Merge pull request #89509 from memildin/asc-melvyn-test

ShannonLeavitt · web-flow · commit 0892506390c8 · 2019-09-24T01:43:02.000-07:00
Updated branding of WDATP
diff --git a/articles/security-center/TOC.yml b/articles/security-center/TOC.yml
@@ -69,7 +69,7 @@
     href: security-center-secure-score.md
   - name: Upgrade to advanced security
     href: security-center-onboarding.md
-  - name: Server protection with Windows Defender ATP
+  - name: Server protection with Microsoft Defender ATP
     href: security-center-wdatp.md
   - name: Advanced data security for SQL on Azure VMs (Public Preview)
     href: security-center-iaas-advanced-data.md
diff --git a/articles/security-center/security-center-alerts-iaas.md b/articles/security-center/security-center-alerts-iaas.md
@@ -30,7 +30,7 @@ Security Center extends its cloud workload protection platforms by integrating w
 > [!NOTE]
 > Windows Server Defender ATP sensor is automatically enabled on Windows servers that use Security Center.
 
-When Windows Server Defender ATP detects a threat, it triggers an alert. The alert is shown on the Security Center dashboard. From the dashboard, you can pivot to the Windows Defender ATP console, and perform a detailed investigation to uncover the scope of the attack. For more information about Windows Server Defender ATP, see [Onboard servers to the Windows Defender ATP service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints).
+When Windows Server Defender ATP detects a threat, it triggers an alert. The alert is shown on the Security Center dashboard. From the dashboard, you can pivot to the Microsoft Defender ATP console, and perform a detailed investigation to uncover the scope of the attack. For more information about Windows Server Defender ATP, see [Onboard servers to the Microsoft Defender ATP service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints).
 
 ### Crash dump analysis <a nanme="windows-dump"></a>
 
diff --git a/articles/security-center/security-center-services.md b/articles/security-center/security-center-services.md
@@ -11,7 +11,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 08/29/2019
+ms.date: 09/24/2019
 ms.author: memildin
 ---
 # Supported features available in Azure Security Center
@@ -35,7 +35,7 @@ The following sections show Security Center features that are available for thei
 ||**Virtual Machine**|**Virtual Machine Scale Set**||**Virtual Machine**|**Virtual Machine Scale Set**|
 |VMBA threat detection alerts|✔|✔|✔|✔ (on supported versions)|✔ (on supported versions)|✔|Recommendations (Free) Threat Detection (Standard)|
 |Network-based threat detection alerts|✔|✔|X|✔|✔|X|Standard|
-|Windows Defender ATP integration|✔ (on supported versions)|✔ (on supported versions)|✔|X|X|X|Standard|
+|Microsoft Defender ATP integration|✔ (on supported versions)|✔ (on supported versions)|✔|X|X|X|Standard|
 |Missing patches|✔|✔|✔|✔|✔|✔|Free|
 |Security configurations|✔|✔|✔|✔|✔|✔|Free|
 |Endpoint protection assessment|✔|✔|✔|X|X|X|Free|
diff --git a/articles/security-center/security-center-wdatp.md b/articles/security-center/security-center-wdatp.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Defender Advanced Threat Protection with Azure Security Center
-description: This document introduces the integration between Azure Security Center and Windows Defender Advanced Threat Protection.
+title: Microsoft Defender Advanced Threat Protection with Azure Security Center
+description: This document introduces the integration between Azure Security Center and Microsoft Defender Advanced Threat Protection.
 services: security-center
 documentationcenter: na
 author: memildin
@@ -10,48 +10,48 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 08/21/2019
+ms.date: 09/24/2019
 ms.author: memildin
 ---
-# Windows Defender Advanced Threat Protection with Azure Security Center
+# Microsoft Defender Advanced Threat Protection with Azure Security Center
 
-Azure Security Center is extending its Cloud Workload Protection Platforms offering by integrating with [Windows Defender Advanced Threat Protection](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) (ATP).
-This change brings comprehensive Endpoint Detection and Response (EDR) capabilities. With Windows Defender ATP integration, you can spot abnormalities. You can also detect and respond to advanced attacks on server endpoints monitored by Azure Security Center.
+Azure Security Center is extending its Cloud Workload Protection Platforms offering by integrating with [Microsoft Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (ATP).
+This change brings comprehensive Endpoint Detection and Response (EDR) capabilities. With Microsoft Defender ATP integration, you can spot abnormalities. You can also detect and respond to advanced attacks on server endpoints monitored by Azure Security Center.
 
-## Windows Defender ATP features in Security Center
+## Microsoft Defender ATP features in Security Center
 
-When you use Windows Defender ATP you get:
+When you use Microsoft Defender ATP you get:
 
-- **Next-generation post breach detection sensors**: Windows Defender ATP sensors for Windows servers collect a vast array of behavioral signals.
+- **Next-generation post breach detection sensors**: Microsoft Defender ATP sensors for Windows servers collect a vast array of behavioral signals.
 
-- **Analytics-based, cloud-powered post breach detection**: Windows Defender ATP quickly adapts to changing threats. It uses advanced analytics and big data. Windows Defender ATP is amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly.
+- **Analytics-based, cloud-powered post breach detection**: Microsoft Defender ATP quickly adapts to changing threats. It uses advanced analytics and big data. Microsoft Defender ATP is amplified by the power of the Intelligent Security Graph with signals across Windows, Azure, and Office to detect unknown threats. It provides actionable alerts and enables you to respond quickly.
 
-- **Threat intelligence**: Windows Defender ATP identifies attacker tools, techniques, and procedures. When it detects these, it generates alerts. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners.
+- **Threat intelligence**: Microsoft Defender ATP identifies attacker tools, techniques, and procedures. When it detects these, it generates alerts. It uses data generated by Microsoft threat hunters and security teams, augmented by intelligence provided by partners.
 
 These capabilities are now available in Azure Security Center:
 
-- **Automated onboarding**: The Windows Defender ATP sensor is automatically enabled for Windows servers that are onboarded to Azure Security Center.
+- **Automated onboarding**: The Microsoft Defender ATP sensor is automatically enabled for Windows servers that are onboarded to Azure Security Center.
 
-- **Single pane of glass**: The Azure Security Center console displays Windows Defender ATP alerts.
+- **Single pane of glass**: The Azure Security Center console displays Microsoft Defender ATP alerts.
 
-- **Detailed machine investigation**: Azure Security Center customers can access Windows Defender ATP console to perform a detailed investigation to uncover the scope of a breach.
+- **Detailed machine investigation**: Azure Security Center customers can access Microsoft Defender ATP console to perform a detailed investigation to uncover the scope of a breach.
 
 ![Azure Security Center, displaying a list of alerts and general information about each alert](media/security-center-wdatp/image1.png)
 
-You can further investigate the alert by pivoting to Windows Defender ATP. There you can see additional information such as the alert process tree and the incident graph. You can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.
+You can further investigate the alert by pivoting to Microsoft Defender ATP. There you can see additional information such as the alert process tree and the incident graph. You can also see a detailed machine timeline that shows every behavior for a historical period of up to six months.
 
-![Windows Defender ATP page with detailed information about an alert](media/security-center-wdatp/image3.png)
+![Microsoft Defender ATP page with detailed information about an alert](media/security-center-wdatp/image3.png)
 
 ## Platform support
 
-Windows Defender ATP in Security Center supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription.
+Microsoft Defender ATP in Security Center supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription.
 
 > [!NOTE]
-> When you use Azure Security Center to monitor servers, a Windows Defender ATP tenant is automatically created and the Windows Defender ATP data is stored in Europe by default. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant.
+> When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created and the Microsoft Defender ATP data is stored in Europe by default. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant.
 
 ## Onboarding servers to Security Center 
 
-To onboard servers to Security Center, click **Go to Azure Security Center to onboard servers** from the Windows Defender ATP server onboarding.
+To onboard servers to Security Center, click **Go to Azure Security Center to onboard servers** from the Microsoft Defender ATP server onboarding.
 
 1. In the **Onboarding** blade select or create a workspace in which to store the data. <br>
 2. If you can’t see all your workspaces, it may be due to a lack of permissions, make sure your workspace is set to Azure Security Standard tier. For more information see [Upgrade to Security Center's Standard tier for enhanced security](security-center-pricing.md).
@@ -62,35 +62,32 @@ To onboard servers to Security Center, click **Go to Azure Security Center to on
 
    ![Onboard computers](media/security-center-wdatp/onboard-computers.png)
 
-## Enable Windows Defender ATP integration
-
-To view if Windows Defender ATP integration is enabled, select **Security center** > **Pricing & settings** > click on your subscription.
-
-  ![Azure Security Center Policy Management](media/security-center-wdatp/policy-management.png)
+## Enable Microsoft Defender ATP integration
 
+To view if Microsoft Defender ATP integration is enabled, select **Security center** > **Pricing & settings** > click on your subscription.
 Here you can see the integrations currently enabled.
 
-  ![Azure Security Center Threat detection settings page with Windows Defender ATP integration enabled](media/security-center-wdatp/enable-integrations.png)
+  ![Azure Security Center Threat detection settings page with Microsoft Defender ATP integration enabled](media/security-center-wdatp/enable-integrations.png)
 
-- If you've already onboarded the servers to Azure Security Center standard tier, you need take no further action. Azure Security Center will automatically onboard the servers to Windows Defender ATP. This might take up to 24 hours.
+- If you've already onboarded the servers to Azure Security Center standard tier, you need take no further action. Azure Security Center will automatically onboard the servers to Microsoft Defender ATP. This might take up to 24 hours.
 
 - If you've never onboarded the servers to Azure Security Center standard tier, onboard them to Azure Security Center as usual.
 
-- If you've onboarded the servers through Windows Defender ATP:
+- If you've onboarded the servers through Microsoft Defender ATP:
   - Refer to the documentation for guidance on [how to offboard server machines](https://go.microsoft.com/fwlink/p/?linkid=852906).
   - Onboard these servers to Azure Security Center.
 
-## Access to the Windows Defender ATP portal
+## Access to the Microsoft Defender ATP portal
 
-Follow the instructions in [Assign user access to the portal](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection).
+Follow the instructions in [Assign user access to the portal](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access).
 
 ## Set the firewall configuration
 
-If you have a proxy or firewall that is blocking anonymous traffic, as a Windows Defender ATP sensor is connecting from the system context, make sure that anonymous traffic is permitted. Follow the instructions in [Enable access to Windows Defender ATP service URLs in the proxy server](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+If you have a proxy or firewall that is blocking anonymous traffic, as a Microsoft Defender ATP sensor is connecting from the system context, make sure that anonymous traffic is permitted. Follow the instructions in [Enable access to Microsoft Defender ATP service URLs in the proxy server](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 
 ## Test the feature
 
-To generate a benign Windows Defender ATP test alert:
+To generate a benign Microsoft Defender ATP test alert:
 
 1. Use Remote Desktop to access either a Windows Server 2012 R2 VM or a Windows Server 2016 VM.  Open a Command Prompt window.
 
@@ -102,11 +99,11 @@ To generate a benign Windows Defender ATP test alert:
 
    ![A Command Prompt window with the command above](media/security-center-wdatp/image4.jpeg)
 
-3. If the command is successful, you'll see a new alert on the Azure Security Center dashboard and the Windows Defender ATP portal. This alert might take a few minutes to appear.
+3. If the command is successful, you'll see a new alert on the Azure Security Center dashboard and the Microsoft Defender ATP portal. This alert might take a few minutes to appear.
 
 4. To review the alert in Security Center, go to **Security Alerts** >  **Suspicious Powershell CommandLine**.
 
-5. From the investigation window, select the link to go to the Windows Defender ATP portal.
+5. From the investigation window, select the link to go to the Microsoft Defender ATP portal.
 
 ## Next steps
 
diff --git a/articles/security/fundamentals/operational-best-practices.md b/articles/security/fundamentals/operational-best-practices.md
@@ -93,7 +93,7 @@ The Free tier of Security Center offers limited security for only your Azure res
 
 Use Security Center to get a central view of the security state of all your Azure resources. At a glance, verify that the appropriate security controls are in place and configured correctly, and quickly identify any resources that need attention.
 
-Security Center also integrates with [Windows Defender Advanced Threat Protection (ATP)](../../security-center/security-center-wdatp.md), which provides comprehensive Endpoint Detection and Response (EDR) capabilities. With Windows Defender ATP integration, you can spot abnormalities. You can also detect and respond to advanced attacks on server endpoints monitored by Security Center.
+Security Center also integrates with [Microsoft Defender Advanced Threat Protection (ATP)](../../security-center/security-center-wdatp.md), which provides comprehensive Endpoint Detection and Response (EDR) capabilities. With Microsoft Defender ATP integration, you can spot abnormalities. You can also detect and respond to advanced attacks on server endpoints monitored by Security Center.
 
 Almost all enterprise organizations have a security information and event management (SIEM) system to help identify emerging threats by consolidating log information from diverse signal gathering devices. The logs are then analyzed by a data analytics system to help identify what’s “interesting” from the noise that is inevitable in all log gathering and analytics solutions.
 
@@ -119,7 +119,7 @@ The secure score, which is based on Center for Internet Security (CIS) controls,
 **Detail**: Use [Azure Monitor to gather and export data](/azure/azure-monitor/overview#integrate-and-export-data). This practice is critical for enabling security incident investigation, and online log retention is limited. If you’re using Azure Sentinel, see [Connect data sources](../../sentinel/connect-data-sources.md).
 
 **Best practice**: Speed up your investigation and hunting processes and reduce false positives by integrating Endpoint Detection and Response (EDR) capabilities into your attack investigation.   
-**Detail**: [Enable Windows Defender ATP integration](../../security-center/security-center-wdatp.md#enable-windows-defender-atp-integration) via your Security Center security policy. Consider using Azure Sentinel for threat hunting and incident response.
+**Detail**: [Enable Microsoft Defender ATP integration](../../security-center/security-center-wdatp.md#enable-microsoft-defender-atp-integration) via your Security Center security policy. Consider using Azure Sentinel for threat hunting and incident response.
 
 ## Monitor end-to-end scenario-based network monitoring
 Customers build an end-to-end network in Azure by combining network resources like a virtual network, ExpressRoute, Application Gateway, and load balancers. Monitoring is available on each of the network resources.
