diff --git a/windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md index 9ae13f3020..d114a9a43f 100644 --- a/windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Prevent a file from being executed in the organization using Windows Defender. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md index 4cd36dd259..a085e86eef 100644 --- a/windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Collect investigation package from a machine. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md index b5a267b9d1..010bbb6a3f 100644 --- a/windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Get MachineAction object ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md index 1fcfb04357..0fb3e768d8 100644 --- a/windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Get MachineAction object ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md index 5c62aa0f2a..e1d38f112e 100644 --- a/windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Get a Uri that allows downloading an investigation package. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png b/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png new file mode 100644 index 0000000000..9b575bc8ff Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-app-restriction.png differ diff --git a/windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md index bdc4be053b..0219c0749d 100644 --- a/windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Isolates a machine from accessing external network. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md index c876bcf8f0..0dfc9214cd 100644 --- a/windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md index 4f7eee4ed9..7d46d4d4bf 100644 --- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -111,6 +111,7 @@ This feature is designed to prevent suspected malware (or potentially malicious The Action center shows the submission information: + ![Image of block file](images/atp-blockfile.png) - **Submission time** - Shows when the action was submitted.
@@ -233,4 +234,4 @@ HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection > If the value *AllowSampleCollection* is not available, the client will allow sample collection by default. ## Related topics -– [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) +- [Take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md index d051776e2e..ad39326774 100644 --- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -117,6 +117,11 @@ The action to restrict an application from running applies a code integrity poli When the application execution restriction configuration is applied, a new event is reflected in the machine timeline. +**Notification on machine user**:
+When an app is restricted, the following notification is displayed to inform the user that an app is being restricted from running: + +![Image of app restriction](images/atp-app-restriction.png) + ## Remove app restriction Depending on the severity of the attack and the state of the machine, you can choose to reverse the restriction of applications policy after you have verified that the compromised machine has been remediated. diff --git a/windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md index 6b9299e944..b72692edda 100644 --- a/windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Restrict execution of set of predefined applications. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md index 110a43b208..c66bf495db 100644 --- a/windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Initiate Windows Defender Antivirus scan on the machine. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md index ae11eb4445..4a66543450 100644 --- a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md @@ -87,7 +87,7 @@ You can take the following actions to increase the overall security score of you > For the Windows Defender Antivirus properties to show, you'll need to ensure that the Windows Defender Antivirus Cloud-based protection is properly configured on the endpoint. - Fix antivirus reporting - - This recommendation is displayed when the Windows Defender Antivirus configuration on a machines is not properly configured. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md). + - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md). - Turn on antivirus - Update antivirus definitions - Turn on cloud-based protection diff --git a/windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md index 96789ddeb9..3fb1a64c19 100644 --- a/windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Stop execution of a file on a machine and ensure it’s not executed again on that machine. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md index 0b5317d48a..8e0b3e45cc 100644 --- a/windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Allow a file to be executed in the organization, using Windows Defender. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md index 5fbb90a186..e8fef51291 100644 --- a/windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Remove machine from isolation. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ``` diff --git a/windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md index 65989bb731..1bba4ce326 100644 --- a/windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md @@ -17,7 +17,7 @@ ms.date: 09/01.2017 Remove code execution restriction. ## Permissions -User needs to have “secop” permissions. +Users need to have Security administrator or Global admin directory roles. ## HTTP request ```