization. |
| Org last seen | the last connection for this IP in the organization. |
> [!NOTE]
> This statistic information is based on data from the past 30 days.

22
windows/security/threat-protection/microsoft-defender-atp/respond-file-alerts.md
View File

@ -46,12 +46,12 @@ You can also submit files for deep analysis, to run the file in a secure cloud s
Some actions require certain permissions. The following table describes what action certain permissions can take on portable executable (PE) and non-PE files:
Permission | PE files | Non-PE files
:---|:---|:---
View data | X | X
Alerts investigation | &#x2611; | X
Live response basic | X | X
Live response advanced | &#x2611; |&#x2611;
| Permission | PE files | Non-PE files |
| :--------------------- | :------: | :----------: |
| View data | X | X |
| Alerts investigation | &#x2611; | X |
| Live response basic | X | X |
| Live response advanced | &#x2611; | &#x2611; |
For more information on roles, see [Create and manage roles for role-based access control](user-roles.md).
@ -133,7 +133,7 @@ You can roll back and remove a file from quarantine if youve determined that
>
> Defender for Endpoint will restore all custom blocked files that were quarantined on this device in the last 30 days.
> [!Important]
> [!IMPORTANT]
> A file that was quarantined as a potential network threat might not be recoverable. If a user attempts to restore the file after quarantine, that file might not be accessible. This can be due to the system no longer having network credentials to access the file. Typically, this is a result of a temporary log on to a system or shared folder and the access tokens expired.
## Add indicator to block or allow a file
@ -215,7 +215,7 @@ The Deep analysis summary includes a list of observed *behaviors*, some of which
Results of deep analysis are matched against threat intelligence and any matches will generate appropriate alerts.
Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available within the **Deep analysis** tab, on the file's profile page.
Use the deep analysis feature to investigate the details of any file, usually during an investigation of an alert or for any other reason where you suspect malicious behavior. This feature is available within the **Deep analysis** tab, on the file's profile page.<br/>
<br/>
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4aAYy?rel=0]
@ -232,7 +232,7 @@ You can also manually submit a sample through the [Microsoft Security Center Por
When the sample is collected, Defender for Endpoint runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on devices, communication to IPs, and registry modifications.
**Submit files for deep analysis:**
#### Submit files for deep analysis
1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
@ -252,7 +252,7 @@ A progress bar is displayed and provides information on the different stages of
> [!NOTE]
> Depending on device availability, sample collection time can vary. There is a 3hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 device reporting at that time. You can resubmit files for deep analysis to get fresh data on the file.
**View deep analysis reports**
#### View deep analysis reports
View the deep analysis report that Defender for Endpoint provides to see the details of the deep analysis that was conducted on the file you submitted. This feature is available in the file view context.
@ -268,7 +268,7 @@ The details provided can help you investigate if there are indications of a pote
![The deep analysis report shows detailed information across a number of categories](images/analysis-results-nothing.png)
**Troubleshoot deep analysis**
#### Troubleshoot deep analysis
If you encounter a problem when trying to submit a file, try each of the following troubleshooting steps.