From 8d30edefb86faf612723550c0c8d9e76de70a8eb Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 7 May 2020 08:53:10 -0700 Subject: [PATCH 01/50] Add AUMIDs Adding AUMIDs for File Explorer and Store. Even though they are not recommended we have promised to provide them. --- devices/hololens/hololens-kiosk.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index c08a6c076b..1bbd7ddefd 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -98,7 +98,9 @@ If you use a Mobile Device Management (MDM) system or a provisioning package to |Dynamics 365 Guides |Microsoft.Dynamics365.Guides\_8wekyb3d8bbwe\!MicrosoftGuides | |Dynamics 365 Remote Assist |Microsoft.MicrosoftRemoteAssist\_8wekyb3d8bbwe\!Microsoft.RemoteAssist | |Feedback Hub |Microsoft.WindowsFeedbackHub\_8wekyb3d8bbwe\!App | -|Mail |c5e2524a-ea46-4f67-841f-6a9465d9d515\_cw5n1h2txyewy\!App | +|File Explorer |c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App | +|Mail |microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail | +|Microsoft Store |Microsoft.WindowsStore_8wekyb3d8bbwe!App | |Miracast4 |  | |Movies & TV |Microsoft.ZuneVideo\_8wekyb3d8bbwe\!Microsoft.ZuneVideo | |OneDrive |microsoft.microsoftskydrive\_8wekyb3d8bbwe\!App | From fd2fc009bede7d527aeb5f9d841e03c9938e14a6 Mon Sep 17 00:00:00 2001 From: "Jeff Reeds (Aquent LLC)" Date: Thu, 21 May 2020 14:21:37 -0700 Subject: [PATCH 02/50] Changed Windows to Microsoft Changed only UX content; will change links later. --- .../update/how-windows-update-works.md | 2 +- .../update/update-compliance-monitor.md | 4 ++-- .../update/update-compliance-using.md | 4 ++-- windows/privacy/gdpr-win10-whitepaper.md | 18 +++++++++--------- ...-system-components-to-microsoft-services.md | 10 +++++----- .../privacy/manage-windows-1809-endpoints.md | 2 +- .../privacy/windows-diagnostic-data-1703.md | 2 +- windows/privacy/windows-diagnostic-data.md | 2 +- windows/security/threat-protection/TOC.md | 8 ++++---- .../control-usb-devices-using-intune.md | 14 +++++++------- .../threat-protection/intelligence/criteria.md | 4 ++-- .../intelligence/developer-faq.md | 4 ++-- .../intelligence/developer-resources.md | 2 +- .../intelligence/malware-naming.md | 2 +- .../intelligence/safety-scanner-download.md | 4 ++-- .../intelligence/support-scams.md | 4 ++-- .../intelligence/trojans-malware.md | 2 +- .../intelligence/unwanted-software.md | 2 +- .../intelligence/worms-malware.md | 2 +- .../advanced-features.md | 2 +- .../advanced-hunting-deviceevents-table.md | 2 +- .../advanced-hunting-schema-reference.md | 2 +- .../microsoft-defender-atp/alerts-queue.md | 4 ++-- .../auto-investigation-action-center.md | 2 +- .../behavioral-blocking-containment.md | 2 +- .../configure-machines-security-baseline.md | 2 +- .../configure-proxy-internet.md | 2 +- .../configure-server-endpoints.md | 2 +- ...view-of-threat-mitigations-in-windows-10.md | 14 +++++++------- ...re-worm-targets-out-of-date-systems-wdsi.md | 4 ++-- 30 files changed, 65 insertions(+), 65 deletions(-) diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index 7284fecba7..e427a2f861 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -80,7 +80,7 @@ Windows Update takes the following sets of actions when it runs a scan. #### Starts the scan for updates When users start scanning in Windows Update through the Settings panel, the following occurs: -- The scan first generates a “ComApi” message. The caller (Windows Defender Antivirus) tells the WU engine to scan for updates. +- The scan first generates a “ComApi” message. The caller (Microsoft Defender Antivirus) tells the WU engine to scan for updates. - "Agent" messages: queueing the scan, then actually starting the work: - Updates are identified by the different IDs ("Id = 10", "Id = 11") and from the different thread ID numbers. - Windows Update uses the thread ID filtering to concentrate on one particular task. diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 55e6f693d9..8e4da6a05c 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -18,8 +18,8 @@ ms.topic: article # Monitor Windows Updates with Update Compliance > [!IMPORTANT] -> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. Two planned feature removals for Update Compliance – Windows Defender Antivirus reporting and Perspectives – are now scheduled to be removed beginning Monday, May 11, 2020. -> * The retirement of Windows Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). +> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. Two planned feature removals for Update Compliance – Microsoft Defender Antivirus reporting and Perspectives – are now scheduled to be removed beginning Monday, May 11, 2020. +> * The retirement of Microsoft Defender Antivirus reporting will begin Monday, May 11, 2020. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). > * The Perspectives feature of Update Compliance will be retired Monday, May 11, 2020. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance. ## Introduction diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md index 47ea2040ed..b61cef1778 100644 --- a/windows/deployment/update/update-compliance-using.md +++ b/windows/deployment/update/update-compliance-using.md @@ -17,7 +17,7 @@ ms.topic: article # Use Update Compliance -In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md). +In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md). Update Compliance: @@ -50,7 +50,7 @@ When you select this tile, you will be redirected to the Update Compliance works Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items: * Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10. * Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability. -* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus. +* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Microsoft Defender Antivirus. The blade also provides the time at which your Update Compliance workspace was [refreshed](#update-compliance-data-latency). diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index 302909fefa..ce2c263dfe 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -132,24 +132,24 @@ As seen with recent ransomware attacks, once called the "black plague" of the In In response to these threats and as a part of your mechanisms to resist these types of breaches so that you remain in compliance with the GDPR, Windows 10 provides built in technology, detailed below including the following: -- Windows Defender Antivirus to respond to emerging threats on data. +- Microsoft Defender Antivirus to respond to emerging threats on data. - Microsoft Edge to systemically disrupt phishing, malware, and hacking attacks. - Windows Defender Device Guard to block all unwanted applications on client machines. #### Responding to emerging data threats -Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. In Windows 10, it uses a multi-pronged approach to improve antimalware: +Microsoft Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. In Windows 10, it uses a multi-pronged approach to improve antimalware: - **Cloud-delivered protection.** Helps to detect and block new malware within seconds, even if the malware has never been seen before. -- **Rich local context.** Improves how malware is identified. Windows 10 informs Windows Defender Antivirus not only about content like files and processes, but also where the content came from, where it's been stored, and more. +- **Rich local context.** Improves how malware is identified. Windows 10 informs Microsoft Defender Antivirus not only about content like files and processes, but also where the content came from, where it's been stored, and more. -- **Extensive global sensors.** Help to keep Windows Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. +- **Extensive global sensors.** Help to keep Microsoft Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data. -- **Tamper proofing.** Helps to guard Windows Defender Antivirus itself against malware attacks. For example, Windows Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Windows Defender Antivirus components, its registry keys, and so on. +- **Tamper proofing.** Helps to guard Microsoft Defender Antivirus itself against malware attacks. For example, Microsoft Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Microsoft Defender Antivirus components, its registry keys, and so on. -- **Enterprise-level features.** Give IT pros the tools and configuration options necessary to make Windows Defender Antivirus an enterprise-class antimalware solution. +- **Enterprise-level features.** Give IT pros the tools and configuration options necessary to make Microsoft Defender Antivirus an enterprise-class antimalware solution. #### Systemically disrupting phishing, malware, and hacking attacks In today’s threat landscape, your ability to provide those mechanisms should be tied to the specific data-focused attacks you face through phishing, malware and hacking due to the browser-related attacks. @@ -204,7 +204,7 @@ Among the key benefits of ATP are the following: - Built in, not bolted on - agentless with high performance and low impact, cloud-powered; easy management with no deployment. -- Single pane of glass for Windows security - explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Windows Defender Antivirus. +- Single pane of glass for Windows security - explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Microsoft Defender Antivirus. - Power of the Microsoft graph - leverages the Microsoft Intelligence Security Graph to integrate detection and exploration with Office 365 ATP subscription, to track back and respond to attacks. @@ -216,7 +216,7 @@ To provide Detection capabilities, Windows 10 improves our OS memory and kernel We continue to upgrade our detections of ransomware and other advanced attacks, applying our behavioral and machine-learning detection library to counter changing attacks trends. Our historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed. Customers can also add customized detection rules or IOCs to augment the detection dictionary. -Customers asked us for a single pane of glass across the entire Windows security stack. Windows Defender Antivirus detections and Windows Defender Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network. +Customers asked us for a single pane of glass across the entire Windows security stack. Microsoft Defender Antivirus detections and Windows Defender Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network. Our alert page now includes a new process tree visualization that aggregates multiple detections and related events into a single view that helps security teams reduce the time to resolve cases by providing the information required to understand and resolve incidents without leaving the alert page. @@ -314,7 +314,7 @@ Azure Information Protection also helps your users share sensitive data in a sec - **Windows Hello for Business:** https://www.youtube.com/watch?v=WOvoXQdj-9E and https://docs.microsoft.com/windows/access-protection/hello-for-business/hello-identity-verification -- **Windows Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10 +- **Microsoft Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10 - **Windows Defender Advanced Threat Protection:** https://www.youtube.com/watch?v=qxeGa3pxIwg and https://docs.microsoft.com/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 4bbec23cef..6085890428 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1595,7 +1595,7 @@ You can disconnect from the Microsoft Antimalware Protection Service. >1. Ensure Windows and Windows Defender are fully up to date. >2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button. Then scroll down to the Tamper Protection toggle and turn it **Off**. This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link and then scroll down to the Tamper Protection toggle to set it to **Off**. -- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS** +- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS** -OR- @@ -1608,7 +1608,7 @@ You can disconnect from the Microsoft Antimalware Protection Service. You can stop sending file samples back to Microsoft. -- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Send file samples when further analysis is required** to **Never Send**. +- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **MAPS** > **Send file samples when further analysis is required** to **Never Send**. -or- @@ -1617,11 +1617,11 @@ You can stop sending file samples back to Microsoft. You can stop downloading **Definition Updates**: -- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Signature Updates** > **Define the order of sources for downloading definition updates** and set it to **FileShares**. +- **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Signature Updates** > **Define the order of sources for downloading definition updates** and set it to **FileShares**. -and- -- **Disable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Signature Updates** > **Define file shares for downloading definition updates** and set it to **Nothing**. +- **Disable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Signature Updates** > **Define file shares for downloading definition updates** and set it to **Nothing**. -or- @@ -1645,7 +1645,7 @@ You can turn off **Enhanced Notifications** as follows: -or- -- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **Reporting**. +- **Enable** the Group Policy **Turn off enhanced notifications** under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Defender Antivirus** > **Reporting**. -or- diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 6367bb1968..789a9029a6 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -398,7 +398,7 @@ The following endpoint is used to retrieve Skype configuration values. To turn o ## Windows Defender The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. -If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Windows Defender Antivirus cloud service connections, see [Allow connections to the Windows Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). +If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender), the device will not use Cloud-based Protection. For a detailed list of Microsoft Defender Antivirus cloud service connections, see [Allow connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus#allow-connections-to-the-windows-defender-antivirus-cloud-service). | Source process | Protocol | Destination | |----------------|----------|------------| diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 73ccd75c12..ef7ec52739 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -74,7 +74,7 @@ This type of data includes details about the health of the device, operating sys | Category Name | Description and Examples | | - | - | |Device health and crash data | Information about the device and software health such as: