You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/mtd.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ ms.subservice: onboard
7
7
ms.author: siosulli
8
8
author: siosulli
9
9
ms.localizationpriority: medium
10
-
ms.date: 01/28/2024
10
+
ms.date: 09/05/2024
11
11
manager: deniseb
12
12
audience: ITPro
13
13
ms.collection:
@@ -101,10 +101,10 @@ While evaluating mobile threat defense with Microsoft Defender for Endpoint, you
101
101
This helps reduce potential issues that could arise while rolling out the service. Here are some tests and exit criteria that might help:
102
102
103
103
- Devices show up in the device inventory list: After successful onboarding of Defender for Endpoint on the mobile device, verify that the device is listed in the Device Inventory in the [security console](https://security.microsoft.com).
104
+
<!---
105
+
- Run a malware detection test on an Android device: Install any test virus app from the Google play store and verify that it gets detected by Microsoft Defender for Endpoint. Here's an example app that can be used for this test: (We are working on new one, it will be updated soon). Note that on Android Enterprise with a work profile, only the work profile is supported. --->
104
106
105
-
- Run a malware detection test on an Android device: Install any test virus app from the Google play store and verify that it gets detected by Microsoft Defender for Endpoint. Here's an example app that can be used for this test: [Test virus](https://play.google.com/store/apps/details?id=com.antivirus&hl=en_US&gl=US). Note that on Android Enterprise with a work profile, only the work profile is supported.
106
-
107
-
- Run a phishing test: Browse to https://smartscreentestratings2.net and verify that it gets blocked by Microsoft Defender for Endpoint. Note that on Android Enterprise with a work profile, only the work profile is supported.
107
+
- Run a phishing test: Browse to `https://smartscreentestratings2.net` and verify that it gets blocked by Microsoft Defender for Endpoint. Note that on Android Enterprise with a work profile, only the work profile is supported.
108
108
109
109
- Alerts appear in dashboard: Verify that alerts for above detection tests appear on the [security console](https://security.microsoft.com).
> Ask Defender Experts is included in your Defender Experts for Hunting subscription with [monthly allocations](before-you-begin-defender-experts.md#eligibility-and-licensing). However, it's not a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
34
+
> Ask Defender Experts is included in your Defender Experts for Hunting subscription with [quarterly allocations](before-you-begin-defender-experts.md#eligibility-and-licensing). However, it's not a security incident response service. It's intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
35
35
36
36
Select **Ask Defender Experts** directly inside the Microsoft 365 security portal to get swift and accurate responses to all your threat hunting questions. Experts can provide insight to better understand the complex threats your organization might face. Ask Defender Experts can help:
37
37
38
38
- Gather additional information on alerts and incidents, including root causes and scope
39
39
- Gain clarity into suspicious devices, alerts, or incidents and take next steps if faced with an advanced attacker
40
40
- Determine risks and available protections related to threat actors, campaigns, or emerging attacker techniques
41
41
42
-
### Required permissions for submitting inquiries in the Ask Defender Experts panel
42
+
:::image type="content" source="media/ask-defender-expert-dialog.png" alt-text="Screenshot of the Ask Defender Experts dialog box." lightbox="media/ask-defender-expert-dialog.png":::
43
43
44
-
You need to select one of the following permissions before submitting inquires to our Defender experts. For more details about role-based access control (RBAC) permissions, see: [Microsoft Defender for Endpoint and Microsoft Defender XDR RBAC permissions](compare-rbac-roles.md#map-defender-for-endpoint-and-defender-vulnerability-management-permissions-to-the-microsoft-defender-xdr-rbac-permissions).
44
+
### Required permissions for using Ask Defender Experts
45
45
46
-
|Product name|Product RBAC permission|
46
+
You need to select one of the following Microsoft Defender XDR Unified RBAC permissions before submitting inquiries to our Defender experts.
47
+
48
+
|Permission name|Level|
47
49
|---|---|---|
48
-
| Microsoft Defender for Endpoint RBAC | Manage security settings in the Security Center|
49
-
| Microsoft Defender XDR Unified RBAC | Authorization and settings \ Security settings \ Core security settings (manage)</br>Authorization and settings \ Security settings \ Detection tuning (manage) |
50
+
| Security data basics | Read|
51
+
| Alerts | Manage |
52
+
| Response | Manage |
53
+
54
+
To learn more about Unified RBAC permissions, see: [Microsoft Defender XDR Unified RBAC permission details](custom-permissions-details.md#microsoft-defender-xdr-unified-rbac-permission-details).
50
55
51
-
### Where to find Ask Defender Experts
56
+
### Where to submit inquiries to Ask Defender Experts
52
57
53
58
The option to **Ask Defender Experts** is available in several places throughout the portal:
54
59
@@ -68,6 +73,23 @@ The option to **Ask Defender Experts** is available in several places throughout
68
73
69
74
:::image type="content" source="/defender/media/mte/defenderexperts/incidents-page-actions-menu.png" alt-text="Screenshot of the Ask Defender Experts menu option in the Incidents page actions menu in the Microsoft Defender portal.." lightbox="/defender/media/mte/defenderexperts/incidents-page-actions-menu.png":::
70
75
76
+
### Where to view responses from Defender Experts
77
+
78
+
#### In portal
79
+
80
+
You can view responses to inquiries submitted to Ask Defender Experts from up to six months ago by navigating to **Reports** > **Defender Experts messages**. You will also be able to ask follow-up questions or reply with more information to Defender Experts from this page.
81
+
82
+
:::image type="content" source="media/inportal-managed-response.png" alt-text="Screenshot of in-portal managed response." lightbox="media/inportal-managed-response.png":::
83
+
84
+
#### Email
85
+
86
+
If you included contact email addresses when submitting your inquiry, they will receive an email notification when a response from Defender Experts is posted.
87
+
88
+
:::image type="content" source="media/email-based-managed-response.png" alt-text="Screenshot of email based managed response." lightbox="media/email-based-managed-response.png":::
89
+
90
+
> [!NOTE]
91
+
> Defender Experts will not be able to assist you with inquiries regarding bugs or issues in your product experience in the Microsoft Defender XDR portal. You can reach out to Microsoft Support via the [Services Hub](https://serviceshub.microsoft.com/home) regarding such inquiries.
92
+
71
93
### Sample questions you can ask from Defender Experts
0 commit comments