You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/security-upload-guide.md
+2-11Lines changed: 2 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,7 @@ This guide outlines how to upload your organization's specific guidelines to Mic
30
30
31
31
## Prerequisites
32
32
33
-
- You must have appropriate permissions to upload files in the Microsoft Defender portal. Typically, this requires being assigned a role such as Security Administrator.
33
+
- You must be at least a security administrator to upload, approve or delete files. Security operators can review the guidebooks but not manage them.
34
34
- Your organization-specific guidelines should be in a supported format (PDF, DOCX, TXT) and should not exceed the maximum file size limit of 3 MB.
35
35
36
36
## Steps to upload organization-specific guidelines
@@ -52,20 +52,11 @@ Then follow these steps:
52
52
1. Browse to the file location, choose the file, and then select **Generate**.
53
53
1. After the file is uploaded, go to the **Pending review** tab.
1. The pending review tab shows the new recommendations based on the uploaded guidebook. Review the file to ensure it meets your organization's standards. Select the guidebook name and review the suggested generated tasks.
58
-
59
-
60
55
:::image type="content" source="./media/security-upload-guide/pending-review.png" alt-text="Screenshot of the pending review tab for uploaded guidebooks.":::
61
56
57
+
1. The pending review tab shows the new recommendations based on the uploaded guidebook. Review the file to ensure it meets your organization's standards. Select the guidebook name and review the suggested generated tasks.
62
58
1. If the guidebook meets your standards, select **Approve and activate** to make it available for use in guided responses. If it does not meet your standards, select **Delete** to remove it.
63
59
64
60
:::image type="content" source="./media/security-upload-guide/approve-guidebook.png" alt-text="Screenshot of the approve and activate button for uploaded guidebooks.":::
65
61
66
62
Copilot uses the most relevant guidance it has for each incident. A banner shows which guidebook is being used for the current recommendation.
67
-
68
-
## Considerations and limitations
69
-
70
-
- You must be at least a security administrator to upload, approve or delete files. Security operators can review the guidebooks but not manage them.
0 commit comments