From 4f702f49b50634eb44e7698a0e80edb9de0a39a7 Mon Sep 17 00:00:00 2001
From: EfiKliger <45028856+EfiKliger@users.noreply.github.com>
Date: Mon, 27 Jul 2020 08:17:42 +0300
Subject: [PATCH 01/13] Update get-machines.md
---
.../threat-protection/microsoft-defender-atp/get-machines.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index 75f9f0e49d..b62bd53c6d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -24,7 +24,7 @@ ms.topic: article
## API description
-Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud on the last 30 days.
+Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud.
Supports [OData V4 queries](https://www.odata.org/documentation/).
The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```healthStatus```, ```osPlatform```, ```riskScore``` and ```rbacGroupId```.
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
From c509a4fa4c58a58e695ba5d198e83295a49566ea Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 10:08:56 -0700
Subject: [PATCH 02/13] Update automated-investigations.md
---
.../microsoft-defender-atp/automated-investigations.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 81ce65baaa..d6dd2ea36a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -82,10 +82,12 @@ The default device group is configured for semi-automatic remediation. This mean
When a pending action is approved, the entity is then remediated and this new state is reflected in the **Entities** tab of the investigation.
-## Next step
+## Next steps
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)(https://aka.ms/MDATP-IR-Interactive-Guide)
+
## Related articles
- [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
From 8ddf20b2b809a841646ab41ff406694f89633d29 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 10:10:36 -0700
Subject: [PATCH 03/13] Update manage-auto-investigation.md
---
.../microsoft-defender-atp/manage-auto-investigation.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index d1823bc880..9e3df15667 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -63,6 +63,8 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
## Next steps
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)(https://aka.ms/MDATP-IR-Interactive-Guide)
+
- [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center)
- [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)
From f1f99036c766ff9c63394fbb225a1a95051e5d52 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 10:33:54 -0700
Subject: [PATCH 04/13] Update auto-investigation-action-center.md
---
.../auto-investigation-action-center.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
index dab80159ea..48ff761684 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@@ -158,4 +158,7 @@ When you click on the pending actions link, you'll be taken to the Action center
## Next steps
-[View and approve remediation actions](manage-auto-investigation.md)
+- [View and approve remediation actions](manage-auto-investigation.md)
+
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)(https://aka.ms/MDATP-IR-Interactive-Guide)
+
From e285978ec45f4716deb742e260a74c6c021a94ed Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 10:45:12 -0700
Subject: [PATCH 05/13] Update symantec-to-microsoft-defender-atp-onboard.md
---
.../symantec-to-microsoft-defender-atp-onboard.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index fa8115f0cb..cdf8766317 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -96,4 +96,7 @@ To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.
- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
-- To learn more about Microsoft Defender ATP and how to configure or adjust various features and capabilities, see [Microsoft Defender ATP documentation](https://docs.microsoft.com/windows/security/threat-protection).
\ No newline at end of file
+- To learn more about Microsoft Defender ATP and how to configure or adjust various features and capabilities, see [Microsoft Defender ATP documentation](https://docs.microsoft.com/windows/security/threat-protection).
+
+- [See the interactive guide: Manage devices with Microsoft Endpoint Manager](https://aka.ms/Manage_Devices-InteractiveGuide)(https://aka.ms/Manage_Devices-InteractiveGuide)
+
\ No newline at end of file
From 435762205f7b61455cc3af8993068e5e5eaa588e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 11:16:41 -0700
Subject: [PATCH 06/13] Update auto-investigation-action-center.md
---
.../microsoft-defender-atp/auto-investigation-action-center.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
index 48ff761684..cb7648e275 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@@ -160,5 +160,5 @@ When you click on the pending actions link, you'll be taken to the Action center
- [View and approve remediation actions](manage-auto-investigation.md)
-- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)(https://aka.ms/MDATP-IR-Interactive-Guide)
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
From 5de2e6fd82713ba3ca3d462721caf99498597fc7 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 11:17:02 -0700
Subject: [PATCH 07/13] Update automated-investigations.md
---
.../microsoft-defender-atp/automated-investigations.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index d6dd2ea36a..f0292e125f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -86,7 +86,7 @@ When a pending action is approved, the entity is then remediated and this new st
- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
-- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)(https://aka.ms/MDATP-IR-Interactive-Guide)
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
## Related articles
From 3a867123c84be107f1068d4de3fe1c3f57f166ab Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 11:17:33 -0700
Subject: [PATCH 08/13] Update manage-auto-investigation.md
---
.../microsoft-defender-atp/manage-auto-investigation.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
index 9e3df15667..913a4d215c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@@ -63,7 +63,7 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
## Next steps
-- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)(https://aka.ms/MDATP-IR-Interactive-Guide)
+- [See the interactive guide: Investigate and remediate threats with Microsoft Defender ATP](https://aka.ms/MDATP-IR-Interactive-Guide)
- [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center)
From 465b3619e240e9b2c8e4ec9a2b82e65f0e676f8a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 11:18:11 -0700
Subject: [PATCH 09/13] Update symantec-to-microsoft-defender-atp-onboard.md
---
.../symantec-to-microsoft-defender-atp-onboard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index cdf8766317..5f86727717 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -98,5 +98,5 @@ To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.
- To learn more about Microsoft Defender ATP and how to configure or adjust various features and capabilities, see [Microsoft Defender ATP documentation](https://docs.microsoft.com/windows/security/threat-protection).
-- [See the interactive guide: Manage devices with Microsoft Endpoint Manager](https://aka.ms/Manage_Devices-InteractiveGuide)(https://aka.ms/Manage_Devices-InteractiveGuide)
+- [See the interactive guide: Manage devices with Microsoft Endpoint Manager](https://aka.ms/Manage_Devices-InteractiveGuide)
\ No newline at end of file
From 0eba33819816ae39adb5844a271e15275faa05fa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 11:59:19 -0700
Subject: [PATCH 10/13] Update security-operations-dashboard.md
---
.../microsoft-defender-atp/security-operations-dashboard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
index db1b08907f..6fb6a53bf7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@@ -100,7 +100,7 @@ You can view the overall number of automated investigations from the last 30 day
## Automated investigations statistics
-This tile shows statistics related to automated investigations in the last 30 days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation.
+This tile shows statistics related to automated investigations in the last seven days. It shows the number of investigations completed, the number of successfully remediated investigations, the average pending time it takes for an investigation to be initiated, the average time it takes to remediate an alert, the number of alerts investigated, and the number of hours of automation saved from a typical manual investigation.
From a373eaf1b5a81b8d78d4732faf03b4805807ad7f Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 27 Jul 2020 12:03:12 -0700
Subject: [PATCH 11/13] Update symantec-to-microsoft-defender-atp-onboard.md
---
.../symantec-to-microsoft-defender-atp-onboard.md | 3 ---
1 file changed, 3 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
index 5f86727717..d00f9c4634 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-onboard.md
@@ -97,6 +97,3 @@ To do this, visit the Microsoft Defender ATP demo scenarios site ([https://demo.
- [Visit your security operations dashboard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) in the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).
- To learn more about Microsoft Defender ATP and how to configure or adjust various features and capabilities, see [Microsoft Defender ATP documentation](https://docs.microsoft.com/windows/security/threat-protection).
-
-- [See the interactive guide: Manage devices with Microsoft Endpoint Manager](https://aka.ms/Manage_Devices-InteractiveGuide)
-
\ No newline at end of file
From d401f713cbd27e4634911c9e31a67e76e78981d2 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Mon, 27 Jul 2020 14:52:11 -0700
Subject: [PATCH 12/13] Corrected code markup
---
.../microsoft-defender-atp/get-machines.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
index b62bd53c6d..855fce68fd 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines.md
@@ -26,7 +26,7 @@ ms.topic: article
## API description
Retrieves a collection of [Machines](machine.md) that have communicated with Microsoft Defender ATP cloud.
Supports [OData V4 queries](https://www.odata.org/documentation/).
-
The OData's ```$filter``` query is supported on: ```computerDnsName```, ```lastSeen```, ```healthStatus```, ```osPlatform```, ```riskScore``` and ```rbacGroupId```.
+
The OData's `$filter` query is supported on: `computerDnsName`, `lastSeen`, `healthStatus`, `osPlatform`, `riskScore` and `rbacGroupId`.
See examples at [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md)
@@ -51,7 +51,7 @@ Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine
>- Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)
## HTTP request
-```
+```console
GET https://api.securitycenter.windows.com/api/machines
```
@@ -77,7 +77,7 @@ Here is an example of the request.
[!include[Improve request performance](../../includes/improve-request-performance.md)]
-```
+```console
GET https://api.securitycenter.windows.com/api/machines
```
@@ -86,7 +86,7 @@ GET https://api.securitycenter.windows.com/api/machines
Here is an example of the response.
-```
+```console
HTTP/1.1 200 OK
Content-type: application/json
{
From a8bbab9d5c4958afa9a06e04db8fcc6610474c97 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Mon, 27 Jul 2020 14:55:34 -0700
Subject: [PATCH 13/13] Acrolinx: corrected "Remidated" to "Remediated"
---
.../microsoft-defender-atp/security-operations-dashboard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
index 6fb6a53bf7..1fdb856b5d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard.md
@@ -104,7 +104,7 @@ This tile shows statistics related to automated investigations in the last seven
-You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
+You can click on **Automated investigations**, **Remediated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context.
## Users at risk
The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts.