You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/comprehensive-guidance-on-linux-deployment.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -130,7 +130,7 @@ The following table lists the supported proxy settings:
130
130
131
131
#### Step 3: Verify SSL inspection isn't being performed on the network traffic
132
132
133
-
To prevent man-in-the-middle attacks, all Microsoft Azure hosted traffic uses certificate pinning. As a result, SSL inspections by major firewall systems aren't allowed. You must bypass SSL inspection for Microsoft Defender for Endpoint URLs. For additional information about the certificate pinning process, see [enterprise-certificate-pinning](/windows/security/identity-protection/enterprise-certificate-pinning).
133
+
To prevent man-in-the-middle attacks, all Microsoft Azure hosted traffic uses certificate pinning. As a result, SSL inspections by major firewall systems aren't allowed. You must bypass SSL inspection for Microsoft Defender for Endpoint URLs. For additional information about the certificate pinning process, see [enterprise-certificate-pinning](/windows/security/identity-protection/enterprise-certificate-pinning).
Copy file name to clipboardExpand all lines: defender-endpoint/professional-services.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,7 +65,7 @@ Managed security services that assist organizations to detect threats early and
65
65
|[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection, and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.|
66
66
|[Nedscaper Managed XDR](https://nedscaper.com/mxdr/)|Nedscaper|Nedscaper Manager XDR (MDR) is a Managed Detect and Respond SaaS solution, which provides 24/7 Threat Protection, continues Vulnerability Management and combined Threat Intelligence built on Azure. The Microsoft Defender products and any security solution are connected to Microsoft Sentinel as the core platform for the Security analysts.|
67
67
|[dinext. pi-SOC](https://dinext-group.com/)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment.|
68
-
|[Synergy Advisors Teams App](https://synergyadvisors.biz/e-visor-teams-app/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
68
+
|[Synergy Advisors E-Visor Teams App](https://synergyadvisors.biz/e-visor-for-teams/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
69
69
|[Managed Microsoft XDR](https://www.cyberproof.com/security-services/managed-xdr-for-microsoft/)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.|
70
70
|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft Defender XDR products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|
71
71
|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.|
@@ -101,7 +101,7 @@ Respond to security incidents quickly, effectively and at scale with complete in
101
101
|[Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)|Secureworks|Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.|
102
102
|[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection, and Response solution is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.|
103
103
|[dinext. pi-SOC](https://dinext-group.com/)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment.|
104
-
|[Synergy Advisors Teams App](https://synergyadvisors.biz/e-visor-teams-app/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
104
+
|[Synergy Advisors E-Visor Teams App](https://synergyadvisors.biz/e-visor-for-teams/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
105
105
|[SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)|Sepago GmbH|SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft Defender XDR solutions and Microsoft Sentinel.SepagoSOC helps you to constantly evolve your security landscape with both technical and organizational experience.|
106
106
|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft Defender XDR products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|
107
107
|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.|
@@ -134,7 +134,7 @@ Protect your organization proactively by evaluating your organization's ability
134
134
|[Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)|Secureworks|Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.|
135
135
|[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.|
136
136
|[dinext. pi-SOC](https://dinext-group.com/)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment.|
137
-
|[Synergy Advisors Teams App](https://synergyadvisors.biz/e-visor-teams-app/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
137
+
|[Synergy Advisors E-Visor Teams App](https://synergyadvisors.biz/e-visor-for-teams/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
138
138
|[Managed Microsoft XDR](https://www.cyberproof.com/security-services/managed-xdr-for-microsoft/)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.|
139
139
|[SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)|Sepago GmbH|SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft Defender XDR solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|
140
140
|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft Defender XDR products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|
@@ -185,7 +185,7 @@ Mature and maintain your internal team's security capabilities to prevent, detec
185
185
|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.|
186
186
|[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.|
187
187
|[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection, and Response solution is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.|
188
-
|[Synergy Advisors Teams App](https://synergyadvisors.biz/e-visor-teams-app/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
188
+
|[Synergy Advisors E-Visor Teams App](https://synergyadvisors.biz/e-visor-for-teams/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Microsoft Entra ID while ensuring identity governance, and compliance.|
189
189
|[Managed Microsoft XDR](https://www.cyberproof.com/security-services/managed-xdr-for-microsoft/)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.|
190
190
|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft Defender XDR products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|
-[Device contain](/defender-endpoint/respond-machine-alerts#contain-devices-from-the-network) - based on Microsoft Defender for Endpoint's capability, this action is an automatic containment of a suspicious device to block any incoming/outgoing communication with the said device.
67
67
68
-
-[Disable user](/defender-for-identity/remediation-actions) - based on Microsoft Defender for Identity's capability, this action is an automatic suspension of a compromised account to prevent additional damage like lateral movement, malicious mailbox use, or malware execution.
68
+
-[Disable user](/defender-for-identity/remediation-actions) - based on Microsoft Defender for Identity's capability, this action is an automatic suspension of a compromised account to prevent additional damage like lateral movement, malicious mailbox use, or malware execution. The disable user action behaves differently depending on how the user is hosted in your environment.
69
+
- When the user account is hosted in Active Directory: Defender for Identity triggers the disable user action on domain controllers running the Defender for Identity agent.
70
+
- When the user account is hosted in Active Directory and is synced on Microsoft Entra ID: Defender for Identity triggers the disable user action via onboarded domain controllers. Attack disruption also disables the user account on the Entra ID synced account.
71
+
- When the user account is hosted in Entra ID only (cloud native account): attack disruption disable the user account on the Entra ID synced account.
72
+
73
+
> [!NOTE]
74
+
> Disabling the user account in Microsoft Entra ID is not dependent on the deployment of Microsoft Defender for Identity.
69
75
70
76
-[Contain user](/defender-endpoint/respond-machine-alerts#contain-user-from-the-network) - based on Microsoft Defender for Endpoint's capability, this response action automatically contains suspicious identities temporarily to help block any lateral movement and remote encryption related to incoming communication with Defender for Endpoint's onboarded devices.
> Microsoft Defender Experts for XDR is sold separately from other Microsoft Defender XDR products. If you're a Microsoft Defender XDR customer and are interested in purchasing Defender Experts for XDR, please contact your account manager.
29
-
28
+
> Microsoft Defender Experts for XDR is sold separately from other Microsoft Defender XDR products. If you're a Microsoft Defender XDR customer and are interested in purchasing Defender Experts for XDR, please complete this [customer interest form](https://aka.ms/IWantDefenderExperts).
30
29
> [!NOTE]
31
30
> Any incident response services offered by Defender Experts will be offered under the Defender Experts Service Terms.
Copy file name to clipboardExpand all lines: defender-xdr/manage-incidents.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -179,7 +179,7 @@ To generate the PDF, perform the following steps:
179
179
180
180
1. Open an incident page. Select the **More actions** ellipsis (...) on the upper right corner and choose **Export incident as PDF**.
181
181
182
-
:::image type="content" source="/defender/media/incidents-queue/export-ellipsis-small.png" alt-text="Screenshot highlighting the export incident to PDF option." lightbox="/defender/media/incidents-queue/export-ellipsis.png":::
182
+
:::image type="content" source="/defender/media/incidents-queue/export-ellipsis-small.png" alt-text="Screenshot highlighting the More actions ellipsis on the incident page." lightbox="/defender/media/incidents-queue/export-ellipsis.png":::
183
183
184
184
1. In the dialog box that appears next, confirm the incident information that you want to include or exclude in the PDF. All incident information is selected by default. Select **Export PDF** to proceed.
Copy file name to clipboardExpand all lines: exposure-management/whats-new.md
+1Lines changed: 1 addition & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,6 +32,7 @@ Security Exposure Management is currently in public preview.
32
32
Read how the *ExposureGraphEdges* and *ExposureGraphNodes* tables in Advanced Hunting helps your organizations proactively manage and understand your security posture by analyzing asset relationships and potential vulnerabilities.
33
33
34
34
**Blog** - [Microsoft Security Exposure Management Graph: Prioritization is the king](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-security-exposure-management-graph-prioritization-is/ba-p/4160316)
35
+
35
36
For more information, see, [Query the enterprise exposure graph](query-enterprise-exposure-graph.md)
0 commit comments