mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-25 07:13:37 +00:00
32 KiB
32 KiB
Windows Defender Advanced Threat Protection
Overview
Attack surface reduction
Hardware-based isolation
Application Guard
System Guard
Application control
Exploit protection
Network protection
Controlled folder access
Attack surface reduction
Network firewall
Next generation protection
Endpoint detection and response
Alerts queue
View and organize the Alerts queue
Manage alerts
Investigate alerts
Investigate files
Investigate machines
Investigate an IP address
Investigate a domain
Investigate a user account
Machines list
View and organize the Machines list
Manage machine group and tags
Alerts related to this machine
Machine timeline
Search for specific events
Filter events from a specific date
Export machine timeline events
Navigate between pages
Take response actions
Take response actions on a machine
Collect investigation package
Run antivirus scan
Restrict app execution
Remove app restriction
Isolate machines from the network
Release machine from isolation
Check activity details in Action center
Take response actions on a file
Stop and quarantine files in your network
Remove file from quarantine
Block files in your network
Remove file from blocked list
Check activity details in Action center
Deep analysis
Submit files for analysis
View deep analysis reports
Troubleshoot deep analysis
Query data using Advanced hunting
Advanced hunting reference
Advanced hunting query language best practices
Security operations dashboard
Auto investigation and remediation
Secure score
Threat analytics
Advanced hunting
Management and APIs
Supported Windows Defender ATP APIs
#####Actor
Get actor information
Get actor related alerts
#####Alerts
Get alerts
Get alert information by ID
Get alert related actor information
Get alert related domain information
Get alert related file information
Get alert related IP information
Get alert related machine information
######Domain ####### Get domain related alerts ####### Get domain related machines ####### Get domain statistics ####### Is domain seen in organization
#####File
Block file API
Get file information
Get file related alerts
Get file related machines
Get file statistics
Get FileActions collection API
Unblock file API
#####IP
Get IP related alerts
Get IP related machines
Get IP statistics
Is IP seen in organization
#####Machines
Collect investigation package API
Find machine information by IP
Get machines
Get FileMachineAction object API
Get FileMachineActions collection API
Get machine by ID
Get machine log on users
Get machine related alerts
Get MachineAction object API
Get MachineActions collection API
Get machines
Get package SAS URI API
Isolate machine API
Release machine from isolation API
Remove app restriction API
Request sample API
Restrict app execution API
Run antivirus scan API
Stop and quarantine file API
#####User
Get alert related user information
Get user information
Get user related alerts
Get user related machines
Understand threat intelligence concepts
Microsoft threat protection
Protect users, data, and devices with conditional access
Portal overview
Access the Windows Defender Security Center Community Center
Get started
Minimum requirements
Validate licensing and complete setup
Preview features
Data storage and privacy
Assign user access to the portal
Evaluate Windows Defender ATP
####Evaluate attack surface reduction
Hardware-based isolation
Application control
Exploit protection
Network Protection
Controlled folder access
Attack surface reduction controls
Network firewall
Next gen protection
Onboard machines, configure, and manage capabilities
Onboard machines
Onboard previous versions of Windows
Onboard Windows 10 machines
Onboard machines using Group Policy
Onboard machines using System Center Configuration Manager
Onboard machines using Mobile Device Management tools
Onboard machines using Microsoft Intune
Onboard machines using a local script
Onboard non-persistent virtual desktop infrastructure (VDI) machines
Onboard servers
Onboard non-Windows machines
Run a detection test on a newly onboarded machine
Run simulated attacks on machines
Configure proxy and Internet connectivity settings
Troubleshoot onboarding issues
Troubleshoot subscription and portal access issues
Configure attack surface reduction
Hardware-based isolation
Group Policy settings
Exploit protection
Customize exploit protection
Import/export configurations
Network protection
Controlled folder access
Customize controlled folder access
Attack surface reduction
Customize attack surface reduction
Network firewall
Configure next generation protection
Utilize Microsoft cloud-delivered protection
Enable cloud-delivered protection
Specify the cloud-delivered protection level
Configure and validate network connections
Enable Block at first sight
Configure the cloud block timeout period
Configure behavioral, heuristic, and real-time protection
Detect and block Potentially Unwanted Applications
Enable and configure always-on protection and monitoring
Antivirus on Windows Server 2016
Antivirus compatibility
Use limited periodic antivirus scanning
Deploy, manage updates, and report on Windows Defender Antivirus
Deploy and enable Windows Defender Antivirus
Deployment guide for VDI environments
Report on Windows Defender Antivirus protection
Troubleshoot Windows Defender Antivirus reporting in Update Compliance
Manage updates and apply baselines
Manage protection and definition updates
Manage when protection updates should be downloaded and applied
Manage updates for endpoints that are out of date
Manage event-based forced updates
Manage updates for mobile devices and VMs
Customize, initiate, and review the results of scans and remediation
Configure and validate exclusions in Windows Defender AV scans
Configure and validate exclusions based on file name, extension, and folder location
Configure and validate exclusions for files opened by processes
Configure exclusions in Windows Defender AV on Windows Server 2016
Configure scanning options in Windows Defender AV
Configure remediation for scans
Configure scheduled scans
Configure and run scans
Review scan results
Run and review the results of a Windows Defender Offline scan
Restore quarantined files in Windows Defender AV
Manage Windows Defender AV in your business
Use Group Policy settings to configure and manage Windows Defender AV
Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV
Use PowerShell cmdlets to configure and manage Windows Defender AV
Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV
Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV
Manage scans and remediation
Configure and validate exclusions in antivirus scans
Configure and validate exclusions based on file name, extension, and folder location
Configure and validate exclusions for files opened by processes
Configure antivirus exclusions on Windows Server 2016
Configure scanning options
Configure remediation for scans
Configure scheduled scans
Configure and run scans
Review scan results
Run and review the results of an offline scan
Restore quarantined files
Manage next generation protection in your business
Use Microsoft Intune and System Center Configuration Manager to manage next generation protection
Use Group Policy settings to manage next generation protection
Use PowerShell cmdlets to manage next generation protection
Use Windows Management Instrumentation (WMI) to manage next generation protection
Use the mpcmdrun.exe command line tool to manage next generation protection
Manage automatic investigation and remediation
Configure Secure score dashboard security controls
Management and API support
Pull alerts to your SIEM tools
Enable SIEM integration
Configure Splunk to pull alerts
Configure HP ArcSight to pull alerts
Windows Defender ATP alert API fields
Pull alerts using REST API
Troubleshoot SIEM tool integration issues
API for custom alerts
Enable the custom threat intelligence application
Use the Windows Defender ATP exposed APIs
Use the threat intelligence API to create custom alerts
####### Create custom threat intelligence alerts ####### PowerShell code examples ####### Python code examples ####### Experiment with custom threat intelligence alerts
Troubleshoot custom threat intelligence issues
Reporting
Create and build Power BI reports using Windows Defender ATP data
Configure Windows Defender Security Center settings
####General
Update data retention settings
Configure alert notifications
Enable and create Power BI reports using Windows Defender Security center data
Enable Secure score security controls
Configure advanced features
####Permissions
Manage portal access using RBAC
Create and manage machine groups
####APIs
Enable Threat intel
Enable SIEM integration
####Rules
Manage suppression rules
Manage automation allowed/blocked
Manage automation file uploads
Manage automation folder exclusions
####Machine management
Onboarding machines
Offboarding machines
Configure Windows Defender Security Center time zone settings
Configure Windows Defender Security Center settings
####General
Update data retention settings
Configure alert notifications
Enable and create Power BI reports using Windows Defender Security center data
Enable Secure score security controls
Configure advanced features
####Permissions
Manage portal access using RBAC
Create and manage machine groups
####APIs
Enable Threat intel
Enable SIEM integration
####Rules
Manage suppression rules
Manage automation allowed/blocked
Manage automation file uploads
Manage automation folder exclusions
####Machine management
Onboarding machines
Offboarding machines
Configure Windows Defender Security Center time zone settings
Troubleshoot Windows Defender ATP
###Troubleshoot sensor state
Check sensor state
Fix unhealthy sensors
Inactive machines
Misconfigured machines
Review sensor events and errors on machines with Event Viewer
Troubleshoot Windows Defender ATP service issues
Check service health
###Troubleshoot attack surface reduction