From 38e355cf76081f761dabba731c02ea288dcc2e68 Mon Sep 17 00:00:00 2001 From: Justinha Date: Mon, 27 Mar 2017 09:46:04 -0700 Subject: [PATCH 1/4] updated 2017 references --- .../change-history-for-keep-windows-10-secure.md | 4 ++-- windows/keep-secure/credential-guard.md | 4 ++-- ...and-deployment-planning-guidelines-for-device-guard.md | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 858577af50..14ce846d7b 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,8 +16,8 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## March 2017 |New or changed topic |Description | |---------------------|------------| -|[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.| -|[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.| +|[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated additional security qualifications.| +|[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated additional security qualifications.| ## January 2017 diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index dab9e6eabd..f36732aa45 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -126,9 +126,9 @@ The following tables describe baseline protections, plus protections for improve
-#### 2017 Additional security qualifications starting with Windows 10, version 1703 +#### 2017 Additional security qualifications starting in 2017 -The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. +The following table lists qualifications for 2017, which are in addition to all preceding qualifications. | Protection for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md index 0bba05e0b7..b6650e5941 100644 --- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md +++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md @@ -62,7 +62,7 @@ The following tables provide more information about the hardware, firmware, and The following tables describes additional hardware and firmware requirements, and the improved security that is available when those requirements are met. -### Additional Qualification Requirements starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4 +### Additional security qualificationqs starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4 | Protections for Improved Security - requirement | Description | |---------------------------------------------|----------------------------------------------------| @@ -70,7 +70,7 @@ The following tables describes additional hardware and firmware requirements, an
-### Additional Qualification Requirements starting with Windows 10, version 1607, and Windows Server 2016 +### Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 > **Important**  The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Device Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them. @@ -82,9 +82,9 @@ The following tables describes additional hardware and firmware requirements, an
-### Additional Qualification Requirements starting with Windows 10, version 1703 +### Additional security qualifications starting in 2017 -The following table lists requirements for Windows 10, version 1703, which are in addition to all preceding requirements. +The following table lists requirements for 2017, which are in addition to all preceding requirements. | Protection for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| From 3cb930b965a87bc0293e06b0f3d8e600051a091d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 27 Mar 2017 11:16:24 -0700 Subject: [PATCH 2/4] add topic to table --- .../use-custom-ti-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md index cf9af66f72..72c627cc0b 100644 --- a/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -36,4 +36,5 @@ Topic | Description [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts so that you can generate specific alerts that are applicable to your organization. [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) | Use the PowerShell code examples to guide you in using the custom threat intelligence API. [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) | Use the Python code examples to guide you in using the custom threat intelligence API. +[Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) | Create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization. [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) | Learn how to address possible issues you might encounter while using the threat intelligence API. From 0eef416f1090ddf68561684cd9d409f697610c6b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 27 Mar 2017 13:59:47 -0700 Subject: [PATCH 3/4] update window defender AV names --- ...ueue-windows-defender-advanced-threat-protection.md | 2 +- ...oard-windows-defender-advanced-threat-protection.md | 4 ++-- ...lity-windows-defender-advanced-threat-protection.md | 10 +++++----- ...odes-windows-defender-advanced-threat-protection.md | 8 ++++---- ...ines-windows-defender-advanced-threat-protection.md | 2 +- ...view-windows-defender-advanced-threat-protection.md | 8 ++++---- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md index f9805f6b95..921bf48bbb 100644 --- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md @@ -65,7 +65,7 @@ Reviewing the various alerts and their severity can help you decide on the appro - Windows Defender ATP >[!NOTE] ->The Windows Defender AV filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product. +>The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product. **Time period**
- 1 day diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index e305a659f1..e8de1cb1b4 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -63,7 +63,7 @@ The tile shows you a list of user accounts with the most active alerts. The tota Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md). ## Machines with active malware detections -The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender. +The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender Antivirus. Active malware is defined as threats that were actively executing at the time of detection. @@ -84,7 +84,7 @@ Threats are considered "active" if there is a very high probability that the mal Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. > [!NOTE] -> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. ## Sensor health The **Sensor health** tile provides information on the individual endpoint’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines. diff --git a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md index 9c17747345..de668b5c69 100644 --- a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -22,12 +22,12 @@ localizationpriority: high - Windows Defender - Windows Defender Advanced Threat Protection (Windows Defender ATP) -The Windows Defender Advanced Threat Protection agent depends on Windows Defender for some capabilities such as file scanning. +The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. -If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender on that endpoint will enter into passive mode. +If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. -Windows Defender will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. +Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. -The Windows Defender interface will be disabled, and users on the endpoint will not be able to use Windows Defender to perform on-demand scans or configure most options. +The Windows Defender Antivirus interface will be disabled, and users on the endpoint will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options. -For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md). +For more information, see the **Compatibility** section in the [Windows Defender Antivirus in Windows 10 topic](windows-defender-in-windows-10.md). diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index e69c2a864d..c32cb54316 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -192,8 +192,8 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 27 -Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable```. -Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. +Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```. +Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
Ensure real-time antimalware protection is running properly. @@ -208,8 +208,8 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 30 -Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable```. -Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. +Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```. +Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
Ensure real-time antimalware protection is running properly. diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 640b0a524c..5073e541f6 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Investigate machines in the Windows Defender ATP Machines view description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view. -keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, active malware detections, threat category, filter, sort, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, low severity +keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md index c6d0f9dd37..3e1b3c8a80 100644 --- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md @@ -38,7 +38,7 @@ When you open the portal, you’ll see the main areas of the application: - (3) Main portal > [!NOTE] -> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. @@ -48,10 +48,10 @@ Area | Description (2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Service health**, **Preferences setup**, and **Enpoint Management**. **Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization. **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts. -**Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. +**Machines view** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues. -**Preferences setup**| Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. -**Endpoint Management**| Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. +**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. +**Endpoint Management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. (3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view. ## Windows Defender ATP icons From 12b19bdf3b586433051cf736dc9b0fbdf691a196 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 27 Mar 2017 14:00:31 -0700 Subject: [PATCH 4/4] Revert "update window defender AV names" This reverts commit 0eef416f1090ddf68561684cd9d409f697610c6b. --- ...ueue-windows-defender-advanced-threat-protection.md | 2 +- ...oard-windows-defender-advanced-threat-protection.md | 4 ++-- ...lity-windows-defender-advanced-threat-protection.md | 10 +++++----- ...odes-windows-defender-advanced-threat-protection.md | 8 ++++---- ...ines-windows-defender-advanced-threat-protection.md | 2 +- ...view-windows-defender-advanced-threat-protection.md | 8 ++++---- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md index 921bf48bbb..f9805f6b95 100644 --- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md @@ -65,7 +65,7 @@ Reviewing the various alerts and their severity can help you decide on the appro - Windows Defender ATP >[!NOTE] ->The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product. +>The Windows Defender AV filter will only appear if your endpoints are using Windows Defender as the default real-time protection antimalware product. **Time period**
- 1 day diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index e8de1cb1b4..e305a659f1 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -63,7 +63,7 @@ The tile shows you a list of user accounts with the most active alerts. The tota Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md). ## Machines with active malware detections -The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender Antivirus. +The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender. Active malware is defined as threats that were actively executing at the time of detection. @@ -84,7 +84,7 @@ Threats are considered "active" if there is a very high probability that the mal Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine. > [!NOTE] -> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. ## Sensor health The **Sensor health** tile provides information on the individual endpoint’s ability to provide sensor data to the Windows Defender ATP service. It reports how many machines require attention and helps you identify problematic machines. diff --git a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md index de668b5c69..9c17747345 100644 --- a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md @@ -22,12 +22,12 @@ localizationpriority: high - Windows Defender - Windows Defender Advanced Threat Protection (Windows Defender ATP) -The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning. +The Windows Defender Advanced Threat Protection agent depends on Windows Defender for some capabilities such as file scanning. -If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode. +If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender on that endpoint will enter into passive mode. -Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. +Windows Defender will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client. -The Windows Defender Antivirus interface will be disabled, and users on the endpoint will not be able to use Windows Defender Antivirus to perform on-demand scans or configure most options. +The Windows Defender interface will be disabled, and users on the endpoint will not be able to use Windows Defender to perform on-demand scans or configure most options. -For more information, see the **Compatibility** section in the [Windows Defender Antivirus in Windows 10 topic](windows-defender-in-windows-10.md). +For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md). diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index c32cb54316..e69c2a864d 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -192,8 +192,8 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 27 -Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender Antivirus. Onboarding process failed. Failure code: ```variable```. -Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. +Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable```. +Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
Ensure real-time antimalware protection is running properly. @@ -208,8 +208,8 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen 30 -Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```. -Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. +Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable```. +Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP. Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
Ensure real-time antimalware protection is running properly. diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md index 5073e541f6..640b0a524c 100644 --- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Investigate machines in the Windows Defender ATP Machines view description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view. -keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, threat category, filter, sort, review alerts, network, connection, type, password stealer, ransomware, exploit, threat, low severity +keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, active malware detections, threat category, filter, sort, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, low severity search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md index 3e1b3c8a80..c6d0f9dd37 100644 --- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md @@ -38,7 +38,7 @@ When you open the portal, you’ll see the main areas of the application: - (3) Main portal > [!NOTE] -> Malware related detections will only appear if your endpoints are using [Windows Defender Antivirus](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. +> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product. You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section. @@ -48,10 +48,10 @@ Area | Description (2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Service health**, **Preferences setup**, and **Enpoint Management**. **Dashboard** | Provides clickable tiles that open detailed information on various alerts that have been detected in your organization. **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts. -**Machines view** | Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. +**Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts. **Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service status is healthy or if there are current issues. -**Preferences setup** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. -**Endpoint Management** | Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. +**Preferences setup**| Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set email notifications, activate the preview experience, and enable or turn off advanced features. +**Endpoint Management**| Allows you to download the onboarding configuration package. It provides access to endpoint offboarding. (3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view. ## Windows Defender ATP icons