deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/threat-protection/TOC.md
Iaan D'Souza-Wiltshire ab5ce5cd75 Merge branch 'master' into wdav-wdsc
2017-06-07 17:14:18 -07:00

21 KiB
Raw Blame History

Threat protection

Windows Defender Security Center

Windows Defender Advanced Threat Protection

Minimum requirements

Preview features

Data storage and privacy

Assign user access to the portal

Onboard endpoints and set up access

Configure endpoints

Configure endpoints using Group Policy
Configure endpoints using System Security Configuration Manager
Configure endpoints using Mobile Device Management tools
Configure endpoints using Microsoft Intune
Configure endpoints using a local script

Configure proxy and Internet settings

Troubleshoot onboarding issues

Portal overview

Use the Windows Defender ATP portal

View the Dashboard

View and organize the Alerts queue

Investigate alerts

Alert process tree
Incident graph
Alert timeline

Investigate files

Investigate an IP address

Investigate a domain

View and organize the Machines list

Investigate machines

Search for specific alerts
Filter events from a specific date
Export machine timeline events
Navigate between pages

Investigate a user account

Manage alerts

Take response actions

Take response actions on a machine
Isolate machines from the network
Undo machine isolation
Collect investigation package
Check activity details in Action center
Take response actions on a file
Stop and quarantine files in your network
Remove file from quarantine
Block files in your network
Check activity details in Action center
Deep analysis

####### Submit files for analysis ####### View deep analysis reports ####### Troubleshoot deep analysis

Pull alerts to your SIEM tools

Enable SIEM integration

Configure Splunk to pull alerts

Configure HP ArcSight to pull alerts

Windows Defender ATP alert API fields

Pull alerts using REST API

Troubleshoot SIEM tool integration issues

Use the threat intelligence API to create custom alerts

Understand threat intelligence concepts

Enable the custom threat intelligence application

Create custom threat intelligence alerts

PowerShell code examples

Python code examples

Experiment with custom threat intelligence alerts

Troubleshoot custom threat intelligence issues

Check sensor state

Fix unhealthy sensors

Inactive machines
Misconfigured machines

Configure Windows Defender ATP preferences settings

Update general settings

Turn on advanced features

Turn on preview experience

Configure email notifications

Enable SIEM integration

Enable Threat intel API

Windows Defender ATP settings

Windows Defender ATP service health

Troubleshoot Windows Defender ATP

Review events and errors on endpoints with Event Viewer

Windows Defender Antivirus compatibility

Windows Defender Antivirus in Windows 10

Windows Defender AV in the Windows Defender Security Center app

Windows Defender Antivirus on Windows Server

Windows Defender Antivirus and Advanced Threat Protection: Better together

Evaluate Windows Defender Antivirus protection

Deploy, manage updates, and report on Windows Defender Antivirus

Deploy and enable Windows Defender Antivirus

Deployment guide for VDI environments

Report on Windows Defender Antivirus protection

Manage updates and apply baselines

Manage protection and definition updates
Manage when protection updates should be downloaded and applied
Manage updates for endpoints that are out of date
Manage event-based forced updates
Manage updates for mobile devices and VMs

Configure Windows Defender Antivirus features

Utilize Microsoft cloud-delivered protection

Enable cloud-delivered protection
Specify the cloud-delivered protection level
Configure and validate network connections
Enable the Block at First Sight feature
Configure the cloud block timeout period

Configure behavioral, heuristic, and real-time protection

Detect and block Potentially Unwanted Applications
Enable and configure always-on protection and monitoring

Configure end-user interaction with Windows Defender AV

Configure the notifications that appear on endpoints
Prevent users from seeing or interacting with the user interface
Prevent or allow users to locally modify policy settings

Customize, initiate, and review the results of scans and remediation

Configure and validate exclusions in Windows Defender AV scans

Configure and validate exclusions based on file name, extension, and folder location
Configure and validate exclusions for files opened by processes
Configure exclusions in Windows Defender AV on Windows Server 2016

Configure scanning options in Windows Defender AV

Configure remediation for scans

Configure scheduled scans

Configure and run scans

Review scan results

Run and review the results of a Windows Defender Offline scan

Review event logs and error codes to troubleshoot issues

Reference topics for management and configuration tools

Use Group Policy settings to configure and manage Windows Defender AV

Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV

Use PowerShell cmdlets to configure and manage Windows Defender AV

Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV

Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV

Windows Defender SmartScreen

Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings

Set up and use Windows Defender SmartScreen on individual devices

Protect your enterprise data using Windows Information Protection (WIP)

Create a Windows Information Protection (WIP) policy

Create a Windows Information Protection (WIP) policy using Microsoft Intune

Deploy your Windows Information Protection (WIP) policy
Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune

Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager

Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate

Determine the Enterprise Context of an app running in Windows Information Protection (WIP)

Mandatory tasks and settings required to turn on Windows Information Protection (WIP)

Testing scenarios for Windows Information Protection (WIP)

Limitations while using Windows Information Protection (WIP)

How to collect Windows Information Protection (WIP) audit event logs

General guidance and best practices for Windows Information Protection (WIP)

Enlightened apps for use with Windows Information Protection (WIP)

Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)

Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)

Using Outlook Web Access with Windows Information Protection (WIP)

Mitigate threats by using Windows 10 security features

Override Process Mitigation Options to help enforce app-related security policies

Use Windows Event Forwarding to help with intrusion detection

Block untrusted fonts in an enterprise

Change history for Threat Protection