Merge pull request #5019 from MicrosoftDocs/master

Publish 4/6/2021 10:30 AM PT
2025-05-13 05:47:23 +00:00 · 2021-04-06 10:34:51 -07:00 · 2021-04-06 10:34:51 -07:00 · 05d7ad507e
commit 05d7ad507e
parent 41e58928f6 2302910b56
3 changed files with 194 additions and 190 deletions
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -29,7 +29,7 @@ This article describes the network connections that Windows 10 components make t
 Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887) package that will allow your organization to quickly configure the settings covered in this document to restrict connections from Windows 10 to Microsoft. The Windows Restricted Traffic Limited Baseline is based on [Group Policy Administrative Template](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) functionality and the package you download contains further instructions on how to deploy to devices in your organization. Since some of the settings can reduce the functionality and security configuration of your device, **before deploying Windows Restricted Traffic Limited Functionality Baseline** make sure you **choose the right settings configuration for your environment** and **ensure that Windows and Windows Defender are fully up to date**. Failure to do so may result in errors or unexpected behavior. You should not extract this package to the windows\system32 folder because it will not apply correctly.
->[!IMPORTANT]
+> [!IMPORTANT]
 > - The downloadable Windows 10, version 1903 scripts/settings can be used on Windows 10, version 1909 devices.
 > - The Allowed Traffic endpoints are listed here: [Allowed Traffic](#bkmk-allowedtraffic)
 >     -   CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
@ -42,7 +42,7 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
 > - To restrict a device effectively (first time or subsequently), it is recommended to apply the Restricted Traffic Limited Functionality Baseline settings package in offline mode.
 > - During update or upgrade of Windows, egress traffic may occur.
-To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md)
+To use Microsoft Intune cloud-based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](./manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm.md).
 We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.
@ -260,8 +260,8 @@ On Windows Server 2016 Nano Server:
 - Create the registry path **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates\\AuthRoot** and then add a REG_DWORD registry setting, named **DisableRootAutoUpdate**, with a value of 1.
->[!NOTE]
+> [!NOTE]
->CRL and OCSP network traffic is currently Allowed Traffic and will still show up in network traces.  CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
+> CRL and OCSP network traffic is currently Allowed Traffic and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
 ### <a href="" id="bkmk-cortana"></a>2. Cortana and Search
@ -288,7 +288,7 @@ You can also apply the Group Policies using the following registry keys:
 | Don't search the web or display web results in Search| HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search<br/>REG_DWORD: ConnectedSearchUseWeb <br/>Value: 0 |
->[!IMPORTANT]
+> [!IMPORTANT]
 > Using the Group Policy editor these steps are required for all supported versions of Windows 10, however they are not required for devices running Windows 10, version 1607 or Windows Server 2016.
 1. Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Defender Firewall with Advanced Security** &gt; **Windows Defender Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
@ -412,10 +412,10 @@ To turn off Insider Preview builds for Windows 10:
 - Create a new REG_DWORD registry setting named **AllowBuildPreview** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a **value of 0 (zero)**
 ### <a href="" id="bkmk-ie"></a>8. Internet Explorer
 > [!NOTE]
->When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:  
+> When attempting to use Internet Explorer on any edition of Windows Server be aware there are restrictions enforced by [Enhanced Security Configuration (ESC)](https://support.microsoft.com/help/815141/ie-enhanced-security-configuration-changes-browsing-experience). The following Group Policies and Registry Keys are for user interactive scenarios rather than the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings:
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@ -458,11 +458,11 @@ To turn off the home page:
  -or-
- Create a new REG_SZ registry setting named **Start Page** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
+- Create a new REG_SZ registry setting named **Start Page** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank**
  -and -
- Create a new REG_DWORD registry setting named **HomePage** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
+- Create a new REG_DWORD registry setting named **HomePage** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)**
 To configure the First Run Wizard:
@ -471,7 +471,7 @@ To configure the First Run Wizard:
  -or-
- Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
+- Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)**
 To configure the behavior for a new tab:
@ -480,7 +480,7 @@ To configure the behavior for a new tab:
  -or-
- Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
+- Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)**
 ### <a href="" id="bkmk-ie-activex"></a>8.1 ActiveX control blocking
@ -660,9 +660,9 @@ To remove the News app:
 - Right-click the app in Start, and then click **Uninstall**.
  -or-
->[!IMPORTANT]
+> [!IMPORTANT]
 > If you have any issues with these commands, restart the system and try the scripts again.
->
+
 - Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
  -and-
@ -1059,7 +1059,6 @@ If you're running at Windows 10, version 1703 up to and including Windows 10, ve
 - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
 ### <a href="" id="bkmk-priv-accounts"></a>18.7 Account info
 In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
@ -1076,8 +1075,7 @@ To turn off **Let apps access my name, picture, and other account info**:
  -or-
- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
+- Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**.
 To turn off **Choose the apps that can access your account info**:
@ -1334,7 +1332,7 @@ To turn off tailored experiences with relevant tips and recommendations by using
  -or-
- Create a REG_DWORD registry setting named **DisableTailoredExperiencesWithDiagnosticData** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of **1**
+- Create a REG_DWORD registry setting named **DisableTailoredExperiencesWithDiagnosticData** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
 ### <a href="" id="bkmk-priv-background"></a>18.17 Background apps
@ -1494,7 +1492,6 @@ To turn this Off in the UI:
 - Create a REG_DWORD registry setting named **LetAppsActivateWithVoiceAboveLock** in **HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy** with a **value of 2 (two)**
 ### <a href="" id="bkmk-spp"></a>19. Software Protection Platform
 Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
@ -1517,11 +1514,11 @@ Enterprise customers can manage their Windows activation status with volume lice
 **For Windows Server 2016:**
- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
+- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
->[!NOTE]
+> [!NOTE]
->Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
+> Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016; the **NoAcquireGT** value needs to be set instead.
->The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
+> The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
 ### <a href="" id="bkmk-storage-health"></a>20. Storage health
@ -1559,8 +1556,8 @@ To turn off Messaging cloud sync:
 You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](/previous-versions/windows/it-pro/windows-vista/cc722030(v=ws.10)).
->[!NOTE]
+> [!NOTE]
->If you disable Teredo, some XBOX gaming features and Delivery Optimization (with Group or Internet peering) will not work.
+> If you disable Teredo, some XBOX gaming features and Delivery Optimization (with Group or Internet peering) will not work.
 - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** &gt; **TCPIP Settings** &gt; **IPv6 Transition Technologies** &gt; **Set Teredo State** and set it to **Disabled State**.
@ -1571,8 +1568,8 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
 ### <a href="" id="bkmk-wifisense"></a>23. Wi-Fi Sense
->[!IMPORTANT]
+> [!IMPORTANT]
->Beginning with Windows 10, version 1803, Wi-Fi Sense is no longer available. The following section only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/en-us/windows-10-open-wi-fi-hotspots) for more details.
+> Beginning with Windows 10, version 1803, Wi-Fi Sense is no longer available. The following section only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/windows-10-open-wi-fi-hotspots) for more details.
 Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
@ -1595,10 +1592,10 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
 You can disconnect from the Microsoft Antimalware Protection Service.
->[!IMPORTANT]
+> [!IMPORTANT]
->**Required Steps BEFORE setting the Windows Defender Group Policy or RegKey on Windows 10 version 1903**
+> **Required Steps BEFORE setting the Windows Defender Group Policy or RegKey on Windows 10 version 1903**
->1. Ensure Windows and Windows Defender are fully up to date.
+> 1. Ensure Windows and Windows Defender are fully up to date.
->2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button.  Then scroll down to the Tamper Protection toggle and turn it **Off**.  This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link and then scroll down to the Tamper Protection toggle to set it to **Off**. 
+> 2. Search the Start menu for "Tamper Protection" by clicking on the search icon next to the Windows Start button. Then scroll down to the Tamper Protection toggle and turn it **Off**. This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, you can go to **Windows Security Settings -> Virus & threat protection, click on Manage Settings** link and then scroll down to the Tamper Protection toggle to set it to **Off**.
 - **Enable** the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Defender Antivirus** &gt; **MAPS** &gt; **Join Microsoft MAPS** and then select **Disabled** from the drop-down box named **Join Microsoft MAPS**
@ -1714,7 +1711,7 @@ If you're running Windows 10, version 1607 or later, you need to:
   -or-
- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_Local_Machine\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)**
+- Create a new REG_DWORD registry setting named **NoLockScreen** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a **value of 1 (one)**
 -AND-
@ -1746,7 +1743,7 @@ If you're running Windows 10, version 1607 or later, you need to:
       > with a value of **C:\\windows\\web\\screen\\lockscreen.jpg** and create a new REG_DWORD registry setting named **LockScreenOverlaysDisabled** in
       > **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization** with a value of **1 (one)**.
       >
-       > The Group Policy for the **LockScreenOverlaysDisabled** regkey is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**. 
+       > The Group Policy for the **LockScreenOverlaysDisabled** registry key is **Force a specific default lock screen and logon image** that is under **Control Panel** **Personalization**.
  \-AND-
@ -1766,8 +1763,7 @@ If you're running Windows 10, version 1607 or later, you need to:
    -or-
-  - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
+  - Create a new REG_DWORD registry setting named **DisableWindowsConsumerFeatures** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a **value of 1 (one)**
 This policy setting controls whether the lock screen appears for users. The Do not display the lock screen Group Policy should be set to Enable to prevent the lock screen from being displayed. The Group Computer Configuration\Administrative templates\Control Panel\Personalization!Do not display the lock screen.   
@ -1878,7 +1874,7 @@ You can turn off Windows Update by setting the following registry entries:
  -and-
- Add a REG_DWORD value named **UseWUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate\\AU** and set the value to 1.
+- Add a REG_DWORD value named **UseWUServer** to **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate\\AU** and set the **value to 1 (one)**.
 -OR-
@ -1904,8 +1900,7 @@ You can turn off automatic updates by doing the following. This is not recommend
 For China releases of Windows 10 there is one additional Regkey to be set to prevent traffic:
- Add a REG_DWORD value named **HapDownloadEnabled** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LexiconUpdate\\loc_0804** and set the value to 0.
+- Add a REG_DWORD value named **HapDownloadEnabled** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\LexiconUpdate\\loc_0804** and set the **value to 0 (zero)**.
 ### <a href="" id="bkmk-allowedtraffic"></a> Allowed traffic list for Windows Restricted Traffic Limited Functionality Baseline
--- a/windows/security/threat-protection/intelligence/fileless-threats.md
+++ b/windows/security/threat-protection/intelligence/fileless-threats.md
@ -102,3 +102,7 @@ Besides being vulnerable at the firmware level, CPUs could be manufactured with
 At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions to mitigate classes of threats. We instrument durable protections that are effective against a wide range of threats. Through AntiMalware Scan Interface (AMSI), behavior monitoring, memory scanning, and boot sector protection, Microsoft Defender for Endpoint](https://www.microsoft.com/windowsforbusiness?ocid=docs-fileless) can inspect fileless threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
 To learn more, read: [Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/)
 ## Additional resources and information
 Learn how to [deploy threat protection capabilities across Microsoft 365 E5](/microsoft-365/solutions/deploy-threat-protection).
--- a/windows/security/threat-protection/intelligence/understanding-malware.md
+++ b/windows/security/threat-protection/intelligence/understanding-malware.md
@ -40,6 +40,11 @@ There are many types of malware, including:
 - [Unwanted software](unwanted-software.md)
 - [Worms](worms-malware.md)
-Keep up with the latest malware news and research. Check out our [Microsoft security blogs](https://www.microsoft.com/security/blog/product/windows/) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections.
+## Additional resources and information
 - Keep up with the latest malware news and research. Check out our [Microsoft security blogs](https://www.microsoft.com/security/blog/product/windows/) and follow us on [Twitter](https://twitter.com/wdsecurity) for the latest news, discoveries, and protections.
 - Learn more about [Windows security](../../index.yml).
 - Learn how to [deploy threat protection capabilities across Microsoft 365 E5](/microsoft-365/solutions/deploy-threat-protection). 
 Learn more about [Windows security](../../index.yml).