From ec510fd8c80f684c94ca564499894783ea1bac9b Mon Sep 17 00:00:00 2001 From: jcaparas Date: Wed, 7 Feb 2018 09:37:21 +0200 Subject: [PATCH 1/5] new siem error content --- ...ows-defender-advanced-threat-protection.md | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index 114d11828b..1088133d52 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -36,7 +36,7 @@ If your client secret expires or if you've misplaced the copy provided when you 1. Login to the [Azure management portal](https://ms.portal.azure.com). -2. Select **Active Directory**. +2. Select **Azure Active Directory**. 3. Select your tenant. @@ -49,7 +49,27 @@ If your client secret expires or if you've misplaced the copy provided when you 7. Copy the value and save it in a safe place. ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) / + + +## Error when getting a refresh access token +If you encounter an error when trying to get a refresh token when using the threat intelligence API, you'll need to add reply URL for relevant application in Azure Active Directory. + +1. Login to the [Azure management portal](https://ms.portal.azure.com). + +2. Select **Azure Active Directory**. + +3. Select your tenant. + +4. Click **Application**, then select your SIEM tool application. The application name is `https://windowsdefenderatpsiemconnector`. + +5. Select your threat intelligence API application. The name is `https://WindowsDefenderATPCustomerTiConnector`. + +6. Select **Settings** > **Reply URLs**. HI VADIM CAN YOU PLEASE CHECK IF THE BELOW IS ACCURATE - I TRIED TO ACCESS AZURE BUT I DON'T HAVE THE RIGHT PERMISSIONS. + +7. Add the following URL: `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`. + +8. Click **Save**. ## Related topics From 94eeda913f0aca7a80de804494f476f01244af5a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 12 Feb 2018 17:01:01 -0800 Subject: [PATCH 2/5] fixed step 4 --- ...-windows-defender-advanced-threat-protection.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index 1088133d52..b285654fc3 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -53,7 +53,7 @@ If your client secret expires or if you've misplaced the copy provided when you ## Error when getting a refresh access token -If you encounter an error when trying to get a refresh token when using the threat intelligence API, you'll need to add reply URL for relevant application in Azure Active Directory. +If you encounter an error when trying to get a refresh token when using the threat intelligence API or SIEM tools, you'll need to add reply URL for relevant application in Azure Active Directory. 1. Login to the [Azure management portal](https://ms.portal.azure.com). @@ -61,15 +61,13 @@ If you encounter an error when trying to get a refresh token when using the thre 3. Select your tenant. -4. Click **Application**, then select your SIEM tool application. The application name is `https://windowsdefenderatpsiemconnector`. +4. Click **App Registrations**. Then in the applications list, select the application: + - For SIEM: `https://WindowsDefenderATPSiemConnector` + - For Threat intelligence API: `https://WindowsDefenderATPCustomerTiConnector` -5. Select your threat intelligence API application. The name is `https://WindowsDefenderATPCustomerTiConnector`. +5. Add the following URL: `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`. -6. Select **Settings** > **Reply URLs**. HI VADIM CAN YOU PLEASE CHECK IF THE BELOW IS ACCURATE - I TRIED TO ACCESS AZURE BUT I DON'T HAVE THE RIGHT PERMISSIONS. - -7. Add the following URL: `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`. - -8. Click **Save**. +6. Click **Save**. ## Related topics From f3d49396595c25f8b165395d660b01ba27bbe791 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 13 Feb 2018 13:29:49 -0800 Subject: [PATCH 3/5] updated xml --- ...oy-windows-defender-application-control.md | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index 755ea84cfe..9c13d17bc5 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -142,6 +142,11 @@ Microsoft recommends that you block the following Microsoft-signed applications + + + + + @@ -392,6 +397,46 @@ Microsoft recommends that you block the following Microsoft-signed applications + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -430,6 +475,11 @@ Microsoft recommends that you block the following Microsoft-signed applications + + + + + @@ -678,6 +728,32 @@ Microsoft recommends that you block the following Microsoft-signed applications + + + + + + + + + + + + + + + + + + + + + + + + + + From 0535c23c5f00f46a39fa21843e1d7a4dc70ac43e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 13 Feb 2018 13:31:03 -0800 Subject: [PATCH 4/5] updated xml --- .../steps-to-deploy-windows-defender-application-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index 9c13d17bc5..eaba2eac26 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: brianlic-msft -ms.date: 11/02/2017 +ms.date: 102/13/2018 --- # Steps to Deploy Windows Defender Application Control From c13c5b9616e7924f25b96d381549ba084bb00022 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 13 Feb 2018 13:35:43 -0800 Subject: [PATCH 5/5] updated xml --- .../steps-to-deploy-windows-defender-application-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md index eaba2eac26..1475541a41 100644 --- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: brianlic-msft -ms.date: 102/13/2018 +ms.date: 02/13/2018 --- # Steps to Deploy Windows Defender Application Control