mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-20 04:43:37 +00:00
Merge remote-tracking branch 'refs/remotes/origin/jdh1wcd' into 19H1
This commit is contained in:
Jeanie Decker
@ -95,6 +95,7 @@ This policy setting controls whether the elevation request prompt is displayed o
|
||||
|
||||
- **Enabled** (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
|
||||
- **Disabled** All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
|
||||
|
||||
## User Account Control: Virtualize file and registry write failures to per-user locations
|
||||
|
||||
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software.
|
||||
|
||||
@ -10,7 +10,7 @@ ms.author: pashort
|
||||
manager: elizapo
|
||||
ms.reviewer:
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 01/26/2019
|
||||
ms.date: 03/21/2019
|
||||
---
|
||||
|
||||
# VPN and conditional access
|
||||
@ -32,11 +32,7 @@ Conditional Access Platform components used for Device Compliance include the fo
|
||||
|
||||
- Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA.
|
||||
|
||||
- Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used.
|
||||
|
||||
Additional details regarding the Azure AD issued short-lived certificate:
|
||||
- The default lifetime is 60 minutes and is configurable
|
||||
- When that certificate expires, the client will again check with Azure AD so that continued health can be validated before a new certificate is issued allowing continuation of the connection
|
||||
- Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When that certificate expires, the client will again check with Azure AD for health validation before a new certificate is issued.
|
||||
|
||||
- [Microsoft Intune device compliance policies](https://docs.microsoft.com/intune/deploy-use/introduction-to-device-compliance-policies-in-microsoft-intune) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
|
||||
|
||||
|
||||
@ -15,12 +15,12 @@ ms.topic: conceptual
|
||||
ms.date: 04/19/2017
|
||||
---
|
||||
|
||||
# Network security: Configure encryption types allowed for Kerberos Win7 only
|
||||
# Network security: Configure encryption types allowed for Kerberos
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
|
||||
Describes the best practices, location, values and security considerations for the **Network security: Configure encryption types allowed for Kerberos Win7 only** security policy setting.
|
||||
Describes the best practices, location, values and security considerations for the **Network security: Configure encryption types allowed for Kerberos** security policy setting.
|
||||
|
||||
## Reference
|
||||
|
||||
@ -67,9 +67,9 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
|
||||
| Default domain policy| Not defined|
|
||||
| Default domain controller policy| Not defined|
|
||||
| Stand-alone server default settings | Not defined|
|
||||
| Domain controller effective default settings | None of these encryption types that are available in this policy are allowed.|
|
||||
| Member server effective default settings | None of these encryption types that are available in this policy are allowed.|
|
||||
| Effective GPO default settings on client computers | None of these encryption types that are available in this policy are allowed.|
|
||||
| Domain controller effective default settings | The default OS setting applies, DES suites are not supported by default.|
|
||||
| Member server effective default settings | The default OS setting applies, DES suites are not supported by default.|
|
||||
| Effective GPO default settings on client computers | The default OS setting applies, DES suites are not supported by default.|
|
||||
|
||||
## Security considerations
|
||||
|
||||
|
||||
@ -171,7 +171,7 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t
|
||||
|
||||
|
||||
8. Change **Assignment type=Required**.
|
||||
9. Click **Included Groups**. Select M**ake this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
|
||||
9. Click **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
|
||||
|
||||
|
||||
|
||||
@ -473,17 +473,17 @@ Or, from a command line:
|
||||
|
||||
## Known issues
|
||||
- Microsoft Defender ATP is not yet optimized for performance or disk space.
|
||||
- Centrally managed uninstall using Intune/JAMF is still in development. To uninstall (as a workaround an uninstall action has to be completed on each client device).
|
||||
- Centrally managed uninstall using Intune/JAMF is still in development. To uninstall (as a workaround) an uninstall action has to be completed on each client device).
|
||||
- Geo preference for telemetry traffic is not yet supported. Cloud traffic (definition updates) routed to US only.
|
||||
- Full Windows Defender ATP integration is not yet available
|
||||
- Not localized yet
|
||||
- There might be accessibility issues
|
||||
|
||||
### Installation issues
|
||||
If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. You can also contact xplatpreviewsupport@microsoft.com for support on onboarding issues.
|
||||
If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. You can also contact _**xplatpreviewsupport@microsoft.com**_ for support on onboarding issues.
|
||||
|
||||
|
||||
For feedback on the preview, contact: mdatpfeedback@microsoft.com.
|
||||
For feedback on the preview, contact: _**mdatpfeedback@microsoft.com**_.
|
||||
|
||||
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 30/07/2018
|
||||
---
|
||||
|
||||
# Supported Windows Defender ATP query APIs
|
||||
|
||||
@ -67,7 +67,15 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
|
||||
|
||||
1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
|
||||
|
||||
2. Select **Create a supression rule**.
|
||||
2. Select **Create a suppression rule**.
|
||||
|
||||
You can create a suppression rule based on the following attributes:
|
||||
|
||||
* File hash
|
||||
* File name - wild card supported
|
||||
* File path - wild card supported
|
||||
* IP
|
||||
* URL - wild card supported
|
||||
|
||||
3. Select the **Trigerring IOC**.
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 30/07/2018
|
||||
---
|
||||
|
||||
# Create custom reports using Power BI (app authentication)
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 30/07/2018
|
||||
---
|
||||
|
||||
# Create custom reports using Power BI (user authentication)
|
||||
|
||||
@ -14,7 +14,6 @@ manager: dansimp
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
ms.topic: article
|
||||
ms.date: 30/07/2018
|
||||
---
|
||||
|
||||
# Advanced Hunting using Python
|
||||
|
||||
@ -37,7 +37,7 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
|
||||
|
||||
## Requirements
|
||||
|
||||
Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
|
||||
Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defender AV real-time protection.
|
||||
|
||||
Windows 10 version | Windows Defender Antivirus
|
||||
- | -
|
||||
|
||||
@ -36,7 +36,7 @@ There are four steps to troubleshooting these problems:
|
||||
Attack surface reduction rules will only work on devices with the following conditions:
|
||||
|
||||
>[!div class="checklist"]
|
||||
> - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update).
|
||||
> - Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update).
|
||||
> - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
|
||||
> - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
|
||||
> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
|
||||
|
||||
@ -60,7 +60,7 @@ This section covers requirements for each feature in Windows Defender EG.
|
||||
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
|
||||
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
|
||||
| Exploit protection |  |  |  |  |
|
||||
| Attack surface reduction rules |  |  |  |  |
|
||||
| Attack surface reduction rules |  |  |  |  |
|
||||
| Network protection |  |  |  |  |
|
||||
| Controlled folder access |  |  |  |  |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user