deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #2445 from MicrosoftDocs/master

Browse Source 
Publish 4/2/2020 10:36 AM PST
This commit is contained in:
Thomas Raya 2020-04-02 12:49:01 -05:00 committed by GitHub
commit f61f26d6ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 386 additions and 369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mdop/appv-v5/app-v-51-supported-configurations.md
View File

@ -151,7 +151,7 @@ The following table lists the SQL Server versions that are supported for the App
</tbody>
</table>
For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f).
### Publishing server operating system requirements

536
windows/security/threat-protection/TOC.md
View File

@ -6,210 +6,105 @@
### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md)
### [Preview features](microsoft-defender-atp/preview.md)
### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md)
### [Portal overview](microsoft-defender-atp/portal-overview.md)
### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md)
## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md)
## [Deployment strategy](microsoft-defender-atp/deployment-strategy.md)
## [Plan deployment](microsoft-defender-atp/deployment-strategy.md)
## [Deployment guide]()
### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
## [Security administration]()
### [Threat & Vulnerability Management overview](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
### [Configuration score](microsoft-defender-atp/configuration-score.md)
### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
### [Threat & Vulnerability Management]()
#### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
#### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md)
#### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md)
#### [Configuration score](microsoft-defender-atp/configuration-score.md)
#### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md)
#### [Remediation and exception](microsoft-defender-atp/tvm-remediation.md)
#### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
#### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md)
#### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md)
### [Attack surface reduction]()
#### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
#### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
#### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
## [Security operations]()
### [Portal overview](microsoft-defender-atp/portal-overview.md)
### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
### [Incidents queue]()
#### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
#### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
#### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
### [Alerts queue]()
#### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
#### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
#### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
#### [Investigate files](microsoft-defender-atp/investigate-files.md)
#### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
#### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
#### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
##### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
#### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
### [Machines list]()
#### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
#### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
### [Take response actions]()
#### [Take response actions on a machine]()
##### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
##### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
##### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
##### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
##### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
##### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
##### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
##### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
##### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
##### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
#### [Take response actions on a file]()
##### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
##### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
##### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
##### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
##### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
##### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
##### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
##### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
##### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
##### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
##### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
#### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
### [Investigate entities using Live response]()
#### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
#### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
### [Advanced hunting]()
#### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
#### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
#### [Work with query results](microsoft-defender-atp/advanced-hunting-query-results.md)
#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
#### [Advanced hunting schema reference]()
##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
##### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
##### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
##### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
##### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
#### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
### [Reporting]()
#### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
#### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
#### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
#### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
### [Custom detections]()
#### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
#### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
## [How-to]()
### [Onboard devices to the service]()
#### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
#### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
#### [Onboard Windows 10 machines]()
##### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
##### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
##### [Onboard machines using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
##### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
##### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
#### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
#### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
#### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
#### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
#### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
#### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
#### [Create an onboarding or offboarding notification rule](microsoft-defender-atp/onboarding-notification.md)
#### [Troubleshoot onboarding issues]()
##### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
##### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
### [Manage machine configuration]()
#### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md)
#### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
#### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
#### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
### [Manage capabilities]()
#### [Configure attack surface reduction]()
##### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md)
#### [Attack surface reduction controls]()
##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md)
##### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
##### [Customize attack surface reduction rules](microsoft-defender-atp/customize-attack-surface-reduction.md)
#### [Hardware-based isolation]()
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
##### [Hardware-based isolation evaluation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application isolation]()
###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md)
###### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Device control]()
###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
###### [Audit Application control policies](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
###### [Device Guard]()
####### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
####### [Memory integrity]()
######## [Understand memory integrity](device-guard/memory-integrity.md)
######## [Hardware qualifications](device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
######## [Enable HVCI](device-guard/enable-virtualization-based-protection-of-code-integrity.md)
##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
##### [Exploit protection]()
###### [Enable exploit protection](microsoft-defender-atp/enable-exploit-protection.md)
###### [Customize exploit protection](microsoft-defender-atp/customize-exploit-protection.md)
###### [Import/export configurations](microsoft-defender-atp/import-export-exploit-protection-emet-xml.md)
##### [Network protection](microsoft-defender-atp/enable-network-protection.md)
##### [Controlled folder access](microsoft-defender-atp/enable-controlled-folders.md)
#### [Device control]()
##### [Control USB devices](device-control/control-usb-devices-using-intune.md)
##### [Attack surface reduction controls]()
###### [Enable attack surface reduction rules](microsoft-defender-atp/enable-attack-surface-reduction.md)
###### [Customize attack surface reduction](microsoft-defender-atp/customize-attack-surface-reduction.md)
##### [Device Guard]()
###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
#### [Exploit protection]()
##### [Protect devices from exploits](microsoft-defender-atp/exploit-protection.md)
##### [Exploit protection evaluation](microsoft-defender-atp/evaluate-exploit-protection.md)
#### [Network protection]()
##### [Protect your network](microsoft-defender-atp/network-protection.md)
##### [Network protection evaluation](microsoft-defender-atp/evaluate-network-protection.md)
#### [Web protection]()
##### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
##### [Web threat protection]()
###### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
###### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
###### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
##### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
#### [Controlled folder access]()
##### [Protect folders](microsoft-defender-atp/controlled-folders.md)
##### [Controlled folder access evaluation](microsoft-defender-atp/evaluate-controlled-folder-access.md)
#### [Network firewall]()
##### [Network firewall overview](windows-firewall/windows-firewall-with-advanced-security.md)
##### [Network firewall evaluation](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
### [Next-generation protection]()
#### [Next-generation protection overview](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
#### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
#### [Configure next-generation protection]()
##### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
@ -304,44 +199,206 @@
###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
#### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
##### [What's New](microsoft-defender-atp/mac-whatsnew.md)
##### [Deploy]()
###### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
###### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
###### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
###### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
##### [Update](microsoft-defender-atp/mac-updates.md)
##### [Configure]()
###### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
###### [Set preferences](microsoft-defender-atp/mac-preferences.md)
###### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
##### [Troubleshoot]()
###### [Troubleshoot installation issues](microsoft-defender-atp/mac-support-install.md)
###### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
###### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
###### [Troubleshoot license issues](microsoft-defender-atp/mac-support-license.md)
##### [Privacy](microsoft-defender-atp/mac-privacy.md)
##### [Resources](microsoft-defender-atp/mac-resources.md)
#### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
#### [Better together: Windows Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md)
#### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
##### [Deploy]()
###### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
###### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
###### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md)
##### [Update](microsoft-defender-atp/linux-updates.md)
##### [Configure]()
###### [Configure and validate exclusions](microsoft-defender-atp/linux-exclusions.md)
###### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
###### [Set preferences](microsoft-defender-atp/linux-preferences.md)
##### [Troubleshoot]()
###### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md)
###### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md)
##### [Resources](microsoft-defender-atp/linux-resources.md)
### [Microsoft Defender Advanced Threat Protection for Mac](microsoft-defender-atp/microsoft-defender-atp-mac.md)
#### [What's New](microsoft-defender-atp/mac-whatsnew.md)
##### [Deploy]()
###### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md)
###### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md)
###### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md)
###### [Manual deployment](microsoft-defender-atp/mac-install-manually.md)
##### [Update](microsoft-defender-atp/mac-updates.md)
##### [Configure]()
###### [Configure and validate exclusions](microsoft-defender-atp/mac-exclusions.md)
###### [Set preferences](microsoft-defender-atp/mac-preferences.md)
###### [Detect and block Potentially Unwanted Applications](microsoft-defender-atp/mac-pua.md)
##### [Troubleshoot]()
###### [Troubleshoot installation issues](microsoft-defender-atp/mac-support-install.md)
###### [Troubleshoot performance issues](microsoft-defender-atp/mac-support-perf.md)
###### [Troubleshoot kernel extension issues](microsoft-defender-atp/mac-support-kext.md)
###### [Troubleshoot license issues](microsoft-defender-atp/mac-support-license.md)
##### [Privacy](microsoft-defender-atp/mac-privacy.md)
##### [Resources](microsoft-defender-atp/mac-resources.md)
#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
### [Microsoft Defender Advanced Threat Protection for Linux](microsoft-defender-atp/microsoft-defender-atp-linux.md)
#### [Deploy]()
##### [Manual deployment](microsoft-defender-atp/linux-install-manually.md)
##### [Puppet based deployment](microsoft-defender-atp/linux-install-with-puppet.md)
##### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md)
#### [Update](microsoft-defender-atp/linux-updates.md)
#### [Configure]()
##### [Configure and validate exclusions](microsoft-defender-atp/linux-exclusions.md)
##### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md)
##### [Set preferences](microsoft-defender-atp/linux-preferences.md)
#### [Troubleshoot]()
##### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md)
##### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md)
#### [Resources](microsoft-defender-atp/linux-resources.md)
### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md)
## [Security operations]()
### [Endpoint detection and response]()
#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md)
#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md)
#### [Incidents queue]()
##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md)
##### [Manage incidents](microsoft-defender-atp/manage-incidents.md)
##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md)
#### [Alerts queue]()
##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md)
##### [Manage alerts](microsoft-defender-atp/manage-alerts.md)
##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md)
##### [Investigate files](microsoft-defender-atp/investigate-files.md)
##### [Investigate machines](microsoft-defender-atp/investigate-machines.md)
##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md)
##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md)
###### [Investigate connection events that occur behind forward proxies](microsoft-defender-atp/investigate-behind-proxy.md)
##### [Investigate a user account](microsoft-defender-atp/investigate-user.md)
#### [Machines list]()
##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md)
##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md)
#### [Take response actions]()
##### [Take response actions on a machine]()
###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md)
###### [Manage tags](microsoft-defender-atp/respond-machine-alerts.md#manage-tags)
###### [Initiate an automated investigation](microsoft-defender-atp/respond-machine-alerts.md#initiate-automated-investigation)
###### [Initiate Live Response session](microsoft-defender-atp/respond-machine-alerts.md#initiate-live-response-session)
###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines)
###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution)
###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network)
###### [Consult a threat expert](microsoft-defender-atp/respond-machine-alerts.md#consult-a-threat-expert)
###### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center)
##### [Take response actions on a file]()
###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md)
###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
###### [Restore file from quarantine](microsoft-defender-atp/respond-file-alerts.md#restore-file-from-quarantine)
###### [Add indicators to block or allow a file](microsoft-defender-atp/respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
###### [Consult a threat expert](microsoft-defender-atp/respond-file-alerts.md#consult-a-threat-expert)
###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center)
###### [Download or collect file](microsoft-defender-atp/respond-file-alerts.md#download-or-collect-file)
###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis)
###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis)
###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports)
###### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis)
#### [View and approve remediation actions](microsoft-defender-atp/manage-auto-investigation.md)
##### [View details and results of automated investigations](microsoft-defender-atp/auto-investigation-action-center.md)
#### [Investigate entities using Live response]()
##### [Investigate entities on machines](microsoft-defender-atp/live-response.md)
##### [Live response command examples](microsoft-defender-atp/live-response-command-examples.md)
##### [Shadow protection?](windows-defender-antivirus/shadow-protection.md)
#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
#### [Reporting]()
##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md)
##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md)
##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md)
#### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md)
#### [Custom detections]()
##### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md)
##### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md)
### [Automated investigation and response]()
#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
### [Advanced hunting]()
#### [Advanced hunting overview](microsoft-defender-atp/advanced-hunting-overview.md)
#### [Learn the query language](microsoft-defender-atp/advanced-hunting-query-language.md)
#### [Work with query results](microsoft-defender-atp/advanced-hunting-query-results.md)
#### [Use shared queries](microsoft-defender-atp/advanced-hunting-shared-queries.md)
#### [Advanced hunting schema reference]()
##### [Understand the schema](microsoft-defender-atp/advanced-hunting-schema-reference.md)
##### [DeviceAlertEvents](microsoft-defender-atp/advanced-hunting-devicealertevents-table.md)
##### [DeviceFileEvents](microsoft-defender-atp/advanced-hunting-devicefileevents-table.md)
##### [DeviceImageLoadEvents](microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md)
##### [DeviceLogonEvents](microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md)
##### [DeviceInfo](microsoft-defender-atp/advanced-hunting-deviceinfo-table.md)
##### [DeviceNetworkInfo](microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md)
##### [DeviceEvents](microsoft-defender-atp/advanced-hunting-deviceevents-table.md)
##### [DeviceFileCertificateInfoBeta](microsoft-defender-atp/advanced-hunting-devicefilecertificateinfobeta-table.md)
##### [DeviceNetworkEvents](microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md)
##### [DeviceProcessEvents](microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md)
##### [DeviceRegistryEvents](microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md)
##### [DeviceTvmSoftwareInventoryVulnerabilities](microsoft-defender-atp/advanced-hunting-tvm-softwareinventory-table.md)
##### [DeviceTvmSoftwareVulnerabilitiesKB](microsoft-defender-atp/advanced-hunting-tvm-softwarevulnerability-table.md)
##### [DeviceTvmSecureConfigurationAssessment](microsoft-defender-atp/advanced-hunting-tvm-configassessment-table.md)
##### [DeviceTvmSecureConfigurationAssessmentKB](microsoft-defender-atp/advanced-hunting-tvm-secureconfigkb-table.md)
#### [Apply query best practices](microsoft-defender-atp/advanced-hunting-best-practices.md)
### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md)
### [Threat analytics](microsoft-defender-atp/threat-analytics.md)
## [How-to]()
### [Onboard devices to the service]()
#### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md)
#### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md)
#### [Onboard Windows 10 machines]()
##### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md)
##### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md)
##### [Onboard machines using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md)
##### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
##### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md)
##### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md)
#### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
#### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md)
#### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md)
#### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md)
#### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md)
#### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md)
#### [Create an onboarding or offboarding notification rule](microsoft-defender-atp/onboarding-notification.md)
#### [Troubleshoot onboarding issues]()
##### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md)
##### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md)
### [Manage machine configuration]()
#### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md)
#### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md)
#### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md)
#### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md)
### [Configure portal settings]()
#### [Set up preferences](microsoft-defender-atp/preferences-setup.md)
@ -380,51 +437,7 @@
#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md)
## Reference
### [Capabilities]()
#### [Threat & Vulnerability Management]()
##### [Next-generation capabilities](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md)
##### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md)
#### [Attack surface reduction]()
##### [Overview of attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md)
##### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md)
##### [Hardware-based isolation]()
###### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md)
###### [Application isolation]()
####### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md)
####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md)
###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### [Exploit protection](microsoft-defender-atp/exploit-protection.md)
##### [Network protection](microsoft-defender-atp/network-protection.md)
##### [Web protection]()
###### [Web protection overview](microsoft-defender-atp/web-protection-overview.md)
###### [Web threat protection]()
####### [Web threat protection overview](microsoft-defender-atp/web-threat-protection.md)
####### [Monitor web security](microsoft-defender-atp/web-protection-monitoring.md)
####### [Respond to web threats](microsoft-defender-atp/web-protection-response.md)
###### [Web content filtering](microsoft-defender-atp/web-content-filtering.md)
##### [Controlled folder access](microsoft-defender-atp/controlled-folders.md)
##### [Attack surface reduction](microsoft-defender-atp/attack-surface-reduction.md)
##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
#### [Next-generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
##### [Better together: Windows Defender Antivirus and Microsoft Defender ATP](windows-defender-antivirus/why-use-microsoft-antivirus.md)
##### [Better together: Windows Defender Antivirus and Office 365](windows-defender-antivirus/office-365-windows-defender-antivirus.md)
#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md)
##### [Shadow protection](windows-defender-antivirus/shadow-protection.md)
#### [Overview of AIR](microsoft-defender-atp/automated-investigations.md)
### [Management and APIs]()
#### [Overview of management and APIs](microsoft-defender-atp/management-apis.md)
@ -595,28 +608,9 @@
### [Information protection in Windows overview]()
#### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md)
#### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md)
### [Evaluate Microsoft Defender ATP]()
#### [Attack surface reduction and next-generation capability evaluation]()
##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md)
##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md)
##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md)
##### [Exploit protection](microsoft-defender-atp/evaluate-exploit-protection.md)
##### [Network Protection](microsoft-defender-atp/evaluate-network-protection.md)
##### [Controlled folder access](microsoft-defender-atp/evaluate-controlled-folder-access.md)
##### [Attack surface reduction](microsoft-defender-atp/evaluate-attack-surface-reduction.md)
##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Evaluate next-generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
### [Access the Microsoft Defender ATP Community Center](microsoft-defender-atp/community.md)
### [Helpful resources](microsoft-defender-atp/helpful-resources.md)

10
windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
View File

@ -120,6 +120,16 @@ United States | ```us.vortex-win.data.microsoft.com``` <br> ```ussus1eastprod.bl
If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
### Log analytics agent requirements
The information below list the proxy and firewall configuration information required to communicate with Log Analytics agent (often referred to as Microsoft Monitoring Agent) for the previous versions of Windows such as Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016.
|Agent Resource|Ports |Direction |Bypass HTTPS inspection|
|------|---------|--------|--------|
|*.ods.opinsights.azure.com |Port 443 |Outbound|Yes |
|*.oms.opinsights.azure.com |Port 443 |Outbound|Yes |
|*.blob.core.windows.net |Port 443 |Outbound|Yes |
## Microsoft Defender ATP service backend IP range
If your network devices don't support the URLs added to an "allow" list in the prior section, you can use the following information.

6
windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
View File

@ -113,7 +113,7 @@ The following steps are required to enable this integration:
On the **Agent Setup Options** page, choose **Connect the agent to Azure Log Analytics (OMS)**.
- [Install the agent using the command line](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#add-a-workspace-using-a-script).
3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#configure-proxy-settings).
3. You'll need to configure proxy settings for the Microsoft Monitoring Agent. For more information, see [Configure proxy settings](configure-proxy-internet.md).
Once completed, you should see onboarded servers in the portal within an hour.
@ -153,7 +153,9 @@ Support for Windows Server, version 1803 and Windows 2019 provides deeper insigh
b. Run the following PowerShell command to verify that the passive mode was configured:
```Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}```
```PowerShell
Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=84}
```
c. Confirm that a recent event containing the passive mode event is found:

7
windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
View File

@ -26,6 +26,13 @@ ms.topic: conceptual
>
> If you have previously whitelisted the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist the kernel extension, your users will be presented with the warning. To proactively silence the warning, you can still deploy a configuration to whitelist the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics.
## 100.90.27
- You can now [set an update channel](mac-updates.md#set-the-channel-name) for Microsoft Defender ATP for Mac that is different from the system-wide update channel
- New product icon
- Other user experience improvements
- Bug fixes
## 100.86.92
- Improvements around compatibility with Time Machine

4
windows/security/threat-protection/microsoft-defender-atp/onboarding.md
View File

@ -1,5 +1,5 @@
---
title: Onboard to the Micrsoft Defender ATP service
title: Onboard to the Microsoft Defender ATP service
description:
keywords:
search.product: eADQiWindows 10XVcnh
@ -16,7 +16,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
# Onboard to the Micrsoft Defender ATP service
# Onboard to the Microsoft Defender ATP service
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)

14
windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response.md
View File

@ -32,12 +32,10 @@ Inspired by the "assume breach" mindset, Microsoft Defender ATP continuously col
The response capabilities give you the power to promptly remediate threats by acting on the affected entities.
## In this section
Topic | Description
:---|:---
[Security operations dashboard](security-operations-dashboard.md) | Explore a high level overview of detections, highlighting where response actions are needed.
[Incidents queue](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/view-incidents-queue) | View and organize the incidents queue, and manage and investigate alerts.
[Alerts queue](alerts-queue.md) | View and organize the machine alerts queue, and manage and investigate alerts.
[Machines list](machines-view-overview.md) | Investigate machines with generated alerts and search for specific events over time.
[Take response actions](response-actions.md) | Learn about the available response actions and apply them to machines and files.
## Related topics
- [Security operations dashboard](security-operations-dashboard.md)
- [Incidents queue](view-incidents-queue.md)
- [Alerts queue](alerts-queue.md)
- [Machines list](machines-view-overview.md)

7
windows/security/threat-protection/microsoft-defender-atp/production-deployment.md
View File

@ -69,7 +69,7 @@ Checking for the license state and whether it got properly provisioned, can be d
1. Alternately, in the admin center, navigate to **Billing** > **Subscriptions**.
- On the screen you will see all the provisioned licenses and their current **Status**.
On the screen you will see all the provisioned licenses and their current **Status**.
![Image of billing licenses](images/atp-billing-subscriptions.png)
@ -160,10 +160,7 @@ services if a computer is not permitted to connect to the Internet. The static
proxy is configurable through Group Policy (GP). The group policy can be found
under:
- Administrative Templates \> Windows Components \> Data Collection and
Preview Builds \> Configure Authenticated Proxy usage for the Connected User
Experience and Telemetry Service
- Administrative Templates \> Windows Components \> Data Collection and Preview Builds \> Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service
- Set it to **Enabled** and select **Disable Authenticated Proxy usage**
1. Open the Group Policy Management Console.

9
windows/security/threat-protection/microsoft-defender-atp/troubleshoot-live-response.md
View File

@ -52,5 +52,14 @@ If while trying to take an action during a live response session, you encounter
4. Navigate to your TEMP folder.
5. Run the action you wanted to take on the copied file.
## Slow live response sessions or delays during initial connections
Live response leverages Microsoft Defender ATP sensor registration with WNS service in Windows.
If you are having connectivity issues with live response, please confirm the following:
1. `notify.windows.com` is not blocked in your environment. For more information see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
2. WpnService (Windows Push Notifications System Service) is not disabled.
Please refer to the articles below to fully understand the WpnService service behavior and requirements:
- [Windows Push Notification Services (WNS) overview](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview)
- [Enterprise Firewall and Proxy Configurations to Support WNS Traffic](https://docs.microsoft.com/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config)
- [Microsoft Push Notifications Service (MPNS) Public IP ranges](https://www.microsoft.com/en-us/download/details.aspx?id=44535)

2
windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
View File

@ -26,7 +26,7 @@ manager: dansimp
Windows Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
- When endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, Windows Defender Antivirus automatically goes into disabled mode.
- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real time protection and and threats are not remediated by Windows Defender Antivirus.)
- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Windows Defender Antivirus automatically goes into passive mode. (Real time protection and threats are not remediated by Windows Defender Antivirus.)
- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [shadow protection (currently in private preview)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/shadow-protection), then Windows Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack.
## Antivirus and Microsoft Defender ATP