mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 06:47:21 +00:00
35 KiB
35 KiB
Threat protection
The Windows Defender Security Center app
Customize the Windows Defender Security Center app for your organization
Hide Windows Defender Security Center app notifications
Virus and threat protection
Device performance and health
Firewall and network protection
App and browser control
Family options
Windows Defender Advanced Threat Protection
Minimum requirements
Validate licensing and complete setup
Troubleshoot subscription and portal access issues
Preview features
Data storage and privacy
Assign user access to the portal
Onboard endpoints and set up access
Configure client endpoints
Configure endpoints using Group Policy
Configure endpoints using System Center Configuration Manager
Configure endpoints using Mobile Device Management tools
Configure endpoints using Microsoft Intune
Configure endpoints using a local script
Configure non-persistent virtual desktop infrastructure (VDI) machines
Configure non-Windows endpoints
Configure server endpoints
Run a detection test on a newly onboarded endpoint
Configure proxy and Internet connectivity settings
Troubleshoot onboarding issues
Portal overview
Use the Windows Defender ATP portal
View the Security operations dashboard
View the Security analytics dashboard
View and organize the Alerts queue
Investigate alerts
Alert process tree
Incident graph
Alert timeline
Investigate files
Investigate an IP address
Investigate a domain
View and organize the Machines list
Investigate machines
Manage machine group and tags
Alerts related to this machine
Machine timeline
Search for specific events
Filter events from a specific date
Export machine timeline events
Navigate between pages
Investigate a user account
Manage alerts
Take response actions
Take response actions on a machine
Collect investigation package
Run antivirus scan
Restrict app execution
Remove app restriction
Isolate machines from the network
Release machine from isolation
Check activity details in Action center
Take response actions on a file
Stop and quarantine files in your network
Remove file from quarantine
Block files in your network
Remove file from blocked list
Check activity details in Action center
Deep analysis
####### Submit files for analysis ####### View deep analysis reports ####### Troubleshoot deep analysis
Pull alerts to your SIEM tools
Enable SIEM integration
Configure Splunk to pull alerts
Configure HP ArcSight to pull alerts
Windows Defender ATP alert API fields
Pull alerts using REST API
Troubleshoot SIEM tool integration issues
Use the threat intelligence API to create custom alerts
Understand threat intelligence concepts
Enable the custom threat intelligence application
Create custom threat intelligence alerts
PowerShell code examples
Python code examples
Experiment with custom threat intelligence alerts
Troubleshoot custom threat intelligence issues
Use the Windows Defender ATP exposed APIs
Supported Windows Defender ATP query APIs
Actor
Get actor information
Get actor related alerts
Alerts
Get alerts
Get alert information by ID
Get alert related actor information
Get alert related domain information
Get alert related file information
Get alert related IP information
Get alert related machine information
Domain
Get domain related alerts
Get domain related machines
Get domain statistics
Is domain seen in organization
File
Get file information
Get file related alerts
Get file related machines
Get file statistics
IP
Get IP related alerts
Get IP related machines
Get IP statistics
Is IP seen in organization
Machines
Find machine information by IP
Get machines
Get machine by ID
Get machine log on users
Get machine related alerts
User
Get alert related user information
Get user information
Get user related alerts
Get user related machines
Supported Windows Defender ATP response APIs
Collect investigation package API
Isolate machine API
Release machine from isolation API
Restrict app execution API
Remove app restriction API
Run antivirus scan API
Stop and quarantine file API
Request sample API
Block file API
Unblock file API
Get package SAS URI API
Get MachineAction object API
Get MachineActions collection API
Get FileActions collection API
Get FileMachineAction object API
Get FileMachineActions collection API
Create and build Power BI reports using Windows Defender ATP data
Check sensor state
Fix unhealthy sensors
Inactive machines
Misconfigured machines
Windows Defender ATP service health
Configure Windows Defender ATP preferences settings
Update general settings
Turn on advanced features
Turn on preview experience
Configure email notifications
Enable SIEM integration
Enable Threat intel API
Enable and create Power BI reports using Windows Defender ATP data
Enable Security Analytics security controls
Windows Defender ATP settings
Access the Windows Defender ATP Community Center
Troubleshoot Windows Defender ATP
Review events and errors on endpoints with Event Viewer
Windows Defender Antivirus compatibility with Windows Defender ATP
Windows Defender Antivirus in Windows 10
Windows Defender AV in the Windows Defender Security Center app
Windows Defender AV on Windows Server 2016
Windows Defender Antivirus compatibility
Use limited periodic scanning in Windows Defender AV
Evaluate Windows Defender Antivirus protection
Deploy, manage updates, and report on Windows Defender Antivirus
Deploy and enable Windows Defender Antivirus
Deployment guide for VDI environments
Report on Windows Defender Antivirus protection
Troubleshoot Windows Defender Antivirus reporting in Update Compliance
Manage updates and apply baselines
Manage protection and definition updates
Manage when protection updates should be downloaded and applied
Manage updates for endpoints that are out of date
Manage event-based forced updates
Manage updates for mobile devices and VMs
Configure Windows Defender Antivirus features
Utilize Microsoft cloud-delivered protection
Enable cloud-delivered protection
Specify the cloud-delivered protection level
Configure and validate network connections
Enable the Block at First Sight feature
Configure the cloud block timeout period
Configure behavioral, heuristic, and real-time protection
Detect and block Potentially Unwanted Applications
Enable and configure always-on protection and monitoring
Configure end-user interaction with Windows Defender AV
Configure the notifications that appear on endpoints
Prevent users from seeing or interacting with the user interface
Prevent or allow users to locally modify policy settings
Customize, initiate, and review the results of scans and remediation
Configure and validate exclusions in Windows Defender AV scans
Configure and validate exclusions based on file name, extension, and folder location
Configure and validate exclusions for files opened by processes
Configure exclusions in Windows Defender AV on Windows Server 2016
Configure scanning options in Windows Defender AV
Configure remediation for scans
Configure scheduled scans
Configure and run scans
Review scan results
Run and review the results of a Windows Defender Offline scan
Review event logs and error codes to troubleshoot issues
Reference topics for management and configuration tools
Use Group Policy settings to configure and manage Windows Defender AV
Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV
Use PowerShell cmdlets to configure and manage Windows Defender AV
Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV
Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV
Windows Defender Exploit Guard
Evaluate Windows Defender Exploit Guard
Use auditing mode to evaluate Windows Defender Exploit Guard
View Exploit Guard events
Exploit protection
Comparison with Enhanced Mitigation Experience Toolkit
Evaluate Exploit protection
Enable Exploit protection
Customize Exploit protection
Import, export, and deploy Exploit protection configurations
Attack surface reduction
Evaluate Attack surface reduction
Enable Attack surface reduction
Customize Attack surface reduction
Network Protection
Evaluate Network Protection
Enable Network Protection
Controlled folder access
Evaluate Controlled folder access
Enable Controlled folder access
Customize Controlled folder access
Windows Defender SmartScreen
Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings
Set up and use Windows Defender SmartScreen on individual devices
##Windows Defender Application Guard ###System requirements for Windows Defender Application Guard ###Prepare and install Windows Defender Application Guard ###Configure the Group Policy settings for Windows Defender Application Guard ###Testing scenarios using Windows Defender Application Guard in your business or organization ###Frequently Asked Questions - Windows Defender Application Guard