From fde28ac9639bfd5164a5c404f3bbafe713db5eec Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 21 Feb 2020 16:08:24 -0800 Subject: [PATCH] update toc --- windows/security/threat-protection/TOC.md | 12 +++++++----- .../microsoft-defender-atp/deployment-phases.md | 6 +++--- .../microsoft-defender-atp/onboarding.md | 6 +++--- .../microsoft-defender-atp/prepare-deployment.md | 14 ++++++++++++-- 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1b74129691..88ad98e2f8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -138,11 +138,7 @@ ##### [Weaknesses](microsoft-defender-atp/tvm-weaknesses.md) ##### [Scenarios](microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md) -#### [Manage machine configuration]() -##### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md) -##### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md) -##### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md) -##### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md) + @@ -170,6 +166,12 @@ ##### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md) ##### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md) +### [Manage machine configuration]() +#### [Ensure your machines are configured properly](microsoft-defender-atp/configure-machines.md) +#### [Monitor and increase machine onboarding](microsoft-defender-atp/configure-machines-onboarding.md) +#### [Increase compliance to the security baseline](microsoft-defender-atp/configure-machines-security-baseline.md) +#### [Optimize ASR rule deployment and detections](microsoft-defender-atp/configure-machines-asr.md) + ### [Manage capabilities]() #### [Configure attack surface reduction]() diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md index 6f8cc0fe20..250c012c10 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md +++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md @@ -21,9 +21,9 @@ ms.topic: article There are three phases in deploying Microsoft Defender ATP: |Phase | Desription | -|:-------|:-----|:-----| -| ![Phase 1: Prepare](images/prepare.png)
[Phase 1: Prepare](prepare-deployment.md)| This phase guides you through what you need to consider when deploying Microsoft Defender ATP:

- Stakeholders and sign-off
- Environment considerations
- Access
- Adoption order -| ![Phase 2: Setup](images/setup.png)
[Phase 2: Setup](production-deployment.md)| The setup phase covers the initial steps you'll take as you first access Microsoft Defender Security Center. You'll be guided on:

- Validating the licensing
- Completing the setup wizard within the portal
- Network configuration| +|:-------|:-----| +| ![Phase 1: Prepare](images/prepare.png)
[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Microsoft Defender ATP:

- Stakeholders and sign-off
- Environment considerations
- Access
- Adoption order +| ![Phase 2: Setup](images/setup.png)
[Phase 2: Setup](production-deployment.md)| Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:

- Validating the licensing
- Completing the setup wizard within the portal
- Network configuration| | ![Phase 3: Onboard](images/onboard.png)
[Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them. You'll be guided on:

- Using Microsoft Endpoint Configuration Manager to onboard devices
- Configure capabilities diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 8a1693f9da..9f143e0672 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -31,12 +31,12 @@ Deploying Microsoft Defender ATP is a three-phase process: - Onboard to the Microsoft Defender ATP service + Setup the Microsoft Defender ATP service
Phase 2: Setup
- - Onboard + + Onboard
Phase 3: Onboard
diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 214a32b6ce..42e28d24f6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -62,10 +62,14 @@ Deploying Microsoft Defender ATP is a three-phase process: You are currently in the preparation phase. +Preparation is key to any successful deployment. In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Microsoft Defender ATP. + ## Stakeholders and Sign-off The following section serves to identify all the stakeholders that are involved -in this project and need to sign-off, review, or stay informed. Add stakeholders +in the project and need to sign-off, review, or stay informed. + +Add stakeholders to the table below as appropriate for your organization. - SO = Sign-off on this project @@ -154,8 +158,9 @@ structure required for your environment. ## Adoption Order In many cases, organizations will have existing endpoint security products in place. The bare minimum every organization should have is an antivirus solution. But in some cases, an organization might also have implanted an EDR solution already. + Historically, replacing any security solution used to be time intensive and difficult -to achieve, due to the tight hooks into the application layer and infrastructure +to achieve due to the tight hooks into the application layer and infrastructure dependencies. However, because Microsoft Defender ATP is built into the operating system, replacing third-party solutions is now easy to achieve. @@ -172,5 +177,10 @@ how the endpoint security suite should be enabled. | Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | | Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | +## Next step +||| +|:-------|:-----| +|![Phase 2: Setup](images/setup.png)
[Phase 2: Setup](production-deployment.md) | Setup Microsoft Defender ATP deployment + ## Related topic - [Production deployment](production-deployment.md)