mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 22:37:22 +00:00
Merge remote-tracking branch 'refs/remotes/origin/rs4' into jdrs4holo
This commit is contained in:
Jeanie Decker
commit
f91a075995
@ -4726,7 +4726,7 @@
|
||||
"redirect_document_id": true
|
||||
},
|
||||
{
|
||||
"source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1709.md",
|
||||
"source_path": "windows/configuration/basic-level-windows-diagnostic-events-and-fields-1803.md",
|
||||
"redirect_url": "/windows/configuration/basic-level-windows-diagnostic-events-and-fields",
|
||||
"redirect_document_id": true
|
||||
},
|
||||
|
||||
@ -81,6 +81,7 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse
|
||||
</br>
|
||||
</br>
|
||||
|
||||
|
||||
|
||||
## <a name="edu-task3"></a>3. Spark communication, critical thinking, and creativity in the classroom
|
||||
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
# [Configure Windows 10](index.md)
|
||||
## [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md)
|
||||
## [Diagnostic Data Viewer Overview](diagnostic-data-viewer-overview.md)
|
||||
## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
|
||||
## [Windows 10, version 1803 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
|
||||
## [Windows 10, version 1709 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1709.md)
|
||||
## [Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields-1703.md)
|
||||
## [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](enhanced-diagnostic-data-windows-analytics-events-and-fields.md)
|
||||
## [Windows 10, version 1709 diagnostic data for the Full level](windows-diagnostic-data.md)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -25,7 +25,7 @@ Learn about the network connections that Windows components make to Microsoft an
|
||||
|
||||
If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
|
||||
|
||||
You can configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
|
||||
You can configure diagnostic data at the Security/Basic level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
|
||||
|
||||
To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887).
|
||||
This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state.
|
||||
@ -44,9 +44,9 @@ We are always striving to improve our documentation and welcome your feedback. Y
|
||||
|
||||
Here's a list of changes that were made to this article for Windows 10, version 1803:
|
||||
|
||||
- Added a policy to turn off privacy notifications
|
||||
- Added a policy to turn off configuration updates for the Books Library
|
||||
- Added a policy to turn off Address Bar drop-down list suggestions
|
||||
- Added a policy to turn off notifications network usage
|
||||
- Added a policy for Microsoft Edge to turn off configuration updates for the Books Library
|
||||
- Added a policy for Microsoft Edge to turn off Address Bar drop-down list suggestions
|
||||
|
||||
## What's new in Windows 10, version 1709 Enterprise edition
|
||||
|
||||
@ -87,8 +87,6 @@ Here's a list of changes that were made to this article for Windows 10, version
|
||||
|
||||
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
|
||||
|
||||
If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
|
||||
|
||||
### Settings for Windows 10 Enterprise edition
|
||||
|
||||
The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1703.
|
||||
@ -397,7 +395,7 @@ To turn off Insider Preview builds for Windows 10:
|
||||
|
||||
-or -
|
||||
|
||||
- Create a new REG\_DWORD registry setting **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds!AllowBuildPreview** to 0 (zero)
|
||||
- Create a new REG\_DWORD registry setting named **AllowBuildPreview** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a vlue of 0 (zero)
|
||||
|
||||
-or-
|
||||
|
||||
@ -956,7 +954,7 @@ To turn off **Location for this device**:
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy**, with a value of 2 (two).
|
||||
- Create a REG\_DWORD registry setting named **LetAppsAccessLocation** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
|
||||
|
||||
-or-
|
||||
|
||||
@ -1617,6 +1615,10 @@ For Windows 10:
|
||||
|
||||
- Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is disabled (default) and 1 is enabled.
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
|
||||
|
||||
For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core:
|
||||
|
||||
- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
|
||||
@ -1647,7 +1649,7 @@ You can control if your settings are synchronized:
|
||||
|
||||
-or-
|
||||
|
||||
- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync!DisableSettingSyncUserOverride** with a value of 1 (one).
|
||||
- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one).
|
||||
|
||||
-or-
|
||||
|
||||
@ -1760,7 +1762,7 @@ You can stop downloading definition updates:
|
||||
|
||||
-or-
|
||||
|
||||
- Create a new REG\_SZ registry setting named **FallbackOrder** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates!** with a value of **FileShares**.
|
||||
- Create a new REG\_SZ registry setting named **FallbackOrder** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Updates** with a value of **FileShares**.
|
||||
|
||||
For Windows 10 only, you can stop Enhanced Notifications:
|
||||
|
||||
@ -1824,7 +1826,7 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
|
||||
- Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
|
||||
|
||||
> [!NOTE]
|
||||
> This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the lock screen**. Alternatively, you can create a new REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization!LockScreenImage**, with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization!LockScreenOverlaysDisabled**, with a value of 1 (one).
|
||||
> This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Personalization** > **Do not display the lock screen**. Alternatively, you can create a new REG\_SZ registry setting nameed **LockScreenImage** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG\_DWORD registry setting named **LockScreenOverlaysDisabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of 1 (one).
|
||||
|
||||
|
||||
- **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not show Windows tips**.
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Configure advanced features in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Advanced hunting query best practices Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Advanced hunting reference in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Query data using Advanced hunting in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# View and organize the Windows Defender Advanced Threat Protection Alerts queue
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Assign user access to the Windows Defender ATP portal
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Use Automated investigations to investigate and remediate threats
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Check sensor health state in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,157 @@
|
||||
---
|
||||
title: Enable conditional access to better protect users, devices, and data
|
||||
description: Enable conditional access to prevent applications from running if a device is considered at risk and an application is determined to be non-compliant.
|
||||
keywords: conditional access, block applications, security level, intune,
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Enable conditional access to better protect users, devices, and data
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Enterprise
|
||||
- Windows 10 Education
|
||||
- Windows 10 Pro
|
||||
- Windows 10 Pro Education
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
|
||||
|
||||
Conditional access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
|
||||
|
||||
With conditional access, you can control access to enterprise information based on the risk level of a device. This helps keep trusted users on trusted devices using trusted applications.
|
||||
|
||||
You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state.
|
||||
|
||||
The implementation of conditional access in Windows Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies.
|
||||
|
||||
The compliance policy is used with conditional access to allow only devices that fulfill one or more device compliance policy rules to access applications.
|
||||
|
||||
## Understand the conditional access flow
|
||||
Conditional access is put in place so that when a threat is seen on a device, access to sensitive content is blocked until the threat is remediated.
|
||||
|
||||
The flow begins with machines being seen to have a low, medium, or high risk. These risk determinations are then sent to Intune.
|
||||
|
||||
Depending on how you configure policies in Intune, conditional access can be set up so that when certain conditions are met, the policy is applied.
|
||||
|
||||
For example, you can configure Intune to apply conditional access on devices that have a high risk.
|
||||
|
||||
In Intune, a device compliance policy is used in conjunction with Azure AD conditional access to block access to applications. In parallel, an automated investigation and remediation process is launched.
|
||||
|
||||
A user can still use the device while the automated investigation and remediation is taking place, but access to enterprise data is blocked until the threat is fully remediated.
|
||||
|
||||
To resolve the risk found on a device, you'll need to return the device to a compliant state. A device returns to a compliant state when there is no risk seen on it.
|
||||
|
||||
There are three ways to address a risk:
|
||||
1. Use Manual or automated remediation.
|
||||
2. Resolve active alerts on the machine. This will remove the risk from the machine.
|
||||
3. You can remove the machine from the active policies and consequently, conditional access will not be applied on the machine.
|
||||
|
||||
Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](#configure-conditional-access).
|
||||
|
||||
When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted.
|
||||
|
||||
The following example sequence of events explains conditional access in action:
|
||||
|
||||
1. A user opens a malicious file and Windows Defender ATP flags the device as high risk.
|
||||
2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
|
||||
3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune conditional access policy. In Azure AD, the corresponding policy is applied to block access to applications.
|
||||
4. The manual or automated investigation and remediation is completed and the threat is removed. Windows Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
|
||||
5. Users can now access applications.
|
||||
|
||||
|
||||
|
||||
## Configure conditional access
|
||||
This section guides you through all the steps you need to take to properly implement conditional access.
|
||||
|
||||
### Before you begin
|
||||
>[!WARNING]
|
||||
>It's important to note that Azure AD registered devices is not supported in this scenario.</br>
|
||||
>Only Intune enrolled devices are supported.
|
||||
|
||||
You need to make sure that all your devices are enrolled in Intune. You can use any of the following options to enroll devices in Intune:
|
||||
|
||||
|
||||
- IT Admin: For more information on how to enabling auto-enrollment, see [Windows Enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment)
|
||||
- End-user: For more information on how to enroll your Windows 10 device in Intune, see [Enroll your Windows 10 device in Intune](https://docs.microsoft.com/intune-user-help/enroll-your-w10-device-access-work-or-school)
|
||||
- End-user alternative: For more information on joining an Azure AD domain, see [Set up Azure Active Directory joined devices](https://docs.microsoft.com/en-us/azure/active-directory/device-management-azuread-joined-devices-setup).
|
||||
|
||||
|
||||
|
||||
There are steps you'll need to take in the Windows Defender ATP portal, the Intune portal, and Azure AD portal.
|
||||
|
||||
> [!NOTE]
|
||||
> You'll need a Microsoft Intune environment, with Intune managed and Azure AD joined Windows 10 devices.
|
||||
|
||||
Take the following steps to enable conditional access:
|
||||
- Step 1: Turn on the Microsoft Intune connection from the Windows Defender ATP portal
|
||||
- Step 2: Turn on the Windows Defender ATP integration in Intune
|
||||
- Step 3: Create the compliance policy in Intune
|
||||
- Step 4: Assign the policy
|
||||
- Step 5: Create an Azure AD conditional access policy
|
||||
|
||||
|
||||
### Step 1: Turn on the Microsoft Intune connection
|
||||
1. In the navigation pane, select **Settings** > **General** > **Advanced features** > **Microsoft Intune connection**.
|
||||
2. Toggle the Microsoft Intune setting to **On**.
|
||||
3. Click **Save preferences**.
|
||||
|
||||
|
||||
### Step 2: Turn on the Windows Defender ATP integration in Intune
|
||||
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||
2. Select **Device compliance** > **Windows Defender ATP**.
|
||||
3. Set **Connect Windows 10.0.15063+ devices to Windows Defender Advanced Threat Protection** to **On**.
|
||||
4. Click **Save**.
|
||||
|
||||
|
||||
### Step 3: Create the compliance policy in Intune
|
||||
1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**.
|
||||
2. Select **Device compliance** > **Policies** > **Create policy**.
|
||||
3. Enter a **Name** and **Description**.
|
||||
4. In **Platform**, select **Windows 10 and later**.
|
||||
5. In the **Device Health** settings, set **Require the device to be at or under the Device Threat Level** to your preferred level:
|
||||
|
||||
- **Secured**: This level is the most secure. The device cannot have any existing threats and still access company resources. If any threats are found, the device is evaluated as noncompliant.
|
||||
- **Low**: The device is compliant if only low-level threats exist. Devices with medium or high threat levels are not compliant.
|
||||
- **Medium**: The device is compliant if the threats found on the device are low or medium. If high-level threats are detected, the device is determined as noncompliant.
|
||||
- **High**: This level is the least secure, and allows all threat levels. So devices that with high, medium or low threat levels are considered compliant.
|
||||
|
||||
6. Select **OK**, and **Create** to save your changes (and create the policy).
|
||||
|
||||
### Step 4: Assign the policy
|
||||
1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**.
|
||||
2. Select **Device compliance** > **Policies**> select your Windows Defender ATP compliance policy.
|
||||
3. Select **Assignments**.
|
||||
4. Include or exclude your Azure AD groups to assign them the policy.
|
||||
5. To deploy the policy to the groups, select **Save**. The user devices targeted by the policy are evaluated for compliance.
|
||||
|
||||
### Step 5: Create an Azure AD conditional access policy
|
||||
1. In the [Azure portal](https://portal.azure.com), open **Azure Active Directory** > **Conditional access** > **New policy**.
|
||||
2. Enter a policy **Name**, and select **Users and groups**. Use the Include or Exclude options to add your groups for the policy, and select **Done**.
|
||||
3. Select **Cloud apps**, and choose which apps to protect. For example, choose **Select apps**, and select **Office 365 SharePoint Online** and **Office 365 Exchange Online**. Select **Done** to save your changes.
|
||||
|
||||
4. Select **Conditions** > **Client apps** to apply the policy to apps and browsers. For example, select **Yes**, and then enable **Browser** and **Mobile apps and desktop clients**. Select **Done** to save your changes.
|
||||
|
||||
5. Select **Grant** to apply conditional access based on device compliance. For example, select **Grant access** > **Require device to be marked as compliant**. Choose **Select** to save your changes.
|
||||
|
||||
6. Select **Enable policy**, and then **Create** to save your changes.
|
||||
|
||||
For more information, see [Enable Windows Defender ATP with conditional access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
|
||||
|
||||
## Related topic
|
||||
- [Configure advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Configure alert notifications in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard Windows 10 machines using Group Policy
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard Windows 10 machines using Mobile Device Management tools
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard non-Windows machines
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard Windows 10 machines using System Center Configuration Manager
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard Windows 10 machines using a local script
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard non-persistent virtual desktop infrastructure (VDI) machines
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard Windows 10 machines
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard servers to the Windows Defender ATP service
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Create custom alerts using the threat intelligence (TI) application program interface (API)
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Update data retention settings for Windows Defender ATP
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Windows Defender Antivirus compatibility with Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Enable the custom threat intelligence API in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Enable Secure Score security controls
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Enable SIEM integration in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Investigate Windows Defender Advanced Threat Protection alerts
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Investigate a domain associated with a Windows Defender ATP alert
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Investigate a file associated with a Windows Defender ATP alert
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Investigate an IP address associated with a Windows Defender ATP alert
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Investigate machines in the Windows Defender ATP Machines list
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Investigate a user account in Windows Defender ATP
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Is domain seen in org
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Create and manage machine groups in Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# View and organize the Windows Defender ATP Machines list
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage Windows Defender Advanced Threat Protection alerts
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage automation allowed/blocked lists
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage automation file uploads
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage automation folder exclusions
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage suppression rules
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Minimum requirements for Windows Defender ATP
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Offboard machines from the Windows Defender ATP service
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Onboard machines to the Windows Defender ATP service
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Windows Defender Advanced Threat Protection portal overview
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Create and build Power BI reports using Windows Defender ATP data
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# PowerShell code examples for the custom threat intelligence API
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Configure Windows Defender ATP settings
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
# Turn on the preview experience in Windows Defender ATP
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Windows Defender ATP preview features
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Pull Windows Defender ATP alerts using REST API
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Python code examples for the custom threat intelligence API
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Manage portal access using role-based access control
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Take response actions on a file
|
||||
|
||||
@ -9,7 +9,7 @@ ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
author: mjcaparas
|
||||
localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# View the Windows Defender Advanced Threat Protection Secure score dashboard
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# View the Windows Defender Advanced Threat Protection Security operations dashboard
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Check the Windows Defender Advanced Threat Protection service health
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Supported Windows Defender ATP query APIs
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Understand threat intelligence concepts
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Use the threat intelligence API to create custom alerts
|
||||
|
||||
@ -10,7 +10,7 @@ ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/17/2018
|
||||
ms.date: 04/24/2018
|
||||
---
|
||||
|
||||
# Windows Defender Advanced Threat Protection
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user