From b4b0efd354dc4a26c5698659f00e8ce608f4295d Mon Sep 17 00:00:00 2001 From: Jreeds001 Date: Fri, 20 Mar 2020 11:42:50 -0700 Subject: [PATCH 01/12] Update applocker-overview.md Added Note about control processes --- .../applocker/applocker-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 320db86050..4777a11a1c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -23,7 +23,7 @@ ms.date: 10/16/2017 - Windows 10 - Windows Server -This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. +This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. **Note:** AppLocker doesn't control processes running under system account on all OS versions. AppLocker can help you: From 1eb0e9e14ed635649bc2f255733165103d4b9681 Mon Sep 17 00:00:00 2001 From: Jreeds001 Date: Mon, 23 Mar 2020 10:26:22 -0700 Subject: [PATCH 02/12] Update applocker-overview.md Updated copy to Notes --- .../applocker/applocker-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 4777a11a1c..96bda3d33b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -23,7 +23,7 @@ ms.date: 10/16/2017 - Windows 10 - Windows Server -This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. **Note:** AppLocker doesn't control processes running under system account on all OS versions. +This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. **Note:** AppLocker is unable to control processes running under the system account on any OS. AppLocker can help you: From 189b52f907d34e2b4e859b4f6ffc7c19a55dce8c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 23 Mar 2020 11:04:19 -0700 Subject: [PATCH 03/12] updated text --- .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 8d2e155a2e..3c17e82061 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -52,9 +52,9 @@ DeviceName=any(DeviceName) by DeviceId, AlertId ## Find and remediate software or software versions which have reached end-of-support (EOS) -End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks. +End-of-support (otherwise known as end-of-life) for software or software versions means that they will no longer be supported or serviced, and will not receive security updates. When you use software or software versions which have reached end-of-support, you're exposing your organization to security vulnerabilities, legal, and financial risks. -It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. +It is crucial for Security and IT Administrators to work together and ensure that the organization's software inventory is configured for optimal results, compliance, and a healthy network ecosystem. They should examine the options to remove or replace apps that have reached end of support, and update versions that have reached end of support. It is best to create and implement a plan **before** the end of support dates. To find software or software versions which have reached end-of-support: From ca2aed342e51159ad4dfb24a16c9a53149f3dcae Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Tue, 24 Mar 2020 10:43:53 -0700 Subject: [PATCH 04/12] pencil edit --- .../applocker/applocker-overview.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 96bda3d33b..8deb7aec05 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -23,7 +23,10 @@ ms.date: 10/16/2017 - Windows 10 - Windows Server -This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. **Note:** AppLocker is unable to control processes running under the system account on any OS. +This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. + +> [!NOTE] +> AppLocker is unable to control processes running under the system account on any OS. AppLocker can help you: From 1d11528f3c7806b2b6a3ad90466b6181049b0dc0 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Tue, 24 Mar 2020 10:44:27 -0700 Subject: [PATCH 05/12] pencil edit --- .../applocker/applocker-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index 8deb7aec05..e153eda8b0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -26,7 +26,7 @@ ms.date: 10/16/2017 This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers. > [!NOTE] -> AppLocker is unable to control processes running under the system account on any OS. +> AppLocker is unable to control processes running under the system account on any operating system. AppLocker can help you: From 76857325a2dfec49bd71d1d6fe1510ed2c8a927f Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 24 Mar 2020 12:01:03 -0700 Subject: [PATCH 06/12] apis --- .../get-missing-kbs-machine.md | 86 +++++++++++++++++ .../get-missing-kbs-software.md | 93 +++++++++++++++++++ .../microsoft-defender-atp/machine.md | 5 +- .../microsoft-defender-atp/software.md | 16 ++-- .../microsoft-defender-atp/tvm-remediation.md | 8 +- 5 files changed, 195 insertions(+), 13 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md new file mode 100644 index 0000000000..0a94ffa148 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -0,0 +1,86 @@ +--- +title: Get missing KBs +description: Retrieves a list of software inventory +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get missing KBs + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves missing KBs by machine Id + +## HTTP request + +``` +GET /api/machines/{machineId}/getmissingkbs +``` + +## Request header + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + +## Request body + +Empty + +## Response + +If successful, this method returns 200 OK, with the specified machine missing kb data in the body. + +## Example + +### Request + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/2339ad14a01bd0299afb93dfa2550136057bff96/getmissingkbs +``` + +### Response + +Here is an example of the response. + + +```json +{ + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicProductFixDto)", + "value": [ + { + "id": "4540673", + "name": "March 2020 Security Updates", + "productsNames": [ + "windows_10", + "edge", + "internet_explorer" + ], + "url": "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4540673", + "machineMissedOn": 1, + "cveAddressed": 97 + }, + ... + ] +} +``` + +## Related topics + +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md new file mode 100644 index 0000000000..a42ffaea6b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md @@ -0,0 +1,93 @@ +--- +title: Get missing KBs +description: Retrieves a list of software inventory +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get missing KBs + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves missing KBs by software Id + +## Permissions + +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request + +``` +GET /api/Software/{Id}/getmissingkbs +``` + +## Request header + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + +## Request body + +Empty + +## Response + +If successful, this method returns 200 OK, with the specified software missing kb data in the body. + +## Example + +### Request + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/getmissingkbs +``` + +### Response + +Here is an example of the response. + + +```json +{ + "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#Collection(microsoft.windowsDefenderATP.api.PublicProductFixDto)", + "value": [ + { + "id": "4540673", + "name": "March 2020 Security Updates", + "productsNames": [ + "edge" + ], + "url": "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4540673", + "machineMissedOn": 240, + "cveAddressed": 14 + }, + ... + ] +} +``` + +## Related topics + +- [Risk-based Threat & Vulnerability Management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) +- [Threat & Vulnerability software inventory](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a38094be67..92e5b76fd8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -25,6 +25,7 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] ## Methods + Method|Return Type |Description :---|:---|:--- [List machines](get-machines.md) | [machine](machine.md) collection | List set of [machine](machine.md) entities in the org. @@ -36,9 +37,11 @@ Method|Return Type |Description [Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a collection of security recommendations related to a given machine ID. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. +[Get missing KBs](get-missing-kbs-machine.md) | KB collection | Get a list of missing KBs associated with the machine ID ## Properties -Property | Type | Description + +Property | Type | Description :---|:---|:--- id | String | [machine](machine.md) identity. computerDnsName | String | [machine](machine.md) fully qualified name. diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 49e8e4c12d..414a3a54fc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -20,11 +20,12 @@ ms.topic: article **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) [!include[Prerelease information](../../includes/prerelease.md)] ## Methods + Method |Return Type |Description :---|:---|:--- [List software](get-software.md) | Software collection | List the organizational software inventory. @@ -32,16 +33,17 @@ Method |Return Type |Description [List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID. [List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of machines that are associated with the software ID. [List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID. +[Get missing KBs](get-missing-kbs-software.md) | KB collection | Get a list of missing KBs associated with the software ID ## Properties -Property | Type | Description + +Property | Type | Description :---|:---|:--- id | String | Software ID -Name | String | Software name -Vendor | String | Software vendor name -Weaknesses | Long | Number of discovered vulnerabilities +Name | String | Software name +Vendor | String | Software vendor name +Weaknesses | Long | Number of discovered vulnerabilities publicExploit | Boolean | Public exploit exists for some of the vulnerabilities activeAlert | Boolean | Active alert is associated with this software exposedMachines | Long | Number of exposed machines -impactScore | Double | Exposure score impact of this software - +impactScore | Double | Exposure score impact of this software diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 255962e9a7..6162539530 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -30,17 +30,15 @@ After your organization's cybersecurity weaknesses are identified and mapped to Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations. -## Remediation - ## How remediation requests work When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune. The dashboard will show the status of your top remediation activities. Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task. -## Accessing the Remediation page +## Accessing the remediation page -You can access the Remediation page in a few places in the portal: +You can access the remediation page in a few places in the portal: - Security recommendations flyout panel - Navigation menu @@ -70,7 +68,7 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed 2. Select the remediation activity that you want to view. ![Screenshot of the remediation page flyout for a software which reached end-of-support](images/remediation_flyouteolsw.png) -### Top remediation activities card the dashboard +### Top remediation activities in the dashboard 1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top remediation activities** card. The list is sorted and prioritized based on what is listed in the **Top security recommendations**. 2. Select the remediation activity that you want to view. From 9ae21fb78b5acd26b9f3756b1e6692eae4c27fa8 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 24 Mar 2020 12:29:57 -0700 Subject: [PATCH 07/12] fix bold text --- .../deploy-windows-10-using-pxe-and-configuration-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md index 8e1aead949..19ebb6ea7b 100644 --- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -79,7 +79,7 @@ Examples are provided below of various stages of deployment: ![pc0001k](../images/pc0001k.png)
![pc0001l](../images/pc0001l.png)
![pc0001m](../images/pc0001m.png)
-![pc0001n](../images/pc0001n.png)
+![pc0001n](../images/pc0001n.png) Next, see [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md). From a33284172ce668e12eec0ce9c0f09dc72d192f58 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 24 Mar 2020 13:01:18 -0700 Subject: [PATCH 08/12] redirect fix --- .openpublishing.redirection.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index b79b7c666a..0991c425ae 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15850,6 +15850,11 @@ "source_path": "windows/deployment/deploy-windows-sccm/get-started-with-configuraton-manager.md", "redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager", "redirect_document_id": false +}, +{ +"source_path": "windows/deployment/deploy-windows-sccm/deploy-windows-10-with-configuration-manager.md", +"redirect_url": "https://docs.microsoft.com/windows/deployment/deploy-windows-cm/get-started-with-configuraton-manager", +"redirect_document_id": false } ] } From dc7f704fb009a79cebf952fee7d6fc764f8f9dc7 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 24 Mar 2020 14:18:19 -0700 Subject: [PATCH 09/12] TOC --- windows/security/threat-protection/TOC.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 72edc00443..4ad6ee6826 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -464,6 +464,7 @@ ####### [Get security recommendations](microsoft-defender-atp/get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) +####### [Get missing KBs](microsoft-defender-atp/get-missing-kbs-machine.md) ###### [Machine Action]() ####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md) @@ -525,6 +526,7 @@ ####### [List software version distribution](microsoft-defender-atp/get-software-ver-distribution.md) ####### [List machines by software](microsoft-defender-atp/get-machines-by-software.md) ####### [List vulnerabilities by software](microsoft-defender-atp/get-vuln-by-software.md) +####### [Get missing KBs](microsoft-defender-atp/get-missing-kbs-software.md) ###### [Vulnerability]() ####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) From dc7701a3792f762875c8e76f38e353a366ea7ca6 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 24 Mar 2020 14:47:33 -0700 Subject: [PATCH 10/12] new sections --- .../threat-and-vuln-mgt-scenarios.md | 15 ++++++++++----- .../tvm-dashboard-insights.md | 2 +- .../tvm-security-recommendation.md | 8 +++++++- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 3c17e82061..f31d2e82a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -69,6 +69,16 @@ To find software or software versions which have reached end-of-support: After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details. +## Use APIs + +Threat and vulnerability management supports multiple APIs. See the following topics for related APIs: + +- [Machine APIs](machine.md) +- [Recommendation APIs](vulnerability.md) +- [Score APIs](score.md) +- [Software APIs](software.md) +- [Vulnerability APIs](vulnerability.md) + ## Related topics - [Supported operating systems and platforms](tvm-supported-os.md) @@ -83,8 +93,3 @@ After you have identified which software and software versions are vulnerable du - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) - [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) -- [Recommendation APIs](vulnerability.md) -- [Machine APIs](machine.md) -- [Score APIs](score.md) -- [Software APIs](software.md) -- [Vulnerability APIs](vulnerability.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index d2c196a62c..839193db64 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -76,7 +76,7 @@ Area | Description [**Exposure score**](tvm-exposure-score.md) | See the current state of your organization's device exposure to threats and vulnerabilities. Several factors affect your organization's exposure score: weaknesses discovered in your devices, likelihood of your devices to be breached, value of the devices to your organization, and relevant alerts discovered with your devices. The goal is to lower the exposure score of your organization to be more secure. To reduce the score, you need to remediate the related security configuration issues listed in the security recommendations. [**Configuration score**](configuration-score.md) | See the security posture of the operating system, applications, network, accounts and security controls of your organization. The goal is to remediate the related security configuration issues to increase your configuration score. Selecting the bars will take you to the **Security recommendation** page. **Machine exposure distribution** | See how many machines are exposed based on their exposure level. Select a section in the doughnut chart to go to the **Machines list** page and view the affected machine names, exposure level, risk level, and other details such as domain, operating system platform, its health state, when it was last seen, and its tags. -**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization's risk exposure and the urgency that it requires. Useful icons also quickly calls your attention to
  • ![Possible active alert](images/tvm_alert_icon.png) possible active alerts
  • ![Threat insight](images/tvm_bug_icon.png) associated public exploits
  • ![Recommendation insight](images/tvm_insight_icon.png) recommendation insights

Tags also indicates the remediation type required, such as **Configuration change**, **Software uninstall** (if the software has reached its end-of-life), and **Software update** (if the software version has reached end-of-support, or if a vulnerable version requires updating). You can drill down on the security recommendation to see potential risks, list of exposed machines, and insights. You can then request a remediation for the recommendation. Select **Show more** to see the rest of the security recommendations in the list or **Show exceptions** for the list of recommendations that have an exception. +**Top security recommendations** | See the collated security recommendations which are sorted and prioritized based on your organization's risk exposure and the urgency that it requires. Select **Show more** to see the rest of the security recommendations in the list or **Show exceptions** for the list of recommendations that have an exception. **Top vulnerable software** | Get real-time visibility into your organization's software inventory with a stack-ranked list of vulnerable software installed on your network's devices and how they impact your organizational exposure score. Select an item for details or **Show more** to see the rest of the vulnerable software list in the **Software inventory** page. **Top remediation activities** | Track the remediation activities generated from the security recommendations. You can select each item on the list to see the details in the **Remediation** page or select **Show more** to view the rest of the remediation activities, and active exceptions. **Top exposed machines** | View exposed machine names and their exposure level. Select a machine name from the list to go to the machine page where you can view the alerts, risks, incidents, security recommendations, installed software, and discovered vulnerabilities associated with the exposed machines. Select **Show more** to see the rest of the exposed machines list. From the machines list, you can manage tags, initiate automated investigations, initiate a live response session, collect an investigation package, run antivirus scan, restrict app execution, and isolate machine. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 09f5eadae8..d28353f90b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -61,10 +61,16 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit You will be able to view the recommendation, the number of weaknesses found, related components, threat insights, number of exposed machines, status, remediation type, remediation activities, impact to your exposure and configuration scores, and associated tags. -The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the amount of exposed machines, the color of the graph will change into green. This happens when the numbers on the right hand side is greater than what's on the left, which means an increase or decrease at the end of even a single machine will change the graph's color. +The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the amount of exposed machines, the color of the graph will change into green. This happens when the numbers on the right hand side is greater than what's on the left, which means an increase or decrease at the end of even a single machine will change the graph's color. ![Screenshot of security recommendations page](images/tvmsecrec-updated.png) +### Icons + +Useful icons also quickly calls your attention to
  • ![Possible active alert](images/tvm_alert_icon.png) possible active alerts
  • ![Threat insight](images/tvm_bug_icon.png) associated public exploits
  • ![Recommendation insight](images/tvm_insight_icon.png) recommendation insights

+ +### Investigate + Select the security recommendation that you want to investigate or process. ![Screenshot of the security recommendation page flyout for a software which reached its end-of-life](images/secrec-flyouteolsw.png) From 2207aa9c3c25e0d8a4764e2301e667323b5e5743 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 24 Mar 2020 14:51:16 -0700 Subject: [PATCH 11/12] metadata --- .../get-missing-kbs-machine.md | 12 ++++++------ .../get-missing-kbs-software.md | 14 +++++++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md index 0a94ffa148..86ce1c9e6a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-machine.md @@ -1,14 +1,14 @@ --- -title: Get missing KBs -description: Retrieves a list of software inventory -keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +title: Get missing KBs by machine ID +description: Retrieves missing KBs by machine Id +keywords: apis, graph api, supported apis, get, list, file, information, machine id, threat & vulnerability management api, mdatp tvm api search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get missing KBs +# Get missing KBs by machine ID **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md index a42ffaea6b..e91d137857 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-missing-kbs-software.md @@ -1,14 +1,14 @@ --- -title: Get missing KBs -description: Retrieves a list of software inventory -keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +title: Get missing KBs by software ID +description: Retrieves missing KBs by software ID +keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, mdatp tvm api search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.author: dolmont -author: DulceMontemayor +ms.author: ellevin +author: levinec ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -16,13 +16,13 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get missing KBs +# Get missing KBs by software ID **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) -Retrieves missing KBs by software Id +Retrieves missing KBs by software ID ## Permissions From 8b52d1ef46a91a7498d3cfe6ad91281121c50011 Mon Sep 17 00:00:00 2001 From: martyav Date: Tue, 24 Mar 2020 17:51:16 -0400 Subject: [PATCH 12/12] customize exploit protection was missing from TOC --- windows/security/threat-protection/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 72edc00443..090ae52053 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -199,6 +199,7 @@ ##### [Exploit protection]() ###### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md) +###### [Customize exploit protection](microsoft-defender-atp/customize-exploit-protection.md) ###### [Import/export configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md) ##### [Network protection](microsoft-defender-atp/enable-network-protection.md)