diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md index 3c49e66665..e2d4158d0d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md @@ -1,5 +1,5 @@ --- -title: Event timeline +title: Event timeline in threat and vulnerability management description: Event timeline is a "risk news feed" which will help you interpret how risk is introduced into the organization and which mitigations happened to reduce it. keywords: event timeline, mdatp event timeline, mdatp tvm event timeline, threat and vulnerability management, Microsoft Defender Advanced Threat Protection search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Event timeline +# Event timeline - threat and vulnerability management **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -33,23 +33,23 @@ Event timeline also tells the story of your [exposure score](tvm-exposure-score. You can access Event timeline mainly through three ways: -- In the Threat & Vulnerability Management navigation menu in the Microsoft Defender Security Center -- Top events card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most machines or critical vulnerabilities) -- Hovering over the Exposure Score graph in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- In the threat and vulnerability management navigation menu in the Microsoft Defender Security Center +- Top events card in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md). The highest impact events (for example, affect the most machines or critical vulnerabilities) +- Hovering over the Exposure Score graph in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md) ### Navigation menu -Go to the Threat & Vulnerability Management navigation menu and select **Event timeline** to view impactful events. +Go to the threat and vulnerability management navigation menu and select **Event timeline** to view impactful events. ### Top events card -In the Threat & Vulnerability Management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page. +In the Tthreat and vulnerability management dashboard, the "Top events" card displays the three most impactful events in the last 7 days. Select **Show more** to go to the Event timeline page. ![Event timeline page](images/tvm-top-events-card.png) ### Exposure score graph -In the Threat & Vulnerability Management dashboard, hover over the Exposure score graph to view top events from that day that impacted your machines. If there are no events, then none will be shown. +In the threat and vulnerability management dashboard, hover over the Exposure score graph to view top events from that day that impacted your machines. If there are no events, then none will be shown. ![Event timeline page](images/tvm-event-timeline-exposure-score400.png) @@ -118,9 +118,9 @@ A full page will appear with all the details of a specific software, including a ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -130,6 +130,6 @@ A full page will appear with all the details of a specific software, including a - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [Scenarios](threat-and-vuln-mgt-scenarios.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 0f5af6bdf7..7ab41a7658 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -1,6 +1,6 @@ --- -title: Threat & Vulnerability Management scenarios -description: Learn how Threat & Vulnerability Management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats. +title: Scenarios - threat and vulnerability management +description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate in defending against security threats. keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -17,7 +17,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Threat & Vulnerability Management scenarios +# Scenarios - threat and vulnerability management **Applies to:** @@ -81,9 +81,9 @@ Examples of devices that should be marked as high value: ## Related topics -- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) +- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) - [Supported operating systems and platforms](tvm-supported-os.md) -- [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) +- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md) - [Exposure score](tvm-exposure-score.md) - [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) - [Security recommendations](tvm-security-recommendation.md) @@ -92,6 +92,6 @@ Examples of devices that should be marked as high value: - [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md) - [APIs](next-gen-threat-and-vuln-mgt.md#apis) -- [Configure data access for Threat & Vulnerability Management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) +- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) - [Advanced hunting overview](overview-hunting.md) - [All advanced hunting tables](advanced-hunting-reference.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index b1b2897be8..19805c1e0b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -1,5 +1,5 @@ --- -title: Threat and vulnerability management xxposure score +title: Exposure score in threat and vulnerability management description: The threat and vulnerability management exposure score reflects how vulnerable your organization is to cybersecurity threats. keywords: exposure score, mdatp exposure score, mdatp tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender Advanced Threat Protection search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Threat and vulnerability management exposure score +# Exposure score - threat and vulnerability management **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 324c695ff6..a94e2b07c4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -1,5 +1,5 @@ --- -title: Threat and vulnerability management remediation and exceptions +title: Remediation activities and exceptions - threat and vulnerability management description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in threat and vulnerability management. keywords: microsoft defender atp tvm remediation, mdatp tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm search.product: eADQiWindows 10XVcnh diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 1169a50661..a1d0887eda 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -1,6 +1,6 @@ --- -title: Threat and vulnerability management security recommendations -description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value. +title: Security recommendations by threat and vulnerability management +description: Get actionable security recommendations prioritized by threat, likelihood to be breached, and value, in threat and vulnerability management. keywords: threat and vulnerability management, mdatp tvm security recommendation, cybersecurity recommendation, actionable security recommendation search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index 6551d5f13b..3b048f904c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: article --- -# Supported operating systems and platforms for threat and vulnerability management +# Supported operating systems and platforms - threat and vulnerability management **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index dc76e06b79..aa166b9796 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -1,6 +1,6 @@ --- title: Weaknesses found by threat and vulnerability management -description: Microsoft Defender Security Center offers a Weaknesses page, which lists vulnerabilities found in the infected software running in your organization. +description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender ATP threat and vulnerability management capability. keywords: mdatp threat & vulnerability management, threat and vulnerability management, mdatp tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index 18a1a896b3..d58c080f49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -1,6 +1,6 @@ --- title: Create and manage roles for role-based access control -description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation +description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation in the Microsoft Defender Security Center keywords: user roles, roles, access rbac search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -18,6 +18,7 @@ ms.topic: article --- # Create and manage roles for role-based access control + **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -26,63 +27,58 @@ ms.topic: article [!include[Prerelease information](../../includes/prerelease.md)] ## Create roles and assign the role to an Azure Active Directory group + The following steps guide you on how to create roles in Microsoft Defender Security Center. It assumes that you have already created Azure Active Directory user groups. 1. In the navigation pane, select **Settings > Roles**. -2. Click **Add role**. +2. Select **Add item**. 3. Enter the role name, description, and permissions you'd like to assign to the role. - - **Role name** - - **Description** - - **Permissions** - - **View data** - Users can view information in the portal. - >[!NOTE] - >To view Threat & Vulnerability Management data, select **Threat and vulnerability management**. - - - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage device tags, and export device timeline. - - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions. - - Security operations - Take response actions - - Approve or dismiss pending remediation actions - - Manage allowed/blocked lists for automation - - Manage allowed/blocked create Indicators +4. Select **Next** to assign the role to an Azure AD Security group. - >[!NOTE] - >To enable your Security operation personnel to choose remediation options and file exceptions, select **Threat and vulnerability management - Remediation handling**, and **Threat and vulnerability management - Exception handling**. - - - **Manage portal system settings** - Users can configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups. +5. Use the filter to select the Azure AD group that you'd like to add to this role to. - > [!NOTE] - > This setting is only available in the Microsoft Defender ATP administrator (default) role. - - - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, create and manage custom detections, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications. - - - **Live response capabilities** - Users can take basic or advanced live response commands. - - Basic commands allow users to: - - Start a live response session - - Run read only live response commands on a remote device - - Advanced commands allow users to: - - Run basic actions - - Download a file from the remote device - - View a script from the files library - - Run a script on the remote device from the files library take read and write commands. - - For more information on the available commands, see [Investigate devices using Live response](live-response.md). - -4. Click **Next** to assign the role to an Azure AD Security group. - -5. Use the filter to select the Azure AD group that you'd like to add to this role. - -6. Click **Save and close**. +6. **Save and close**. 7. Apply the configuration settings. - > [!IMPORTANT] -> After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created. +> After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created. +### Permission options +- **View data** + - **Security operations** - View all security operations data in the portal + - **Threat and vulnerability management** - View threat and vulnerability management data in the portal + +- **Active remediation actions** + - **Security operations** - Take response actions, approve or dismiss pending remediation actions, manage allowed/blocked lists for automation and indicators + - **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions + - **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities + +- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags. + +- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups. + + > [!NOTE] + > This setting is only available in the Microsoft Defender ATP administrator (default) role. + +- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab. + +- **Live response capabilities** + - **Basic** commands: + - Start a live response session + - Perform read only live response commands on remote device (excluding file copy and execution + - **Advanced** commands: + - Download a file from the remote device + - Upload a file to the remote device + - View a script from the files library + - Execute a script on the remote device from the files library + +For more information on the available commands, see [Investigate devices using Live response](live-response.md). + ## Edit roles 1. Select the role you'd like to edit. @@ -99,7 +95,7 @@ The following steps guide you on how to create roles in Microsoft Defender Secur 2. Click the drop-down button and select **Delete role**. - ## Related topic + - [User basic permissions to access the portal](basic-permissions.md) - [Create and manage device groups](machine-groups.md)