Key sequences blocked by assigned access |
When in assigned access, some key combinations are blocked for assigned access users.
-Alt+F4, Alt+Shift+TaB, Alt+Tab are not blocked by Assigned Access, it is recommended you use Keyboard Filter to block these key combinations.
+Alt+F4, Alt+Shift+Tab, Alt+Tab are not blocked by Assigned Access, it is recommended you use Keyboard Filter to block these key combinations.
Ctrl+Alt+Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in WEKF_Settings.
From 9e1a23372ae34481026d2e37b085fc1ffcc0629b Mon Sep 17 00:00:00 2001
From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com>
Date: Tue, 21 Jul 2020 14:52:42 -0700
Subject: [PATCH 13/32] Update hello-how-it-works-authentication.md
Added notes to call out remote work related feedback that requires LoS to DC in key-trust and cert-trust as pre reqs for first time logon.
---
.../hello-for-business/hello-how-it-works-authentication.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
index c75524b41e..cb21e54fe3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
@@ -74,6 +74,9 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
|F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.|
|G | The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory. Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.
The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.
The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT.|
+> [!IMPORTANT]
+> In the above deployment model, a newly provisioned user will not be able to sign in using Windows Hello for Business until (a) Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory and (b) device has line of sight to the domain controller for the first time.
+
## Hybrid Azure AD join authentication using a Certificate
@@ -87,3 +90,5 @@ Azure Active Directory joined devices authenticate to Azure during sign-in and c
|F | While Windows loads the user's desktop, lsass passes the collected credentials to the Cloud Authentication security support provider, referred to as the Cloud AP provider. The Cloud AP provider requests a nonce from Azure Active Directory. Azure AD returns a nonce.|
|G | The Cloud AP provider signs the nonce using the user's private key and returns the signed nonce to the Azure Active Directory. Azure Active Directory validates the signed nonce using the user's securely registered public key against the nonce signature. After validating the signature, Azure AD then validates the returned signed nonce. After validating the nonce, Azure AD creates a PRT with session key that is encrypted to the device's transport key and returns it to the Cloud AP provider.
The Cloud AP provider receives the encrypted PRT with session key. Using the device's private transport key, the Cloud AP provider decrypt the session key and protects the session key using the device's TPM.
The Cloud AP provider returns a successful authentication response to lsass. Lsass caches the PRT.|
+> [!IMPORTANT]
+> In the above deployment model, a newly provisioned user will not be able to sign in using Windows Hello for Business unless the device has line of sight to the domain controller for the first time.
From 1c1d6d63459d9fe76e3116a98cfe905494b7cd5d Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Tue, 21 Jul 2020 15:05:03 -0700
Subject: [PATCH 14/32] Update policy-csps-supported-by-surface-hub.md
---
.../mdm/policy-csps-supported-by-surface-hub.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
index b32eded81d..a9afda6609 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
@@ -15,8 +15,8 @@ ms.date: 07/22/2020
# Policy CSPs supported by Microsoft Surface Hub
-- [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
-- [ApplicationManagement/AllowDeveloperUnlock](mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock)
+-[ApplicationManagement/AllowAppStoreAutoUpdate] (https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowDeveloperUnlock](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock)
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
@@ -65,7 +65,7 @@ ms.date: 07/22/2020
- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
-- [RestrictedGroups/ConfigureGroupMembership](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-restrictedgroups)
+- [RestrictedGroups/ConfigureGroupMembership](https://docs.microsoft.com/windows/client-management/https://docs.microsoft.com/windows/client-management/mdm/policy-csp-restrictedgroups)
- [TextInput/AllowIMELogging](policy-csp-textinput.md#textinput-allowimelogging)
- [TextInput/AllowIMENetworkAccess](policy-csp-textinput.md#textinput-allowimenetworkaccess)
- [TextInput/AllowInputPanel](policy-csp-textinput.md#textinput-allowinputpanel)
@@ -79,7 +79,7 @@ ms.date: 07/22/2020
- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
- [Wifi/AllowInternetSharing](policy-csp-wifi#wifi-allowinternetsharing)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration)
-- [Wifi/AllowWiFi](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-wifi#wifi-allowwifi)
+- [Wifi/AllowWiFi](https://docs.microsoft.com/windows/client-management/https://docs.microsoft.com/windows/client-management/mdm/policy-csp-wifi#wifi-allowwifi)
- [WiFi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
- [Wifi/AllowWiFiDirect](policy-csp-wifi#wifi-allowwifidirect)
- [WirelessDisplay/AllowMdnsAdvertisement](
From ff56184cdfc87a3e7d1532b52cba65cfeb6a2689 Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Tue, 21 Jul 2020 15:30:32 -0700
Subject: [PATCH 15/32] Update policy-csps-supported-by-surface-hub.md
corrects links
---
.../policy-csps-supported-by-surface-hub.md | 20 +++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
index a9afda6609..bf80772c59 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
@@ -77,23 +77,23 @@ ms.date: 07/22/2020
- [TextInput/ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208)
- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc)
- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
-- [Wifi/AllowInternetSharing](policy-csp-wifi#wifi-allowinternetsharing)
+- [Wifi/AllowInternetSharing](https://docs.microsoft.com/windows/client-management/policy-csp-wifi#wifi-allowinternetsharing)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration)
-- [Wifi/AllowWiFi](https://docs.microsoft.com/windows/client-management/https://docs.microsoft.com/windows/client-management/mdm/policy-csp-wifi#wifi-allowwifi)
-- [WiFi/AllowWiFiHotSpotReporting](policy-csp-wifi.md#wifi-allowwifihotspotreporting)
-- [Wifi/AllowWiFiDirect](policy-csp-wifi#wifi-allowwifidirect)
-- [WirelessDisplay/AllowMdnsAdvertisement](
+- [Wifi/AllowWiFi](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-wifi#wifi-allowwifi)
+- [WiFi/AllowWiFiHotSpotReporting](https://docs.microsoft.com/windows/client-management/policy-csp-wifi.md#wifi-allowwifihotspotreporting)
+- [Wifi/AllowWiFiDirect](https://docs.microsoft.com/windows/client-management/policy-csp-wifi#wifi-allowwifidirect)
+- [WirelessDisplay/AllowMdnsAdvertisement](https://docs.microsoft.com/windows/client-management/
policy-csp-wirelessdisplay#wirelessdisplay-allowmdnsadvertisement)
- [WirelessDisplay/AllowMdnsDiscovery](
policy-csp-wirelessdisplay#wirelessdisplay-allowmdnsdiscovery)
-- [WirelessDisplay/AllowProjectionFromPC](policy-csp-wirelessdisplay#wirelessdisplay-allowprojectionfrompc)
+- [WirelessDisplay/AllowProjectionFromPC](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectionfrompc)
- [WirelessDisplay/AllowProjectionFromPCOverInfrastructure](policy-csp-wirelessdisplay#wirelessdisplay-allowprojectionfrompcoverinfrastructure)
-- [WirelessDisplay/AllowProjectionToPC](policy-csp-wirelessdisplay#wirelessdisplay-allowprojectiontopc)
-- [WirelessDisplay/AllowProjectionToPCOverInfrastructure](policy-csp-wirelessdisplay#wirelessdisplay-allowprojectiontopcoverinfrastructure)
+- [WirelessDisplay/AllowProjectionToPC](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectiontopc)
+- [WirelessDisplay/AllowProjectionToPCOverInfrastructure](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectiontopcoverinfrastructure)
- [WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver](
-policy-csp-wirelessdisplay#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver)
+https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver)
- [WirelessDisplay/RequirePinForPairing](
-policy-csp-wirelessdisplay#wirelessdisplay-requirepinforpairing)
+https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-requirepinforpairing)
## Related topics
From 72d752e7661e6dc8931500c817da4a8571af30eb Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Tue, 21 Jul 2020 15:31:42 -0700
Subject: [PATCH 16/32] Update policy-csps-supported-by-surface-hub.md
---
.../mdm/policy-csps-supported-by-surface-hub.md | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
index bf80772c59..1bad51c8b3 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
@@ -78,22 +78,18 @@ ms.date: 07/22/2020
- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc)
- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis)
- [Wifi/AllowInternetSharing](https://docs.microsoft.com/windows/client-management/policy-csp-wifi#wifi-allowinternetsharing)
-- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi#wifi-allowmanualwificonfiguration)
+- [Wifi/AllowManualWiFiConfiguration](https://docs.microsoft.com/windows/client-management/policy-csp-wifi#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-wifi#wifi-allowwifi)
- [WiFi/AllowWiFiHotSpotReporting](https://docs.microsoft.com/windows/client-management/policy-csp-wifi.md#wifi-allowwifihotspotreporting)
- [Wifi/AllowWiFiDirect](https://docs.microsoft.com/windows/client-management/policy-csp-wifi#wifi-allowwifidirect)
-- [WirelessDisplay/AllowMdnsAdvertisement](https://docs.microsoft.com/windows/client-management/
-policy-csp-wirelessdisplay#wirelessdisplay-allowmdnsadvertisement)
-- [WirelessDisplay/AllowMdnsDiscovery](
-policy-csp-wirelessdisplay#wirelessdisplay-allowmdnsdiscovery)
+- [WirelessDisplay/AllowMdnsAdvertisement](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowmdnsadvertisement)
+- [WirelessDisplay/AllowMdnsDiscovery](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowmdnsdiscovery)
- [WirelessDisplay/AllowProjectionFromPC](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectionfrompc)
-- [WirelessDisplay/AllowProjectionFromPCOverInfrastructure](policy-csp-wirelessdisplay#wirelessdisplay-allowprojectionfrompcoverinfrastructure)
+- [WirelessDisplay/AllowProjectionFromPCOverInfrastructure](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectionfrompcoverinfrastructure)
- [WirelessDisplay/AllowProjectionToPC](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectiontopc)
- [WirelessDisplay/AllowProjectionToPCOverInfrastructure](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowprojectiontopcoverinfrastructure)
-- [WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver](
-https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver)
-- [WirelessDisplay/RequirePinForPairing](
-https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-requirepinforpairing)
+- [WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver)
+- [WirelessDisplay/RequirePinForPairing](https://docs.microsoft.com/windows/client-management/policy-csp-wirelessdisplay#wirelessdisplay-requirepinforpairing)
## Related topics
From efb707359c10c2f6b4ec0415ce0a0818b6e8030b Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Tue, 21 Jul 2020 19:45:38 -0700
Subject: [PATCH 17/32] Update policy-csps-supported-by-surface-hub.md
---
.../mdm/policy-csps-supported-by-surface-hub.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
index 1bad51c8b3..bb3bcc976c 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
@@ -15,7 +15,7 @@ ms.date: 07/22/2020
# Policy CSPs supported by Microsoft Surface Hub
--[ApplicationManagement/AllowAppStoreAutoUpdate] (https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
+- [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock)
- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
From 195785081e6be0e3ac582d2fb982947280042b53 Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Tue, 21 Jul 2020 21:29:12 -0700
Subject: [PATCH 18/32] Update policy-csps-supported-by-surface-hub.md
---
.../mdm/policy-csps-supported-by-surface-hub.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
index bb3bcc976c..f265b57c4e 100644
--- a/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policy-csps-supported-by-surface-hub.md
@@ -17,7 +17,7 @@ ms.date: 07/22/2020
- [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)
- [ApplicationManagement/AllowDeveloperUnlock](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock)
-- [Accounts/AllowMicrosoftAccountConnection](policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
+- [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection)
- [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)
- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)
- [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy)
From 2c71dab7fca0e89e47468c733b8c43c9bb42f727 Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Tue, 21 Jul 2020 21:51:56 -0700
Subject: [PATCH 19/32] Update configuration-service-provider-reference.md
---
.../mdm/configuration-service-provider-reference.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 81d5779e45..9648c1ff7b 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2744,10 +2744,10 @@ The following list shows the CSPs supported in HoloLens devices:
## CSPs supported in Microsoft Surface Hub
-- [Accounts CSP](accounts-csp)9 **Note:** Support in Surface Hub is limited to **Domain\ComputerName**.
+- [Accounts CSP](accounts-csp.md)9 **Note:** Support in Surface Hub is limited to **Domain\ComputerName**.
- [AccountManagement CSP](accountmanagement-csp.md)
- [APPLICATION CSP](application-csp.md)
-- [Bitlocker-csp](bitlocker-csp)9
+- [Bitlocker-csp](bitlocker-csp.md)9
- [CertificateStore CSP](certificatestore-csp.md)
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)
- [Defender CSP](defender-csp.md)
@@ -2759,7 +2759,7 @@ The following list shows the CSPs supported in HoloLens devices:
- [DMAcc CSP](dmacc-csp.md)
- [DMClient CSP](dmclient-csp.md)
- [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
-- [Firewall-csp](firewall-csp)9
+- [Firewall-csp](firewall-csp.md)9
- [HealthAttestation CSP](healthattestation-csp.md)
- [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
- [NodeCache CSP](nodecache-csp.md)
@@ -2771,9 +2771,9 @@ The following list shows the CSPs supported in HoloLens devices:
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
- [SurfaceHub CSP](surfacehub-csp.md)
- [UEFI CSP](uefi-csp.md)
-- [Wifi-csp](wifi-csp)9
+- [Wifi-csp](wifi-csp.md)9
- [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md)
-- [Wirednetwork-csp](wirednetwork-csp)9
+- [Wirednetwork-csp](wirednetwork-csp.md)9
## CSPs supported in Windows 10 IoT Core
From 754027d1713d097647ac5a04f2e311c71ed08d32 Mon Sep 17 00:00:00 2001
From: EfiKliger <45028856+EfiKliger@users.noreply.github.com>
Date: Wed, 22 Jul 2020 10:36:11 +0300
Subject: [PATCH 20/32] Update indicator-certificates.md
---
.../microsoft-defender-atp/indicator-certificates.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
index e0233b7ae1..a60e510583 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md
@@ -18,7 +18,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Create indicators based on certificates (preview)
+# Create indicators based on certificates
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@@ -69,4 +69,4 @@ It's important to understand the following requirements prior to creating indica
- [Create indicators](manage-indicators.md)
- [Create indicators for files](indicator-file.md)
- [Create indicators for IPs and URLs/domains](indicator-ip-domain.md)
-- [Manage indicators](indicator-manage.md)
\ No newline at end of file
+- [Manage indicators](indicator-manage.md)
From 812a6541eb0b0d9891c44d839fc88722b966c94f Mon Sep 17 00:00:00 2001
From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com>
Date: Wed, 22 Jul 2020 04:08:48 -0700
Subject: [PATCH 21/32] Change ownership contact
Change ownership contact
---
.../windows-endpoints-1903-non-enterprise-editions.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index 43a5191c6b..d7c0067220 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -8,11 +8,11 @@ ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
author: mikeedgar
-ms.author: sanashar
-manager: sanashar
+ms.author: obezeajo
+manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 5/9/2019
+ms.date: 7/22/2019
---
# Windows 10, version 1903, connection endpoints for non-Enterprise editions
From 1df43f5a2d58bf669c681d640e6f29a9867dbfd9 Mon Sep 17 00:00:00 2001
From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com>
Date: Wed, 22 Jul 2020 04:10:23 -0700
Subject: [PATCH 22/32] Changed ownership contact
Changed ownership contact
---
windows/privacy/manage-windows-1903-endpoints.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index 9d9c6e8fe4..580f8b4425 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -7,12 +7,12 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
-author: danihalfin
-ms.author: dansimp
-manager: sanashar
+author: obezeajo
+ms.author: obezeajo
+manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 5/3/2019
+ms.date: 7/22/2020
---
# Manage connection endpoints for Windows 10 Enterprise, version 1903
From 70b19905d84388325d3a784773989a42e928989a Mon Sep 17 00:00:00 2001
From: Obi Eze Ajoku <62227226+linque1@users.noreply.github.com>
Date: Wed, 22 Jul 2020 04:11:24 -0700
Subject: [PATCH 23/32] Update
windows-endpoints-1903-non-enterprise-editions.md
---
.../privacy/windows-endpoints-1903-non-enterprise-editions.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
index d7c0067220..c4bb922fb2 100644
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@@ -12,7 +12,7 @@ ms.author: obezeajo
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 7/22/2019
+ms.date: 7/22/2020
---
# Windows 10, version 1903, connection endpoints for non-Enterprise editions
From 39b11c25f70498bfecd2e0af71ffc2d25faa2c93 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 22 Jul 2020 17:06:10 +0500
Subject: [PATCH 24/32] Licenses requirements update
I have updated license requirements for Microsoft Defender Advanced Threat Protection.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7094
---
.../microsoft-defender-atp/minimum-requirements.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index a5cadb6150..a6aa522490 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -42,6 +42,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
> [!NOTE]
> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
+> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via CSP it does not require Microsoft Volume Licensing offers listed.
Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP).
From 95b3c018ce247f3780a727982db6b47b6ae33bc3 Mon Sep 17 00:00:00 2001
From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com>
Date: Wed, 22 Jul 2020 09:26:53 -0700
Subject: [PATCH 25/32] Update
scheduled-catch-up-scans-microsoft-defender-antivirus.md
added the below note under "Start scheduled scans only when the endpoint is not in use":
These scans will not honor the CPU throttling configuration and take full advantage of the resources available to complete the scan as fast as possible.
---
.../scheduled-catch-up-scans-microsoft-defender-antivirus.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index a155de8626..8c3130a2e5 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -109,10 +109,13 @@ See the following for more information and allowed parameters:
-## Start scheduled scans only when the endpoint is not in use
+## tart scheduled scans only when the endpoint is not in use
You can set the scheduled scan to only occur when the endpoint is turned on but not in use with Group Policy, PowerShell, or WMI.
+> [!NOTE]
+> These scans will not honor the CPU throttling configuration and take full advantage of the resources available to complete the scan as fast as possible.
+
**Use Group Policy to schedule scans**
Location | Setting | Description | Default setting (if not configured)
From 0e7e96ce2e860532f981594308dc497684146aca Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 22 Jul 2020 22:25:21 +0500
Subject: [PATCH 26/32] Update
windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../microsoft-defender-atp/minimum-requirements.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index a6aa522490..fa3813e24a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -42,7 +42,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
> [!NOTE]
> Eligible Licensed Users may use Microsoft Defender Advanced Threat Protection on up to five concurrent devices.
-> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via CSP it does not require Microsoft Volume Licensing offers listed.
+> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP).
From 22543b927dffbe1ff9fbaf272890451587c67c2e Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 22 Jul 2020 22:25:36 +0500
Subject: [PATCH 27/32] Update
windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
.../microsoft-defender-atp/minimum-requirements.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
index fa3813e24a..8e0bff785b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md
@@ -45,7 +45,6 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr
> Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP). When purchased via a CSP, it does not require Microsoft Volume Licensing offers listed.
-Microsoft Defender Advanced Threat Protection is also available for purchase from a Cloud Solution Provider (CSP).
Microsoft Defender Advanced Threat Protection, on Windows Server, requires one of the following licensing options:
From d85cf19ae2f4cfbd1fbea823e32de1c5d7ceb643 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Wed, 22 Jul 2020 10:43:09 -0700
Subject: [PATCH 28/32] Update
scheduled-catch-up-scans-microsoft-defender-antivirus.md
---
...h-up-scans-microsoft-defender-antivirus.md | 35 ++++++++-----------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index 8c3130a2e5..ce7ad86555 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.custom: nextgen
-ms.date: 12/10/2018
+ms.date: 07/22/2020
ms.reviewer:
manager: dansimp
---
@@ -71,7 +71,7 @@ Scheduled scans will run at the day and time you specify. You can use Group Poli
>[!NOTE]
>If a computer is unplugged and running on battery during a scheduled full scan, the scheduled scan will stop with event 1002, which states that the scan stopped before completion. Microsoft Defender Antivirus will run a full scan at the next scheduled time.
-**Use Group Policy to schedule scans:**
+### Use Group Policy to schedule scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
@@ -80,7 +80,7 @@ Scan | Specify the day of the week to run a scheduled scan | Specify the day (or
Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am
Root | Randomize scheduled task times |In Microsoft Defender Antivirus: Randomize the start time of the scan to any interval from 0 to 4 hours.
In FEP/SCEP: randomize to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments. | Enabled
-**Use PowerShell cmdlets to schedule scans:**
+### Use PowerShell cmdlets to schedule scans
Use the following cmdlets:
@@ -94,7 +94,7 @@ Set-MpPreference -RandomizeScheduleTaskTimes
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
-**Use Windows Management Instruction (WMI) to schedule scans:**
+### Use Windows Management Instruction (WMI) to schedule scans
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@@ -109,20 +109,20 @@ See the following for more information and allowed parameters:
-## tart scheduled scans only when the endpoint is not in use
+## Start scheduled scans only when the endpoint is not in use
You can set the scheduled scan to only occur when the endpoint is turned on but not in use with Group Policy, PowerShell, or WMI.
> [!NOTE]
> These scans will not honor the CPU throttling configuration and take full advantage of the resources available to complete the scan as fast as possible.
-**Use Group Policy to schedule scans**
+### Use Group Policy to schedule scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Scan | Start the scheduled scan only when computer is on but not in use | Scheduled scans will not run, unless the computer is on but not in use | Enabled
-**Use PowerShell cmdlets:**
+### Use PowerShell cmdlets
Use the following cmdlets:
@@ -132,7 +132,7 @@ Set-MpPreference -ScanOnlyIfIdleEnabled
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
-**Use Windows Management Instruction (WMI):**
+### Use Windows Management Instruction (WMI)
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@@ -149,15 +149,14 @@ See the following for more information and allowed parameters:
Some threats may require a full scan to complete their removal and remediation. You can schedule when these scans should occur with Group Policy, PowerShell, or WMI.
-
-**Use Group Policy to schedule remediation-required scans**
+### Use Group Policy to schedule remediation-required scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Remediation | Specify the day of the week to run a scheduled full scan to complete remediation | Specify the day (or never) to run a scan. | Never
Remediation | Specify the time of day to run a scheduled full scan to complete remediation | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
-**Use PowerShell cmdlets:**
+### Use PowerShell cmdlets
Use the following cmdlets:
@@ -168,7 +167,7 @@ Set-MpPreference -RemediationScheduleTime
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
-**Use Windows Management Instruction (WMI):**
+### Use Windows Management Instruction (WMI)
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@@ -188,14 +187,14 @@ See the following for more information and allowed parameters:
You can enable a daily quick scan that can be run in addition to your other scheduled scans with Group Policy, PowerShell, or WMI.
-**Use Group Policy to schedule daily scans:**
+### Use Group Policy to schedule daily scans
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Scan | Specify the interval to run quick scans per day | Specify how many hours should elapse before the next quick scan. For example, to run every two hours, enter **2**, for once a day, enter **24**. Enter **0** to never run a daily quick scan. | Never
Scan | Specify the time for a daily quick scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am
-**Use PowerShell cmdlets to schedule daily scans:**
+### Use PowerShell cmdlets to schedule daily scans
Use the following cmdlets:
@@ -205,7 +204,7 @@ Set-MpPreference -ScanScheduleQuickTime
See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](use-powershell-cmdlets-microsoft-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Microsoft Defender Antivirus.
-**Use Windows Management Instruction (WMI) to schedule daily scans:**
+### Use Windows Management Instruction (WMI) to schedule daily scans
Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@@ -222,16 +221,12 @@ See the following for more information and allowed parameters:
You can force a scan to occur after every [protection update](manage-protection-updates-microsoft-defender-antivirus.md) with Group Policy.
-**Use Group Policy to schedule scans after protection updates**
+### Use Group Policy to schedule scans after protection updates
Location | Setting | Description | Default setting (if not configured)
---|---|---|---
Signature updates | Turn on scan after Security intelligence update | A scan will occur immediately after a new protection update is downloaded | Enabled
-
-
-
-
## Related topics
From d0fac2280eab8a69909c8db30b03c6adfdfbba4c Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 22 Jul 2020 21:27:07 +0300
Subject: [PATCH 29/32] Update offboard-machines.md
---
.../microsoft-defender-atp/offboard-machines.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 61c0948f1c..682b701bc5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -43,5 +43,5 @@ Follow the corresponding instructions depending on your preferred deployment met
- [Offboard non-Windows devices](configure-endpoints-non-windows.md#offboard-non-windows-devices)
>[!NOTE]
-> Offboarded devices will remain in the portal until [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) for the device's data will expire. The status will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
+> Offboarded devices will remain in the portal until [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) for the device's data expires. The status will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
From b0aa842360f65a47516ce351c1f4ddef015e4816 Mon Sep 17 00:00:00 2001
From: amirsc3 <42802974+amirsc3@users.noreply.github.com>
Date: Wed, 22 Jul 2020 21:37:07 +0300
Subject: [PATCH 30/32] Update offboard-machines.md
Added a sentence about filtering
---
.../microsoft-defender-atp/offboard-machines.md | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
index 682b701bc5..8303ff7803 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/offboard-machines.md
@@ -43,5 +43,6 @@ Follow the corresponding instructions depending on your preferred deployment met
- [Offboard non-Windows devices](configure-endpoints-non-windows.md#offboard-non-windows-devices)
>[!NOTE]
-> Offboarded devices will remain in the portal until [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) for the device's data expires. The status will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
-> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
+> Offboarded devices will remain in the portal until [retention period](data-storage-privacy.md#how-long-will-microsoft-store-my-data-what-is-microsofts-data-retention-policy) for the device's data expires. The status will be switched to ['Inactive'](fix-unhealthy-sensors.md#inactive-devices) 7 days after offboarding.
+> In addition, [Devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management exposure score and Microsoft Secure Score for Devices.](tvm-dashboard-insights.md)
+> To view only active devices, you can filter by [health state](machines-view-overview.md#health-state) or by [device tags](machine-tags.md) and [groups](machine-groups.md) etc.
From 43c08d7bea66ebbfe62affbfb5bd77d39e2e26bd Mon Sep 17 00:00:00 2001
From: Dani Halfin
Date: Wed, 22 Jul 2020 12:18:01 -0700
Subject: [PATCH 31/32] Removing important note > engineering feedback
---
...nfigure-network-connections-microsoft-defender-antivirus.md | 3 ---
1 file changed, 3 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
index 9c1e04a6bb..3f3d1f0b07 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus.md
@@ -114,9 +114,6 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-microsoft-defender-antivirus.md).
->[!IMPORTANT]
->You will not be able to use a proxy auto-config (.pac) file to test network connections to these URLs. You will need to verify your proxy servers and any network filtering tools manually to ensure connectivity.
-
## Related articles
- [Microsoft Defender Antivirus in Windows 10](microsoft-defender-antivirus-in-windows-10.md)
From cb4da3c3a6890a64c288aa90ad22c2df6a8fd0d7 Mon Sep 17 00:00:00 2001
From: ManikaDhiman
Date: Wed, 22 Jul 2020 12:56:43 -0700
Subject: [PATCH 32/32] Minor reorg
---
...n-mistakes-microsoft-defender-antivirus.md | 5 +++--
...exclusions-microsoft-defender-antivirus.md | 19 +++++++++++--------
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
index bbdf9fc0e5..7be3761332 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus.md
@@ -18,9 +18,10 @@ manager: dansimp
# Common mistakes to avoid when defining exclusions
You can define an exclusion list for items that you don't want Microsoft Defender Antivirus to scan. Such excluded items could contain threats that make your device vulnerable.
-See [Configure and validate exclusions for Microsoft Defender Antivirus scans](configure-exclusions-microsoft-defender-antivirus.md) for more information.
-Also, see [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions) before defining your exclusion lists.
+This topic describes some common mistake that you should avoid when defining exclusions.
+
+Before defining your exclusion lists, see [Recommendations for defining exclusions](configure-exclusions-microsoft-defender-antivirus.md#recommendations-for-defining-exclusions).
## Excluding certain trusted items
There are certain files, file types, folders, or processes that you should not exclude from scanning even though you trust them to be not malicious. Refer to the following section for items that you should not exclude from scanning.
diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
index d0b737f37f..0e81659418 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus.md
@@ -25,22 +25,25 @@ manager: dansimp
You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender Antivirus scans. Such exclusions apply to [scheduled scans](scheduled-catch-up-scans-microsoft-defender-antivirus.md), [on-demand scans](run-scan-microsoft-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-microsoft-defender-antivirus.md). Exclusions for process-opened files only apply to real-time protection.
-## Recommendations for defining exclusions
+## Configure and validate exclusions
+
+To configure and validate exclusions, see the following:
+
+- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from Microsoft Defender Antivirus scans based on their file extension, file name, or location.
+
+- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from scans that have been opened by a specific process.
+
+## Recommendations for defining exclusions
+
Defining exclusions lowers the protection offered by Microsoft Defender Antivirus. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
The following is a list of recommendations that you should keep in mind when defining exclusions:
+
- Exclusions are technically a protection gap—always consider additional mitigations when defining exclusions. Additional mitigations could be as simple as making sure the excluded location has the appropriate access-control lists (ACLs), audit policy, is processed by an up-to-date software, etc.
- Review the exclusions periodically. Re-check and re-enforce the mitigations as part of the review process.
- Ideally, avoid defining proactive exclusions. For instance, don't exclude something just because you think it might be a problem in the future. Use exclusions only for specific issues—mostly around performance, or sometimes around application compatibility that exclusions could mitigate.
- Audit the exclusion list changes. The security admin should preserve enough context around why a certain exclusion was added. You should be able to provide answer with specific reasoning as to why a certain path was excluded.
-## Configure and validate exclusions
-
-To configure and validate exclusions, see the following:
-- [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from Microsoft Defender Antivirus scans based on their file extension, file name, or location.
-
-- [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-microsoft-defender-antivirus.md). This enables you to exclude files from scans that have been opened by a specific process.
-
## Related articles
- [Microsoft Defender Antivirus exclusions on Windows Server 2016](configure-server-exclusions-microsoft-defender-antivirus.md)
|