You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/security-upload-guide.md
+22-2Lines changed: 22 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.topic: install-set-up-deploy
14
14
search.appverid:
15
15
- MOE150
16
16
- MET150
17
-
ms.date: 11/18/2024
17
+
ms.date: 11/18/2025
18
18
appliesto:
19
19
- Microsoft Defender XDR
20
20
- Microsoft Sentinel with Defender XDR in the Microsoft Defender portal
@@ -59,4 +59,24 @@ Then follow these steps:
59
59
60
60
:::image type="content" source="./media/security-upload-guide/approve-guidebook.png" alt-text="Screenshot of the approve and activate button for uploaded guidebooks.":::
61
61
62
-
Copilot uses the most relevant guidance it has for each incident. A banner shows which guidebook is being used for the current recommendation.
62
+
1. Make sure the guidebook appears as active in the **Guidebooks** tab. To deactivate it later, select the guidebook and choose **Deactivate**.
63
+
64
+
:::image type="content" source="./media/security-upload-guide/active-guidebooks.png" alt-text="Screenshot of the active guidebooks tab.":::
65
+
66
+
Copilot will prioritize your organization's custom guidebooks over the default ones provided by Microsoft. If multiple guidebooks are relevant, Copilot will use the one that best matches the incident context.
67
+
68
+
:::image type="content" source="./media/security-upload-guide/custom-responses.png" alt-text="Screenshot of suggested responses based on the custom guidebooks.":::
69
+
70
+
You have the opportunity to provide feedback on the effectiveness of the guided responses generated from your organization's guidebooks. This feedback helps improve future recommendations.
71
+
72
+
:::image type="content" source="./media/security-upload-guide/feedback.png" alt-text="Screenshot of the feedback window for guided responses.":::
73
+
74
+
## Best practices for creating effective guidebooks
75
+
76
+
For examples of Microsoft's own incident response playbooks, see [Incident response playbooks](/security/operations/incident-response-playbooks).
77
+
78
+
When creating your organization's guidebooks, consider the following best practices:
79
+
80
+
-**Clarity and Conciseness**: Ensure that the guidelines are clear and concise to facilitate quick understanding and action.
81
+
-**Text only**: The guidebook can only read text. Avoid using images, graphs, or complex formatting that may hinder text extraction.
82
+
-**Regular Updates**: Periodically review and update the guidebooks to reflect any changes in your organization's policies or procedures.
0 commit comments