deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

remediation updates

Browse Source
This commit is contained in:
Beth Levin 2020-04-06 14:20:34 -07:00
parent fc62ffb6a1
commit fb0a60877c
2 changed files with 12 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md
View File

@ -32,15 +32,14 @@ Lower your organization's exposure from vulnerabilities and increase your securi
## Navigate to the Remediation page ## Navigate to the Remediation page
You can access the Remediation page though the following ways: You can access the Remediation page a few different ways:
- Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md) - Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md)
- Top remediation activities card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) - Top remediation activities card in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
### Navigation menu ### Navigation menu
Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization. Select the remediation activity that you want to view. Go to the Threat & Vulnerability Management navigation menu and select **Remediation** to open up the list of remediation activities and exceptions found in your organization.
![Screenshot of the remediation page flyout for a software which reached end-of-support](images/remediation_flyouteolsw.png)
### Top remediation activities in the dashboard ### Top remediation activities in the dashboard
@ -52,34 +51,17 @@ View **Top remediation activities** in the [Threat & Vulnerability Management da
When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune. When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune.
Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete.
![Screenshot of the remediation page flyout for a software which reached end-of-support](images/remediation_flyouteolsw.png)
## Exceptions ## Exceptions
You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md). When you [file for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md), you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [configuration score](configuration-score.md).
[File for an exception](tvm-security-recommendation.md#file-for-exception) from the [Security recommendations page](tvm-security-recommendation.md).
### Exception justification
If the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason. The following list details the justifications behind the exception options:
- **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall - - prevents access to a machine, third party antivirus
- **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow
- **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive
- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
- **Other** - False positive
![Screenshot of exception reason dropdown menu](images/tvm-exception-dropdown.png)
### Where to find exceptions
The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status.
![Screenshot of exception tab and filters](images/tvm-exception-filters.png) ![Screenshot of exception tab and filters](images/tvm-exception-filters.png)
You can also select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. Selecting the link opens a filtered view in the **Security recommendations** page of recommendations with an "Exception" status.
![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard](images/tvm-exception-dashboard.png)
### Exception actions and statuses ### Exception actions and statuses
You can take the following actions on an exception: You can take the following actions on an exception:
@ -105,6 +87,12 @@ The exception impact shows on both the Security recommendations page column and
![Screenshot of where to find the exception impact](images/tvm-exception-impact.png) ![Screenshot of where to find the exception impact](images/tvm-exception-impact.png)
### View exceptions in other places
Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard to open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status.
![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard](images/tvm-exception-dashboard.png)
## Related topics ## Related topics
- [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)

2
windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
View File

@ -142,8 +142,6 @@ When an exception is created for a recommendation, the recommendation is no long
- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization
- **Other** - False positive - **Other** - False positive
![Screenshot of exception reason dropdown menu](images/tvm-exception-dropdown.png)
3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. 3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created.
4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past). 4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past).