mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
528 lines
29 KiB
Plaintext
528 lines
29 KiB
Plaintext
# [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md)
|
|
|
|
## [Overview]()
|
|
### [Overview of Microsoft Defender ATP capabilities](overview.md)
|
|
### [Threat & Vulnerability Management]()
|
|
#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md)
|
|
#### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md)
|
|
#### [Exposure score](tvm-exposure-score.md)
|
|
#### [Configuration score](configuration-score.md)
|
|
#### [Security recommendation](tvm-security-recommendation.md)
|
|
#### [Remediation](tvm-remediation.md)
|
|
#### [Software inventory](tvm-software-inventory.md)
|
|
#### [Weaknesses](tvm-weaknesses.md)
|
|
#### [Scenarios](threat-and-vuln-mgt-scenarios.md)
|
|
|
|
|
|
### [Attack surface reduction]()
|
|
#### [Hardware-based isolation]()
|
|
##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md)
|
|
|
|
##### [Application isolation]()
|
|
###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md)
|
|
###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md)
|
|
|
|
##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md)
|
|
|
|
#### [Application control]()
|
|
##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md)
|
|
|
|
#### [Exploit protection](../windows-defender-exploit-guard/exploit-protection.md)
|
|
#### [Network protection](../windows-defender-exploit-guard/network-protection.md)
|
|
#### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders.md)
|
|
#### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction.md)
|
|
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md)
|
|
|
|
|
|
### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
|
|
|
|
|
|
### [Endpoint detection and response]()
|
|
#### [Endpoint detection and response overview](overview-endpoint-detection-response.md)
|
|
#### [Security operations dashboard](security-operations-dashboard.md)
|
|
|
|
#### [Incidents queue]()
|
|
##### [View and organize the Incidents queue](view-incidents-queue.md)
|
|
##### [Manage incidents](manage-incidents.md)
|
|
##### [Investigate incidents](investigate-incidents.md)
|
|
|
|
#### [Alerts queue]()
|
|
##### [View and organize the Alerts queue](alerts-queue.md)
|
|
##### [Manage alerts](manage-alerts.md)
|
|
##### [Investigate alerts](investigate-alerts.md)
|
|
##### [Investigate files](investigate-files.md)
|
|
##### [Investigate machines](investigate-machines.md)
|
|
##### [Investigate an IP address](investigate-ip.md)
|
|
##### [Investigate a domain](investigate-domain.md)
|
|
##### [Investigate a user account](investigate-user.md)
|
|
|
|
#### [Machines list]()
|
|
##### [View and organize the Machines list](machines-view-overview.md)
|
|
|
|
##### [Investigate machines]()
|
|
###### [Machine details](investigate-machines.md#machine-details)
|
|
###### [Response actions](investigate-machines.md#response-actions)
|
|
###### [Cards](investigate-machines.md#cards)
|
|
###### [Tabs](investigate-machines.md#tabs)
|
|
|
|
#### [Take response actions]()
|
|
##### [Take response actions on a machine]()
|
|
###### [Understand response actions](respond-machine-alerts.md)
|
|
###### [Manage tags](respond-machine-alerts.md#manage-tags)
|
|
###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation)
|
|
###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session)
|
|
###### [Collect investigation package from machines](respond-machine-alerts.md#collect-investigation-package-from-machines)
|
|
###### [Run Windows Defender Antivirus scan on machines](respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines)
|
|
###### [Restrict app execution](respond-machine-alerts.md#restrict-app-execution)
|
|
###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network)
|
|
###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center)
|
|
|
|
##### [Take response actions on a file]()
|
|
###### [Understand response actions](respond-file-alerts.md)
|
|
###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network)
|
|
###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine)
|
|
###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
|
|
###### [Deep analysis](respond-file-alerts.md#deep-analysis)
|
|
|
|
##### [Live response]()
|
|
###### [Investigate entities on machines](live-response.md)
|
|
###### [Live response command examples](live-response-command-examples.md)
|
|
|
|
|
|
### [Automated investigation and remediation]()
|
|
#### [Understand Automated investigations](automated-investigations.md)
|
|
#### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
|
|
#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)
|
|
|
|
|
|
### [Secure score](overview-secure-score.md)
|
|
|
|
|
|
### [Threat analytics](threat-analytics.md)
|
|
|
|
|
|
### [Microsoft Threat Experts](microsoft-threat-experts.md)
|
|
|
|
|
|
### [Advanced hunting]()
|
|
#### [Advanced hunting overview](advanced-hunting-overview.md)
|
|
|
|
#### [Query data using Advanced hunting]()
|
|
##### [Data querying basics](advanced-hunting-query-language.md)
|
|
##### [Advanced hunting reference](advanced-hunting-schema-reference.md)
|
|
##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md)
|
|
|
|
#### [Custom detections]()
|
|
##### [Understand custom detection rules](overview-custom-detections.md)
|
|
##### [Create custom detections rules](custom-detection-rules.md)
|
|
|
|
### [Management and APIs]()
|
|
#### [Overview of management and APIs](management-apis.md)
|
|
#### [Understand threat intelligence concepts](threat-indicator-concepts.md)
|
|
#### [Microsoft Defender ATP APIs](apis-intro.md)
|
|
#### [Managed security service provider support](mssp-support.md)
|
|
|
|
|
|
### [Integrations]()
|
|
#### [Microsoft Defender ATP integrations](threat-protection-integration.md)
|
|
#### [Conditional Access integration overview](conditional-access.md)
|
|
#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md)
|
|
|
|
#### [Information protection in Windows overview]()
|
|
##### [Windows integration](information-protection-in-windows-overview.md)
|
|
##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md)
|
|
|
|
|
|
### [Microsoft Threat Experts](microsoft-threat-experts.md)
|
|
|
|
|
|
### [Portal overview](portal-overview.md)
|
|
|
|
|
|
|
|
## [Get started]()
|
|
### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md)
|
|
### [Preview features](preview.md)
|
|
### [Evaluation lab](evaluation-lab.md)
|
|
### [Minimum requirements](minimum-requirements.md)
|
|
### [Validate licensing and complete setup](licensing.md)
|
|
|
|
### [Data storage and privacy](data-storage-privacy.md)
|
|
### [Assign user access to the portal](assign-portal-access.md)
|
|
|
|
### [Evaluate Microsoft Defender ATP capabilities]()
|
|
#### [Evaluate attack surface reduction]()
|
|
|
|
##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md)
|
|
###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md)
|
|
###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md)
|
|
###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md)
|
|
###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md)
|
|
###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md)
|
|
###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md)
|
|
###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
|
|
##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md)
|
|
|
|
### [Access the Microsoft Defender Security Center Community Center](community.md)
|
|
|
|
## [Configure and manage capabilities]()
|
|
|
|
### [Configure attack surface reduction](configure-attack-surface-reduction.md)
|
|
|
|
### [Hardware-based isolation]()
|
|
#### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
|
|
|
|
#### [Application isolation]()
|
|
##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md)
|
|
##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md)
|
|
|
|
#### [Application control](../windows-defender-application-control/windows-defender-application-control.md)
|
|
|
|
#### [Device control]()
|
|
##### [Control USB devices](../device-control/control-usb-devices-using-intune.md)
|
|
|
|
##### [Device Guard]()
|
|
###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
|
|
|
|
###### [Memory integrity]()
|
|
####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md)
|
|
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
|
|
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
|
|
|
|
#### [Exploit protection]()
|
|
##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
|
|
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
|
|
|
|
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
|
|
|
|
#### [Controlled folder access]()
|
|
##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders.md)
|
|
##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders.md)
|
|
|
|
#### [Attack surface reduction controls]()
|
|
##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md)
|
|
##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md)
|
|
|
|
#### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
|
|
|
|
|
|
### [Configure next generation protection]()
|
|
#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md)
|
|
#### [Utilize Microsoft cloud-delivered protection]()
|
|
##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
|
|
##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md)
|
|
##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md)
|
|
##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md)
|
|
##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md)
|
|
##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md)
|
|
|
|
#### [Configure behavioral, heuristic, and real-time protection]()
|
|
##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md)
|
|
##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
|
|
##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md)
|
|
|
|
#### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md)
|
|
|
|
#### [Antivirus compatibility]()
|
|
##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md)
|
|
##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md)
|
|
|
|
#### [Deploy, manage updates, and report on antivirus]()
|
|
##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md)
|
|
|
|
##### [Deploy and enable antivirus]()
|
|
###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md)
|
|
###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md)
|
|
|
|
##### [Report on antivirus protection]()
|
|
###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md)
|
|
###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md)
|
|
|
|
##### [Manage updates and apply baselines]()
|
|
###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md)
|
|
###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md)
|
|
###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md)
|
|
###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md)
|
|
###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md)
|
|
###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
|
|
|
|
#### [Customize, initiate, and review the results of scans and remediation]()
|
|
##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
|
|
|
##### [Configure and validate exclusions in antivirus scans]()
|
|
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
|
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
|
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
|
###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
|
|
|
##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
|
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
|
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
|
##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
|
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
|
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
|
|
|
|
#### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
|
|
|
#### [Manage antivirus in your business]()
|
|
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
|
##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
|
##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
|
##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
|
##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
|
##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
|
|
|
#### [Manage scans and remediation]()
|
|
##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md)
|
|
|
|
##### [Configure and validate exclusions in antivirus scans]()
|
|
###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md)
|
|
###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md)
|
|
###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md)
|
|
###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md)
|
|
|
|
##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md)
|
|
##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md)
|
|
##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md)
|
|
##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md)
|
|
##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md)
|
|
##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md)
|
|
##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md)
|
|
|
|
#### [Manage next generation protection in your business]()
|
|
##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md)
|
|
##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md)
|
|
##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md)
|
|
##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md)
|
|
##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md)
|
|
##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md)
|
|
|
|
|
|
### [Configure Secure score dashboard security controls](secure-score-dashboard.md)
|
|
|
|
|
|
### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md)
|
|
|
|
|
|
### [Endpoint detection and response management and API support]()
|
|
|
|
#### [Onboard machines]()
|
|
##### [Onboarding overview](onboard-configure.md)
|
|
##### [Onboard previous versions of Windows](onboard-downlevel.md)
|
|
|
|
##### [Onboard Windows 10 machines]()
|
|
###### [Ways to onboard](configure-endpoints.md)
|
|
###### [Onboard machines using Group Policy](configure-endpoints-gp.md)
|
|
###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md)
|
|
|
|
###### [Onboard machines using Mobile Device Management tools]()
|
|
####### [Overview](configure-endpoints-mdm.md)
|
|
####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune)
|
|
###### [Onboard machines using a local script](configure-endpoints-script.md)
|
|
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md)
|
|
|
|
##### [Onboard servers](configure-server-endpoints.md)
|
|
##### [Onboard non-Windows machines](configure-endpoints-non-windows.md)
|
|
##### [Onboard machines without Internet access](onboard-offline-machines.md)
|
|
##### [Run a detection test on a newly onboarded machine](run-detection-test.md)
|
|
##### [Run simulated attacks on machines](attack-simulations.md)
|
|
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
|
|
|
|
##### [Troubleshoot onboarding issues]()
|
|
###### [Troubleshooting basics](troubleshoot-onboarding.md)
|
|
###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md)
|
|
|
|
#### [Microsoft Defender ATP API]()
|
|
##### [Understand Microsoft Defender ATP APIs](use-apis.md)
|
|
##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md)
|
|
|
|
##### [Get started with Microsoft Defender ATP APIs]()
|
|
###### [Introduction](apis-intro.md)
|
|
###### [Hello World](api-hello-world.md)
|
|
###### [Get access with application context](exposed-apis-create-app-webapp.md)
|
|
###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
|
|
|
|
##### [APIs]()
|
|
###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md)
|
|
###### [Advanced Hunting](run-advanced-query-api.md)
|
|
|
|
###### [Alert]()
|
|
####### [Methods, properties, and JSON representation](alerts.md)
|
|
####### [List alerts](get-alerts.md)
|
|
####### [Create alert](create-alert-by-reference.md)
|
|
####### [Update Alert](update-alert.md)
|
|
####### [Get alert information by ID](get-alert-info-by-id.md)
|
|
####### [Get alert related domains information](get-alert-related-domain-info.md)
|
|
####### [Get alert related file information](get-alert-related-files-info.md)
|
|
####### [Get alert related IPs information](get-alert-related-ip-info.md)
|
|
####### [Get alert related machine information](get-alert-related-machine-info.md)
|
|
####### [Get alert related user information](get-alert-related-user-info.md)
|
|
|
|
###### [Machine]()
|
|
####### [Methods and properties](machine.md)
|
|
####### [List machines](get-machines.md)
|
|
####### [Get machine by ID](get-machine-by-id.md)
|
|
####### [Get machine log on users](get-machine-log-on-users.md)
|
|
####### [Get machine related alerts](get-machine-related-alerts.md)
|
|
####### [Add or Remove machine tags](add-or-remove-machine-tags.md)
|
|
####### [Find machines by IP](find-machines-by-ip.md)
|
|
|
|
###### [Machine Action]()
|
|
####### [Methods and properties](machineaction.md)
|
|
####### [List Machine Actions](get-machineactions-collection.md)
|
|
####### [Get Machine Action](get-machineaction-object.md)
|
|
####### [Collect investigation package](collect-investigation-package.md)
|
|
####### [Get investigation package SAS URI](get-package-sas-uri.md)
|
|
####### [Isolate machine](isolate-machine.md)
|
|
####### [Release machine from isolation](unisolate-machine.md)
|
|
####### [Restrict app execution](restrict-code-execution.md)
|
|
####### [Remove app restriction](unrestrict-code-execution.md)
|
|
####### [Run antivirus scan](run-av-scan.md)
|
|
####### [Offboard machine](offboard-machine-api.md)
|
|
####### [Stop and quarantine file](stop-and-quarantine-file.md)
|
|
####### [Initiate investigation (preview)](initiate-autoir-investigation.md)
|
|
|
|
###### [Indicators]()
|
|
####### [Methods and properties](ti-indicator.md)
|
|
####### [Submit Indicator](post-ti-indicator.md)
|
|
####### [List Indicators](get-ti-indicators-collection.md)
|
|
####### [Delete Indicator](delete-ti-indicator-by-id.md)
|
|
|
|
###### [Domain]()
|
|
####### [Get domain related alerts](get-domain-related-alerts.md)
|
|
####### [Get domain related machines](get-domain-related-machines.md)
|
|
####### [Get domain statistics](get-domain-statistics.md)
|
|
|
|
###### [File]()
|
|
####### [Methods and properties](files.md)
|
|
####### [Get file information](get-file-information.md)
|
|
####### [Get file related alerts](get-file-related-alerts.md)
|
|
####### [Get file related machines](get-file-related-machines.md)
|
|
####### [Get file statistics](get-file-statistics.md)
|
|
|
|
###### [IP]()
|
|
####### [Get IP related alerts](get-ip-related-alerts.md)
|
|
####### [Get IP statistics](get-ip-statistics.md)
|
|
|
|
###### [User]()
|
|
####### [Methods](user.md)
|
|
####### [Get user related alerts](get-user-related-alerts.md)
|
|
####### [Get user related machines](get-user-related-machines.md)
|
|
|
|
##### [How to use APIs - Samples]()
|
|
###### [Microsoft Flow](api-microsoft-flow.md)
|
|
###### [Power BI](api-power-bi.md)
|
|
###### [Advanced Hunting using Python](run-advanced-query-sample-python.md)
|
|
###### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md)
|
|
###### [Using OData Queries](exposed-apis-odata-samples.md)
|
|
|
|
#### [API for custom alerts]()
|
|
##### [Enable the custom threat intelligence application](enable-custom-ti.md)
|
|
##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md)
|
|
##### [Create custom threat intelligence alerts](custom-ti-api.md)
|
|
##### [PowerShell code examples](powershell-example-code.md)
|
|
##### [Python code examples](python-example-code.md)
|
|
##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md)
|
|
##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md)
|
|
|
|
#### [Pull Detections to your SIEM tools]()
|
|
##### [Learn about different ways to pull Detections](configure-siem.md)
|
|
##### [Enable SIEM integration](enable-siem-integration.md)
|
|
##### [Configure Splunk to pull Detections](configure-splunk.md)
|
|
##### [Configure HP ArcSight to pull Detections](configure-arcsight.md)
|
|
##### [Microsoft Defender ATP Detection fields](api-portal-mapping.md)
|
|
##### [Pull Detections using SIEM REST API](pull-alerts-using-rest-api.md)
|
|
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
|
|
|
|
#### [Reporting]()
|
|
##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md)
|
|
##### [Threat protection reports](threat-protection-reports.md)
|
|
##### [Machine health and compliance reports](machine-reports.md)
|
|
|
|
#### [Interoperability]()
|
|
##### [Partner applications](partner-applications.md)
|
|
|
|
#### [Manage machine configuration]()
|
|
##### [Ensure your machines are configured properly](configure-machines.md)
|
|
##### [Monitor and increase machine onboarding](configure-machines-onboarding.md)
|
|
##### [Increase compliance to the security baseline](configure-machines-security-baseline.md)
|
|
##### [Optimize ASR rule deployment and detections](configure-machines-asr.md)
|
|
|
|
#### [Role-based access control]()
|
|
|
|
##### [Manage portal access using RBAC]()
|
|
###### [Using RBAC](rbac.md)
|
|
###### [Create and manage roles](user-roles.md)
|
|
|
|
###### [Create and manage machine groups]()
|
|
####### [Using machine groups](machine-groups.md)
|
|
####### [Create and manage machine tags](machine-tags.md)
|
|
|
|
#### [Configure managed security service provider (MSSP) support](configure-mssp-support.md)
|
|
|
|
|
|
### [Configure Microsoft threat protection integration]()
|
|
#### [Configure Conditional Access](configure-conditional-access.md)
|
|
#### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md)
|
|
#### [Configure information protection in Windows](information-protection-in-windows-config.md)
|
|
|
|
|
|
### [Configure portal settings]()
|
|
#### [Set up preferences](preferences-setup.md)
|
|
|
|
#### [General]()
|
|
##### [Update data retention settings](data-retention-settings.md)
|
|
##### [Configure alert notifications](configure-email-notifications.md)
|
|
##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md)
|
|
##### [Enable Secure score security controls](enable-secure-score.md)
|
|
##### [Configure advanced features](advanced-features.md)
|
|
|
|
#### [Permissions]()
|
|
##### [Use basic permissions to access the portal](basic-permissions.md)
|
|
##### [Manage portal access using RBAC](rbac.md)
|
|
###### [Create and manage roles](user-roles.md)
|
|
###### [Create and manage machine groups](machine-groups.md)
|
|
####### [Create and manage machine tags](machine-tags.md)
|
|
|
|
#### [APIs]()
|
|
##### [Enable Threat intel](enable-custom-ti.md)
|
|
##### [Enable SIEM integration](enable-siem-integration.md)
|
|
|
|
#### [Rules]()
|
|
##### [Manage suppression rules](manage-suppression-rules.md)
|
|
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md)
|
|
##### [Manage indicators](manage-indicators.md)
|
|
##### [Manage automation file uploads](manage-automation-file-uploads.md)
|
|
##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md)
|
|
|
|
#### [Machine management]()
|
|
##### [Onboarding machines](onboard-configure.md)
|
|
##### [Offboarding machines](offboard-machines.md)
|
|
|
|
#### [Configure time zone settings](time-settings.md)
|
|
|
|
|
|
|
|
## [Troubleshoot Microsoft Defender ATP]()
|
|
|
|
### [Troubleshoot sensor state]()
|
|
#### [Check sensor state](check-sensor-status.md)
|
|
#### [Fix unhealthy sensors](fix-unhealthy-sensors.md)
|
|
#### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines)
|
|
#### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines)
|
|
#### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md)
|
|
|
|
|
|
### [Troubleshoot service issues]()
|
|
#### [Troubleshooting issues](troubleshoot-mdatp.md)
|
|
#### [Check service health](service-status.md)
|
|
|
|
|
|
### [Troubleshoot attack surface reduction issues]()
|
|
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
|
|
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
|
|
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md)
|
|
|
|
|
|
### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)
|