deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-30 09:43:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1 from martyav/martyav-split-mdatp-for-mac

Browse Source 
Martyav split mdatp for mac
This commit is contained in:
Marty Hernandez Avedon
2019-05-06 10:55:59 -04:00
committed by GitHub
parent d3d9722059 fddc105b6d
commit 0bced0c43b
16 changed files with 749 additions and 564 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
devices/surface-hub/accessibility-surface-hub.md
View File

@ -5,10 +5,9 @@ ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
author: robmazz
ms.author: robmazz
ms.topic: article
ms.date: 08/16/2017
ms.localizationpriority: medium
---

BIN
devices/surface/images/sdt-install.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

7
devices/surface/microsoft-surface-brightness-control.md
View File

@ -56,9 +56,14 @@ Full Brightness | Default: 100 <br>Option: Range of 0-100 percent of screen b
| Inactivity Timeout| Default: 30 seconds <br>Option: Any numeric value <br>Data Type: Integer <br> Type: REG_DWORD | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.|
| Telemetry Enabled | Default: 01 <br>Option: 01, 00 <br> Type: REG_BINARY | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). |
## Changes and updates
### Version 1.12.239.0
*Release Date: 26 April 2019*<br>
This version of Surface Brightness Control adds support for the following:
- Touch delay fixes.
## Related topics
- [Battery limit setting](battery-limit.md)

60
devices/surface/surface-diagnostic-toolkit-business.md
View File

@ -27,13 +27,11 @@ Specifically, SDT for Business enables you to:
To run SDT for Business, download the components listed in the following table.
>[!NOTE]
>In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (msiexec.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md).
Mode | Primary scenarios | Download | Learn more
--- | --- | --- | ---
Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:<br>Microsoft Surface Diagnostic Toolkit for Business Installer<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br><br>**Note:** Support for the ability to confirm warranty information will be available via the command `-warranty` | SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br>`-warranty` checks warranty information. <br><br>| SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
## Supported devices
@ -57,16 +55,40 @@ SDT for Business is supported on Surface 3 and later devices, including:
## Installing Surface Diagnostic Toolkit for Business
To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
To create an SDT package that you can distribute to users in your organization:
1. Sign in to your Surface device using the Administrator account.
2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
3. The SDT setup wizard appears, as shown in figure 1. Click **Next**.
>[!NOTE]
>If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer.
![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png)
*Figure 1. Surface Diagnostic Toolkit setup wizard*
4. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA)
5. On the Install Options screen, change the default install location if desired.
6. Under Setup Type, select **Advanced**.
>[!NOTE]
>The standard option allows users to run the diagnostic tool directly on their Surface device provided they are signed into their device using an Administrator account.
![Install Options: Advanced](images/sdt-install.png)
7. Click **Next** and then click **Install**.
## Installing using the command line
If desired, you can install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
- `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry.
- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`.
**To install SDT in ADMINMODE:**
### To install SDT from the command line:
1. Sign in to your Surface device using the Administrator account.
2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
3. Open a command prompt and enter:
1. Open a command prompt and enter:
```
msiexec.exe /i <the path of installer> ADMINMODE=1.
@ -77,19 +99,6 @@ To create an SDT package that you can distribute to users in your organization,
C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1
```
4. The SDT setup wizard appears, as shown in figure 1. Click **Next**.
>[!NOTE]
>If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer.
![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png)
*Figure 1. Surface Diagnostic Toolkit setup wizard*
5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package.
6. Click **Next** and then click **Install**.
## Locating SDT on your Surface device
Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`.
@ -154,7 +163,14 @@ You can select to run a wide range of logs across applications, drivers, hardwar
- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
## Changes and updates
### Version 2.36.139.0
*Release date: April 26, 2019*<br>
This version of Surface Diagnostic Toolkit for Business adds support for the following:
- Advanced Setup option to unlock admin capabilities through the installer UI, without requiring command line configuration.
- Accessibility improvements.
- Surface brightness control settings included in logs.
- External monitor compatibility support link in report generator.

18
windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
View File

@ -65,16 +65,17 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='341msg'></div><b>Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007</b><br>Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications, you may receive an error.<br><br><a href = '#341msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 02, 2019 <br>04:47 PM PT</td></tr>
<tr><td><div id='339msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>After installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#339msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 02, 2019 <br>04:36 PM PT</td></tr>
<tr><td><div id='325msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#325msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='187msg'></div><b>Custom URI schemes may not start corresponding application</b><br>Custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites in Internet Explorer.<br><br><a href = '#187msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='239msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may cause the connection to the WDS server to terminate prematurely.<br><br><a href = '#239msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='318msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#318msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='167msg'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><br>Upgrade block: Microsoft has identified issues with certain new Intel display drivers, which accidentally turn on unsupported features in Windows.<br><br><a href = '#167msgdesc'>See details ></a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>March 15, 2019 <br>12:00 PM PT</td></tr>
<tr><td><div id='318msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".<br><br><a href = '#318msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>January 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='231msg'></div><b>End-user-defined characters (EUDC) may cause blue screen at startup</b><br>If you enable per font end-user-defined characters (EUDC), the system may stop working and a blue screen may appear at startup. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 17763.404<br><br>April 02, 2019<br><a href ='https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='240msg'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><br>Internet Explorer 11 users may encounter issues if two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine.<br><br><a href = '#240msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='219msg'></div><b>MSXML6 may cause applications to stop responding </b><br>MSXML6 may cause applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().<br><br><a href = '#219msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='326msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#326msgdesc'>See details ></a></td><td>OS Build 17763.316<br><br>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487044' target='_blank'>KB4487044</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td><div id='158msg'></div><b>Apps may stop working after selecting an audio output device other than the default</b><br>Users with multiple audio devices that select an audio output device different from the \"Default Audio Device\" may find certain applications stop working unexpectedly.<br><br><a href = '#158msgdesc'>See details ></a></td><td>OS Build 17763.348<br><br>March 01, 2019<br><a href ='https://support.microsoft.com/help/4482887' target='_blank'>KB4482887</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>April 02, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -85,6 +86,16 @@ sections:
<div>
</div>
"
- title: May 2019
- items:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='341msgdesc'></div><b>Printing from Microsoft Edge or other UWP apps, you may receive the error 0x80070007</b><div>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong>You can use another browser, such as Internet Explorer to print your documents.</div><div>&nbsp;</div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#341msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 02, 2019 <br>04:47 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:47 PM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='339msgdesc'></div><b>Devices with some Asian language packs installed may receive an error</b><div>After installing <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong></div><ol><li>Uninstall and reinstall any recently added language packs.&nbsp;For instructions, see \"<a href=\"https://support.microsoft.com/help/4496404/windows-10-manage-the-input-and-display-language\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>\".</li><li>Click <strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see \"<a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>\".</li><li>Reset your PC:</li><li class=\"ql-indent-1\">Go to <strong>Settings app</strong> -&gt; <strong>Recovery</strong>.</li><li class=\"ql-indent-1\">Click on <strong>Get Started</strong> under <strong>\"Reset this PC\"</strong> recovery option.</li><li class=\"ql-indent-1\">Select <strong>\"Keep my Files\"</strong>.</li></ol><div><br></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#339msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 02, 2019 <br>04:36 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:36 PM PT</td></tr>
</table>
"
- title: April 2019
- items:
- type: markdown
@ -103,7 +114,6 @@ sections:
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='187msgdesc'></div><b>Custom URI schemes may not start corresponding application</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, custom URI schemes for application protocol handlers may not start the corresponding application for local intranet and trusted sites security zones on Internet Explorer.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround:</strong> Right-click the URL link to open it in a new window or tab, or enable Protected Mode in Internet Explorer for local intranet and trusted sites</div><ol><li>Go to <strong>Tools &gt; Internet options </strong>&gt;<strong> Security</strong>.</li><li>Within <strong>Select a zone to view of change security settings</strong>, select <strong>Local intranet</strong> and then select <strong>Enable Protected Mode</strong>.</li><li>Select <strong>Trusted Sites</strong> and then select <strong>Enable Protected Mode</strong>.&nbsp;</li><li>Select&nbsp;<strong>OK</strong>.</li></ol><div>You must restart the browser after making these changes.&nbsp;</div><div>&nbsp;</div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#187msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='239msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround:</strong> To mitigate the issue, disable the Variable Window Extension on WDS server using one of the following options:</div><div><br></div><div><strong>Option 1:</strong></div><div>Open an Administrator Command prompt and type the following:</div><pre class=\"ql-syntax\" spellcheck=\"false\">Wdsutil /Set-TransportServer /EnableTftpVariableWindowExtension:No&nbsp;
</pre><div><br></div><div><strong>Option 2:</strong></div><div>Use the Windows Deployment Services UI to make the following adjustment:&nbsp;</div><ol><li>Open Windows Deployment Services from Windows Administrative Tools.&nbsp;</li><li>Expand Servers and right-click a WDS server.&nbsp;</li><li>Open its properties and clear the <strong>Enable Variable Window Extension</strong> box on the TFTP tab.</li></ol><div><strong>Option 3:</strong></div><div>Set the following registry value to 0:</div><div>HKLM\\System\\CurrentControlSet\\Services\\WDSServer\\Providers\\WDSTFTP\\EnableVariableWindowExtension&nbsp;&nbsp;</div><div><br></div><div>Restart the WDSServer service after disabling the Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Next steps:</strong> Microsoft is working on a resolution and will provide an update in an upcoming release.&nbsp;</div><br><a href ='#239msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='158msgdesc'></div><b>Apps may stop working after selecting an audio output device other than the default</b><div>After installing <a href=\"https:\\\\support.microsoft.com\\help\\4482887\" target=\"_blank\">KB4482887</a> on machines that have multiple audio devices, applications that provide advanced options for internal or external audio output devices may stop working unexpectedly. This issue occurs for users that select an audio output device different from the \"Default Audio Device\". Examples of applications that may stop working include:&nbsp;</div><ul><li>Windows Media Player&nbsp;</li><li>Realtek HD Audio Manager&nbsp;</li><li>Sound Blaster Control Panel&nbsp;</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4490481\" target=\"_blank\">KB4490481</a>.&nbsp;</div><br><a href ='#158msg'>Back to top</a></td><td>OS Build 17763.348<br><br>March 01, 2019<br><a href ='https://support.microsoft.com/help/4482887' target='_blank'>KB4482887</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4490481' target='_blank'>KB4490481</a></td><td>Resolved:<br>April 02, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 01, 2019 <br>10:00 AM PT</td></tr>
</table>
"
@ -121,7 +131,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='318msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#318msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>January 08, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='318msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesnt have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesnt have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#318msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='240msgdesc'></div><b>Internet Explorer 11 authentication issue with multiple concurrent logons</b><div>After installing <a href=\"https://support.microsoft.com/help/4480116\" target=\"_blank\">KB4480116</a>, Internet Explorer 11 and other applications that use WININET.DLL may have authentication issues. This occurs when two or more people use the same user account for multiple, concurrent login sessions on the same Windows Server machine, including Remote Desktop Protocol (RDP) and Terminal Server logons. Symptoms reported by customers include, but may not be limited to:&nbsp;</div><ul><li>Cache size and location show zero or empty.&nbsp;</li><li>Keyboard shortcuts may not work properly.&nbsp;</li><li>Webpages may intermittently fail to load or render correctly.&nbsp;</li><li>Issues with credential prompts.&nbsp;</li><li>Issues when downloading files.&nbsp;</li></ul><div></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2;&nbsp;Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution</strong>: This issue was resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.&nbsp;</div><br><a href ='#240msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='219msgdesc'></div><b>MSXML6 may cause applications to stop responding </b><div>After installing <a href=\"https://support.microsoft.com/help/4480116\" target=\"_blank\">KB4480116</a>, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as <strong>appendChild()</strong>, <strong>insertBefore()</strong>, and <strong>moveNode()</strong>.</div><div>&nbsp;</div><div>The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong> This issue was resolved in <a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>.&nbsp;</div><br><a href ='#219msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Resolved:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
</table>

4
windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='255msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#255msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='345msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#345msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>08:50 AM PT</td></tr>
<tr><td><div id='258msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#258msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489878' target='_blank'>KB4489878</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='254msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#254msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='256msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#256msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -85,7 +85,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='255msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#255msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='345msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the&nbsp;<a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#345msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>08:50 AM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='254msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#254msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='256msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493472\" target=\"_blank\">KB4493472</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#256msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='324msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: &nbsp;Windows 8.1; Windows 7 SP1</li><li>Server: &nbsp;Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>Guidance for McAfee customers can be found in the following McAfee support articles:&nbsp;</div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a></li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a></li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a></li></ul><div></div><div><strong>Next steps: </strong>We are presently investigating this issue with McAfee. We will provide an update once we have more information.</div><br><a href ='#324msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493472' target='_blank'>KB4493472</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>

4
windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='282msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#282msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='344msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#344msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>08:50 AM PT</td></tr>
<tr><td><div id='279msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.<br><br><a href = '#279msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='280msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#280msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='283msg'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><br>Devices with ArcaBit antivirus software installed may become unresponsive upon restart.<br><br><a href = '#283msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -86,7 +86,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='282msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#282msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='344msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2&nbsp;</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the&nbsp;<a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#344msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>08:50 AM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='280msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#280msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='283msgdesc'></div><b>System may be unresponsive after restart if ArcaBit antivirus software installed</b><div>Microsoft and ArcaBit have identified an issue on devices with ArcaBit antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493446\" target=\"_blank\">KB4493446</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if ArcaBit antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>ArcaBit has released an update to address this issue. For more information, see the <a href=\"https://www.arcabit.pl/wsparcie-techniczne.html\" target=\"_blank\">Arcabit support article</a>.</div><br><a href ='#283msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='336msgdesc'></div><b>System may be unresponsive after restart with certain McAfee antivirus products</b><div>Microsoft and McAfee have identified an issue on devices with McAfee Endpoint Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup or become unresponsive at restart after installing this update.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: &nbsp;Windows 8.1; Windows 7 SP1</li><li>Server: &nbsp;Windows Server 2012 R2; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Workaround: </strong>Guidance for McAfee customers can be found in the following McAfee support articles:&nbsp;&nbsp;</div><ul><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91465\" target=\"_blank\">McAfee Security (ENS) Threat Prevention 10.x</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91466\" target=\"_blank\">McAfee Host Intrusion Prevention (Host IPS) 8.0</a>&nbsp;</li><li><a href=\"https://kc.mcafee.com/corporate/index?page=content&amp;id=KB91467\" target=\"_blank\">McAfee VirusScan Enterprise (VSE) 8.8</a>&nbsp;</li></ul><div></div><div><strong>Next steps:</strong> We are presently investigating this issue with McAfee. We will provide an update once we have more information.&nbsp;</div><br><a href ='#336msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493446' target='_blank'>KB4493446</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 18, 2019 <br>05:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>

4
windows/release-information/status-windows-server-2008-sp2.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='294msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#294msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='343msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#343msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>08:51 AM PT</td></tr>
<tr><td><div id='293msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#293msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='300msg'></div><b>Authentication may fail for services after the Kerberos ticket expires</b><br>Authentication may fail for services that require unconstrained delegation after the Kerberos ticket expires.<br><br><a href = '#300msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489880' target='_blank'>KB4489880</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='295msg'></div><b>Embedded objects may display incorrectly</b><br>Any compound document (OLE) server application that places embedded objects into the Windows Metafile (WMF) using the PatBlt API may display embedded objects incorrectly.<br><br><a href = '#295msgdesc'>See details ></a></td><td>February 12, 2019<br><a href ='https://support.microsoft.com/help/4487023' target='_blank'>KB4487023</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
@ -80,7 +80,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='294msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps</strong>: We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#294msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='343msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps</strong>: Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a></div><br><a href ='#343msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>08:51 AM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='293msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493471\" target=\"_blank\">KB4493471</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#293msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493471' target='_blank'>KB4493471</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
</table>
"

4
windows/release-information/status-windows-server-2012.yml
View File

@ -60,7 +60,7 @@ sections:
- type: markdown
text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
<table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
<tr><td><div id='313msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#313msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='342msg'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><br>Devices with Avira antivirus software installed may become unresponsive upon restart.<br><br><a href = '#342msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>08:51 AM PT</td></tr>
<tr><td><div id='311msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension.<br><br><a href = '#311msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='312msg'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><br>Devices with Sophos Endpoint Protection installed and managed by Sophos Central or Sophos Enterprise Console (SEC) may become unresponsive upon restart.<br><br><a href = '#312msgdesc'>See details ></a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
<tr><td><div id='314msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”.<br><br><a href = '#314msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -82,7 +82,7 @@ sections:
- type: markdown
text: "
<table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='313msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;We are presently investigating this issue with Avira and will provide an update when available.</div><br><a href ='#313msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Investigating<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='342msgdesc'></div><b>System may be unresponsive after restart if Avira antivirus software installed</b><div>Microsoft and Avira have identified an issue on devices with Avira antivirus software installed that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if Avira antivirus software is installed.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Next steps:</strong>&nbsp;Avira has released an automatic update to address this issue. Guidance for Avira customers can be found in the <a href=\"https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1976\" target=\"_blank\">Avira support article</a>.</div><br><a href ='#342msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>08:51 AM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
<tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='312msgdesc'></div><b>System unresponsive after restart if Sophos Endpoint Protection installed</b><div>Microsoft and Sophos have identified an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to become unresponsive upon restart after installing <a href=\"https://support.microsoft.com/help/4493451\" target=\"_blank\">KB4493451</a>.</div><div><br></div><div>Microsoft has temporarily blocked devices from receiving this update if the Sophos Endpoint is installed until a solution is available.</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div>Guidance for Sophos Endpoint and Sophos Enterprise Console customers can be found in the <a href=\"https://community.sophos.com/kb/133945\" target=\"_blank\">Sophos support article</a>.</div><br><a href ='#312msg'>Back to top</a></td><td>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493451' target='_blank'>KB4493451</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 25, 2019 <br>02:00 PM PT<br><br>Opened:<br>April 09, 2019 <br>10:00 AM PT</td></tr>
</table>
"

5
windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
View File

@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 02/26/2019
ms.date: 05/02/2019
---
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
@ -70,6 +70,9 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
- Microsoft Remote Desktop
>[!NOTE]
>Microsoft Visio and Microsoft Project are not enlightended apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioining.
## List of WIP-work only apps from Microsoft
Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with WIP and MAM solutions.

145
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-manually.md Normal file
View File

@ -0,0 +1,145 @@
---
title: Installing Microsoft Defender ATP for Mac with JAMF
description: Describes how to install Microsoft Defender ATP for Mac, using JAMF.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: #met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: v-maave
author: martyav
ms.localizationpriority: #medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: #conceptual
---
# Manual deployment
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
>[!IMPORTANT]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
## Prerequisites and system requirements
Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
## Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
5. From a command prompt, verify that you have the two files.
Extract the contents of the .zip files:
```bash
mavel-macmini:Downloads test$ ls -l
total 721152
-rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: WindowsDefenderATPOnboarding.py
```
## Application installation
To complete this process, you must have admin privileges on the machine.
1. Navigate to the downloaded wdav.pkg in Finder and open it.
![App install screenshot](images/MDATP_28_AppInstall.png)
2. Select **Continue**, agree with the License terms, and enter the password when prompted.
![App install screenshot](images/MDATP_29_AppInstallLogin.png)
> [!IMPORTANT]
> You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
![App install screenshot](images/MDATP_30_SystemExtension.png)
3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:
![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png)
The installation will proceed.
> [!NOTE]
> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time.
## Client configuration
1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
The client machine is not associated with orgId. Note that the orgid is blank.
```bash
mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid :
```
2. Install the configuration file on a client machine:
```bash
mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
```
3. Verify that the machine is now associated with orgId:
```bash
mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
```
After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
## Configuring from the command line
Important tasks, such as controlling product settings and triggering on-demand scans, can be done from the command line:
|Group |Scenario |Command |
|-------------|-------------------------------------------|-----------------------------------------------------------------------|
|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` |
|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` |
|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` |
|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` |
|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`|
|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` |
|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`|
|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` |
|Health |Check the product's health |`mdatp --health` |
|Protection |Scan a path |`mdatp scan --path [path]` |
|Protection |Do a quick scan |`mdatp scan --quick` |
|Protection |Do a full scan |`mdatp scan --full` |
|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` |
|Protection |Request a definition update |`mdatp --signature-update` |
## Logging installation issues
See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
## Uninstallation
See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.

173
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md Normal file
View File

@ -0,0 +1,173 @@
---
title: Installing Microsoft Defender ATP for Mac with Microsoft Intune
description: Describes how to install Microsoft Defender ATP for Mac, using Microsoft Intune.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: #met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: v-maave
author: martyav
ms.localizationpriority: #medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: #conceptual
---
# Microsoft Intune-based deployment
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
>[!IMPORTANT]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
## Prerequisites and system requirements
Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
## Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
6. From a command prompt, verify that you have the three files.
Extract the contents of the .zip files:
```bash
mavel-macmini:Downloads test$ ls -l
total 721688
-rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil
-rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
inflating: intune/kext.xml
inflating: intune/WindowsDefenderATPOnboarding.xml
inflating: jamf/WindowsDefenderATPOnboarding.plist
mavel-macmini:Downloads test$
```
7. Make IntuneAppUtil an executable:
```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
8. Create the wdav.pkg.intunemac package from wdav.pkg:
```bash
mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
Microsoft Intune Application Utility for Mac OS X
Version: 1.0.0.0
Copyright 2018 Microsoft Corporation
Creating intunemac file for /Users/test/Downloads/wdav.pkg
Composing the intunemac file output
Output written to ./wdav.pkg.intunemac.
IntuneAppUtil successfully processed "wdav.pkg",
to deploy refer to the product documentation.
```
## Client Machine Setup
You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
1. You'll be asked to confirm device management.
![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
2. Select the **Continue** button and complete the enrollment.
You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
![Add Devices screenshot](images/MDATP_5_allDevices.png)
## Create System Configuration profiles
1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
4. Select **OK**.
![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
6. Repeat these steps with the second profile.
7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file.
8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**.
After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
## Publish application
1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
2. Select **App type=Other/Line-of-business app**.
3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
4. Select **Configure** and add the required information.
5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png)
6. Select **OK** and **Add**.
![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png)
7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
![Client apps screenshot](images/MDATP_10_ClientApps.png)
8. Change **Assignment type=Required**.
9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
## Verify client machine state
1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**.
![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
2. Verify the three profiles listed there:
![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
3. The **Management Profile** should be the Intune system profile.
4. wdav-config and wdav-kext are system configuration profiles that we added in Intune.
5. You should also see the Microsoft Defender icon in the top-right corner:
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
## Logging installation issues
See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
## Uninstallation
See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.

208
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-jamf.md Normal file
View File

@ -0,0 +1,208 @@
---
title: Installing Microsoft Defender ATP for Mac with JAMF
description: Describes how to install Microsoft Defender ATP for Mac, using JAMF.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: #met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: v-maave
author: martyav
ms.localizationpriority: #medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: #conceptual
---
# JAMF-based deployment
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
>[!IMPORTANT]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic describes how to install Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
## Prerequisites and system requirements
Before you get started, please see [the main Microsoft Defender ATP for Mac page]((microsoft-defender-atp.md)) for a description of prerequisites and system requirements for the current software version.
In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow.
## Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
5. From a command prompt, verify that you have the two files.
Extract the contents of the .zip files:
```bash
mavel-macmini:Downloads test$ ls -l
total 721160
-rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
inflating: intune/kext.xml
inflating: intune/WindowsDefenderATPOnboarding.xml
inflating: jamf/WindowsDefenderATPOnboarding.plist
mavel-macmini:Downloads test$
```
## Create JAMF Policies
You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
### Configuration Profile
The configuration profile contains one custom settings payload that includes:
- Microsoft Defender ATP for Mac onboarding information
- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
>[!NOTE]
> You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png)
### Approved Kernel Extension
To approve the kernel extension:
1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
2. Use **UBF8T346G9** for Team Id.
![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
#### Configuration Profile's Scope
Configure the appropriate scope to specify the machines that will receive this configuration profile.
Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers.
![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png)
Save the **Configuration Profile**.
Use the **Logs** tab to monitor deployment status for each enrolled machine.
### Package
1. Create a package in **Settings > Computer Management > Packages**.
![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png)
2. Upload wdav.pkg to the Distribution Point.
3. In the **filename** field, enter the name of the package. For example, wdav.pkg.
### Policy
Your policy should contain a single package for Microsoft Defender.
![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png)
Configure the appropriate scope to specify the computers that will receive this policy.
After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
## Client machine setup
You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
> [!NOTE]
> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png)
![MDM screenshot](images/MDATP_22_MDMProfileApproved.png)
After some time, the machine's User Approved MDM status will change to Yes.
![MDM status screenshot](images/MDATP_23_MDMStatus.png)
You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
## Deployment
Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
### Status on server
You can monitor the deployment status in the Logs tab:
- **Pending** means that the deployment is scheduled but has not yet happened
- **Completed** means that the deployment succeeded and is no longer scheduled
![Status on server screenshot](images/MDATP_24_StatusOnServer.png)
### Status on client machine
After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
![Status on client screenshot](images/MDATP_25_StatusOnClient.png)
After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
You can monitor policy installation on a machine by following the JAMF's log file:
```bash
mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
```
You can also check the onboarding status:
```bash
mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
```
- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set.
- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed.
## Check onboarding status
You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
```bash
sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
```
This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
## Logging installation issues
See [Logging installation issues](microsoft-defender-atp-mac-resources#Logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs.
## Uninstallation
See [Uninstalling](microsoft-defender-atp-mac-resources#Uninstalling) for details on how to remove Windows Defender ATP for Mac from client devices.

136
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md Normal file
View File

@ -0,0 +1,136 @@
---
title: Microsoft Defender ATP for Mac Resources
description: Describes resources for Microsoft Defender ATP for Mac, including how to uninstall it, how to collect diagnostic logs, and known issues with the product.
keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, mojave, high sierra, sierra
search.product: eADQiWindows 10XVcnh
search.appverid: #met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: v-maave
author: martyav
ms.localizationpriority: #medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: #conceptual
---
# Resources
**Applies to:**
[Windows Defender Advanced Threat Protection (Windows Defender ATP) for Mac](https://go.microsoft.com/fwlink/p/?linkid=???To-Add???)
>[!IMPORTANT]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic describes how to use, and details about, Microsoft Defender ATP for Mac. It supports the preview program and the information here is subject to change.
Microsoft Defender ATP for Mac is not yet widely available, and this topic only applies to enterprise customers who have been accepted into the preview program.
## Collecting diagnostic information
If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
1) Increase logging level:
```bash
mavel-mojave:~ testuser$ mdatp log-level --verbose
Creating connection to daemon
Connection established
Operation succeeded
```
2) Reproduce the problem
3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file.
```bash
mavel-mojave:~ testuser$ mdatp --diagnostic
Creating connection to daemon
Connection established
"/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
```
4) Restore logging level:
```bash
mavel-mojave:~ testuser$ mdatp log-level --info
Creating connection to daemon
Connection established
Operation succeeded
```
## Logging installation issues
If an error occurs during installation, the installer will only report a general failure.
The detailed log will be saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
## Uninstalling
There are several ways to uninstall Microsoft Defender ATP for Mac. Please note that while centrally managed uninstall is available on JAMF, it is not yet available for Microsoft Intune.
### Within the GUI
- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
### From the command line
- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
### With a script
Create a script in **Settings > Computer Management > Scripts**.
![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png)
For example, this script removes Microsoft Defender ATP from the /Applications directory:
```bash
echo "Is WDAV installed?"
ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
echo "Uninstalling WDAV..."
rm -rf '/Applications/Microsoft Defender ATP.app'
echo "Is WDAV still installed?"
ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
echo "Done!"
```
### With a JAMF policy
If you are running JAMF, your policy should contain a single script:
![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png)
Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
## What to expect in the ATP portal
- AV alerts:
- Severity
- Scan type
- Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
- File information (name, path, size, and hash)
- Threat information (name, type, and state)
- Device information:
- Machine identifier
- Tenant identifier
- App version
- Hostname
- OS type
- OS version
- Computer model
- Processor architecture
- Whether the device is a virtual machine
## Known issues
- Not fully optimized for performance or disk space yet.
- Full Windows Defender ATP integration is not available yet.
- Mac devices that switch networks may appear multiple times in the APT portal.
- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.

538
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -37,7 +37,18 @@ We've been working hard through the private preview period, and we've heard your
- Product health can be queried with JAMF or the command line.
- Admins can set their cloud preference for any location, not just for those in the US.
## Prerequisites
## Installing and configuring
There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
In general you'll need to take the following steps:
- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
- [Microsoft Intune-based deployment](microsoft-defender-atp-mac-install-with-intune)
- [JAMF-based deployment](microsoft-defender-atp-mac-install-with-jamf)
- [Manual deployment](microsoft-defender-atp-mac-install-manually)
### Prerequisites
You should have beginner-level experience in macOS and BASH scripting. You must have administrative privileges on the machine.
@ -71,527 +82,6 @@ To test that a connection is not blocked, open `https://x.cp.wd.microsoft.com/ap
We recommend to keep [System Integrity Protection](https://support.apple.com/en-us/HT204899) ([Wiki](https://en.wikipedia.org/wiki/System_Integrity_Protection)) enabled (default setting) on client machines.
SIP is a built-in macOS security feature that prevents low-level tampering with the OS.
## Installation and configuration overview
## Resources
There are various methods and deployment tools that you can use to install and configure Microsoft Defender ATP for Mac.
In general you'll need to take the following steps:
- Ensure you have a Windows Defender ATP subscription and have access to the Windows Defender ATP Portal
- Deploy Microsoft Defender ATP for Mac using one of the following deployment methods:
- [Microsoft Intune based deployment](#microsoft-intune-based-deployment)
- [JAMF based deployment](#jamf-based-deployment)
- [Manual deployment](#manual-deployment)
## Microsoft Intune based deployment
### Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
5. Download IntuneAppUtil from [https://docs.microsoft.com/en-us/intune/lob-apps-macos](https://docs.microsoft.com/en-us/intune/lob-apps-macos).
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
6. From a command prompt, verify that you have the three files.
Extract the contents of the .zip files:
```bash
mavel-macmini:Downloads test$ ls -l
total 721688
-rw-r--r-- 1 test staff 269280 Mar 15 11:25 IntuneAppUtil
-rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
inflating: intune/kext.xml
inflating: intune/WindowsDefenderATPOnboarding.xml
inflating: jamf/WindowsDefenderATPOnboarding.plist
mavel-macmini:Downloads test$
```
7. Make IntuneAppUtil an executable:
```mavel-macmini:Downloads test$ chmod +x IntuneAppUtil```
8. Create the wdav.pkg.intunemac package from wdav.pkg:
```bash
mavel-macmini:Downloads test$ ./IntuneAppUtil -c wdav.pkg -o . -i "com.microsoft.wdav" -n "1.0.0"
Microsoft Intune Application Utility for Mac OS X
Version: 1.0.0.0
Copyright 2018 Microsoft Corporation
Creating intunemac file for /Users/test/Downloads/wdav.pkg
Composing the intunemac file output
Output written to ./wdav.pkg.intunemac.
IntuneAppUtil successfully processed "wdav.pkg",
to deploy refer to the product documentation.
```
### Client Machine Setup
You need no special provisioning for a Mac machine beyond a standard [Company Portal installation](https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-macos-cp).
1. You'll be asked to confirm device management.
![Confirm device management screenshot](images/MDATP_3_ConfirmDeviceMgmt.png)
Select Open System Preferences, locate Management Profile on the list and select the **Approve...** button. Your Management Profile would be displayed as **Verified**:
![Management profile screenshot](images/MDATP_4_ManagementProfile.png)
2. Select the **Continue** button and complete the enrollment.
You can enroll additional machines. Optionally, you can do it later, after system configuration and application package are provisioned.
3. In Intune, open the **Manage > Devices > All devices** blade. You'll see your machine:
![Add Devices screenshot](images/MDATP_5_allDevices.png)
### Create System Configuration profiles
1. In Intune open the **Manage > Device configuration** blade. Select **Manage > Profiles > Create Profile**.
2. Choose a name for the profile. Change **Platform=macOS**, **Profile type=Custom**. Select **Configure**.
3. Open the configuration profile and upload intune/kext.xml. This file was created during the Generate settings step above.
4. Select **OK**.
![System configuration profiles screenshot](images/MDATP_6_SystemConfigurationProfiles.png)
5. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**.
6. Repeat these steps with the second profile.
7. Create Profile one more time, give it a name, upload the intune/WindowsDefenderATPOnboarding.xml file.
8. Select **Manage > Assignments**. In the Include tab, select **Assign to All Users & All devices**.
After Intune changes are propagated to the enrolled machines, you'll see it on the **Monitor > Device status** blade:
![System configuration profiles screenshot](images/MDATP_7_DeviceStatusBlade.png)
### Publish application
1. In Intune, open the **Manage > Client apps** blade. Select **Apps > Add**.
2. Select **App type=Other/Line-of-business app**.
3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload.
4. Select **Configure** and add the required information.
5. Use **macOS Sierra 10.12** as the minimum OS. Other settings can be any other value.
![Device status blade screenshot](images/MDATP_8_IntuneAppInfo.png)
6. Select **OK** and **Add**.
![Device status blade screenshot](images/MDATP_9_IntunePkgInfo.png)
7. It will take a while to upload the package. After it's done, select the name and then go to **Assignments** and **Add group**.
![Client apps screenshot](images/MDATP_10_ClientApps.png)
8. Change **Assignment type=Required**.
9. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
![Intune assignments info screenshot](images/MDATP_11_Assignments.png)
10. After some time the application will be published to all enrolled machines. You'll see it on the **Monitor > Device** install status blade:
![Intune device status screenshot](images/MDATP_12_DeviceInstall.png)
### Verify client machine state
1. After the configuration profiles are deployed to your machines, on your Mac device, open **System Preferences > Profiles**.
![System Preferences screenshot](images/MDATP_13_SystemPreferences.png)
![System Preferences Profiles screenshot](images/MDATP_14_SystemPreferencesProfiles.png)
2. Verify the three profiles listed there:
![Profiles screenshot](images/MDATP_15_ManagementProfileConfig.png)
3. The **Management Profile** should be the Intune system profile.
4. wdav-config and wdav-kext are system configuration profiles that we added in Intune.
5. You should also see the Microsoft Defender icon in the top-right corner:
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
## JAMF based deployment
### Prerequsites
You need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes a properly configured distribution point. JAMF has many alternative ways to complete the same task. These instructions provide you an example for most common processes. Your organization might use a different workflow.
### Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Mobile Device Management / Microsoft Intune**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
5. From a command prompt, verify that you have the two files.
Extract the contents of the .zip files:
```bash
mavel-macmini:Downloads test$ ls -l
total 721160
-rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators
inflating: intune/kext.xml
inflating: intune/WindowsDefenderATPOnboarding.xml
inflating: jamf/WindowsDefenderATPOnboarding.plist
mavel-macmini:Downloads test$
```
### Create JAMF Policies
You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client machines.
#### Configuration Profile
The configuration profile contains one custom settings payload that includes:
- Microsoft Defender ATP for Mac onboarding information
- Approved Kernel Extensions payload to enable the Microsoft kernel driver to run
1. Upload jamf/WindowsDefenderATPOnboarding.plist as the Property List File.
>[!NOTE]
> You must use exactly "com.microsoft.wdav.atp" as the Preference Domain.
![Configuration profile screenshot](images/MDATP_16_PreferenceDomain.png)
#### Approved Kernel Extension
To approve the kernel extension:
1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**.
2. Use **UBF8T346G9** for Team Id.
![Approved kernel extensions screenshot](images/MDATP_17_approvedKernelExtensions.png)
#### Configuration Profile's Scope
Configure the appropriate scope to specify the machines that will receive this configuration profile.
Open Computers -> Configuration Profiles, select **Scope > Targets**. Select the appropriate Target computers.
![Configuration profile scope screenshot](images/MDATP_18_ConfigurationProfilesScope.png)
Save the **Configuration Profile**.
Use the **Logs** tab to monitor deployment status for each enrolled machine.
#### Package
1. Create a package in **Settings > Computer Management > Packages**.
![Computer management packages screenshot](images/MDATP_19_MicrosoftDefenderWDAVPKG.png)
2. Upload wdav.pkg to the Distribution Point.
3. In the **filename** field, enter the name of the package. For example, wdav.pkg.
#### Policy
Your policy should contain a single package for Microsoft Defender.
![Microsoft Defender packages screenshot](images/MDATP_20_MicrosoftDefenderPackages.png)
Configure the appropriate scope to specify the computers that will receive this policy.
After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled machine.
### Client machine setup
You need no special provisioning for a macOS computer beyond the standard JAMF Enrollment.
> [!NOTE]
> After a computer is enrolled, it will show up in the Computers inventory (All Computers).
1. Open the machine details, from **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile.
![MDM approve button screenshot](images/MDATP_21_MDMProfile1.png)
![MDM screenshot](images/MDATP_22_MDMProfileApproved.png)
After some time, the machine's User Approved MDM status will change to Yes.
![MDM status screenshot](images/MDATP_23_MDMStatus.png)
You can enroll additional machines now. Optionally, can do it after system configuration and application packages are provisioned.
### Deployment
Enrolled client machines periodically poll the JAMF Server and install new configuration profiles and policies as soon as they are detected.
#### Status on server
You can monitor the deployment status in the Logs tab:
- **Pending** means that the deployment is scheduled but has not yet happened
- **Completed** means that the deployment succeeded and is no longer scheduled
![Status on server screenshot](images/MDATP_24_StatusOnServer.png)
#### Status on client machine
After the Configuration Profile is deployed, you'll see the profile on the machine in the **System Preferences > Profiles >** Name of Configuration Profile.
![Status on client screenshot](images/MDATP_25_StatusOnClient.png)
After the policy is applied, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
You can monitor policy installation on a machine by following the JAMF's log file:
```bash
mavel-mojave:~ testuser$ tail -f /var/log/jamf.log
Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found.
Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"...
Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV
Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender...
Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender.
Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches...
Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found.
```
You can also check the onboarding status:
```bash
mavel-mojave:~ testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
orgid managed : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
orgid effective : 79109c9d-83bb-4f3e-9152-8d75ee59ae22
```
- **orgid/orgid managed**: This is the Microsoft Defender ATP org id specified in the configuration profile. If this value is blank, then the Configuration Profile was not properly set.
- **orgid effective**: This is the Microsoft Defender ATP org id currently in use. If it does not match the value in the Configuration Profile, then the configuration has not been refreshed.
### Uninstalling Microsoft Defender ATP for Mac
#### Uninstalling with a script
Create a script in **Settings > Computer Management > Scripts**.
![Microsoft Defender uninstall screenshot](images/MDATP_26_Uninstall.png)
For example, this script removes Microsoft Defender ATP from the /Applications directory:
```bash
echo "Is WDAV installed?"
ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
echo "Uninstalling WDAV..."
rm -rf '/Applications/Microsoft Defender ATP.app'
echo "Is WDAV still installed?"
ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null
echo "Done!"
```
#### Uninstalling with a policy
Your policy should contain a single script:
![Microsoft Defender uninstall script screenshot](images/MDATP_27_UninstallScript.png)
Configure the appropriate scope in the **Scope** tab to specify the machines that will receive this policy.
### Check onboarding status
You can check that machines are correctly onboarded by creating a script. For example, the following script checks that enrolled machines are onboarded:
```bash
sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py | grep -E 'orgid effective : [-a-zA-Z0-9]+'
```
This script returns 0 if Microsoft Defender ATP is registered with the Windows Defender ATP service, and another exit code if it is not installed or registered.
## Manual deployment
### Download installation and onboarding packages
Download the installation and onboarding packages from Windows Defender Security Center:
1. In Windows Defender Security Center, go to **Settings > Machine Management > Onboarding**.
2. In Section 1 of the page, set operating system to **Linux, macOS, iOS or Android** and Deployment method to **Local script**.
3. In Section 2 of the page, select **Download installation package**. Save it as wdav.pkg to a local directory.
4. In Section 2 of the page, select **Download onboarding package**. Save it as WindowsDefenderATPOnboardingPackage.zip to the same directory.
![Windows Defender Security Center screenshot](images/MDATP_2_IntuneAppUtil.png)
5. From a command prompt, verify that you have the two files.
Extract the contents of the .zip files:
```bash
mavel-macmini:Downloads test$ ls -l
total 721152
-rw-r--r-- 1 test staff 6185 Mar 15 10:45 WindowsDefenderATPOnboardingPackage.zip
-rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg
mavel-macmini:Downloads test$ unzip WindowsDefenderATPOnboardingPackage.zip
Archive: WindowsDefenderATPOnboardingPackage.zip
inflating: WindowsDefenderATPOnboarding.py
```
### Application installation
To complete this process, you must have admin privileges on the machine.
1. Navigate to the downloaded wdav.pkg in Finder and open it.
![App install screenshot](images/MDATP_28_AppInstall.png)
2. Select **Continue**, agree with the License terms, and enter the password when prompted.
![App install screenshot](images/MDATP_29_AppInstallLogin.png)
> [!IMPORTANT]
> You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both. The driver must be allowed to be installed.
![App install screenshot](images/MDATP_30_SystemExtension.png)
3. Select **Open Security Preferences** or **Open System Preferences > Security & Privacy**. Select **Allow**:
![Security and privacy window screenshot](images/MDATP_31_SecurityPrivacySettings.png)
The installation will proceed.
> [!NOTE]
> If you don't select **Allow**, the installation will fail after 5 minutes. You can restart it again at any time.
### Client configuration
1. Copy wdav.pkg and WindowsDefenderATPOnboarding.py to the machine where you deploy Microsoft Defender ATP for Mac.
The client machine is not associated with orgId. Note that the orgid is blank.
```bash
mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid :
```
2. Install the configuration file on a client machine:
```bash
mavel-mojave:wdavconfig testuser$ python WindowsDefenderATPOnboarding.py
Generating /Library/Application Support/Microsoft/Defender/com.microsoft.wdav.atp.plist ... (You may be required to enter sudos password)
```
3. Verify that the machine is now associated with orgId:
```bash
mavel-mojave:wdavconfig testuser$ sudo /Library/Extensions/wdavkext.kext/Contents/Resources/Tools/wdavconfig.py
uuid : 69EDB575-22E1-53E1-83B8-2E1AB1E410A6
orgid : E6875323-A6C0-4C60-87AD-114BBE7439B8
```
After installation, you'll see the Microsoft Defender icon in the macOS status bar in the top-right corner.
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
## Configuring with the command line
Controlling product settings, triggering on-demand scans, and several other important tasks can be done from the command line with the following commands:
|Group |Scenario |Command |
|-------------|-------------------------------------------|-----------------------------------------------------------------------|
|Configuration|Turn on/off real-time protection |`mdatp config --rtp [true/false]` |
|Configuration|Turn on/off cloud protection |`mdatp config --cloud [true/false]` |
|Configuration|Turn on/off product diagnostics |`mdatp config --diagnostic [true/false]` |
|Configuration|Turn on/off automatic sample submission |`mdatp config --sample-submission [true/false]` |
|Configuration|Turn on PUA protection |`mdatp threat --type-handling --potentially_unwanted_application block`|
|Configuration|Turn off PUA protection |`mdatp threat --type-handling --potentially_unwanted_application off` |
|Configuration|Turn on audit mode for PUA protection |`mdatp threat --type-handling --potentially_unwanted_application audit`|
|Diagnostics |Change the log level |`mdatp log-level --[error/warning/info/verbose]` |
|Diagnostics |Generate diagnostic logs |`mdatp --diagnostic` |
|Health |Check the product's health |`mdatp --health` |
|Protection |Scan a path |`mdatp scan --path [path]` |
|Protection |Do a quick scan |`mdatp scan --quick` |
|Protection |Do a full scan |`mdatp scan --full` |
|Protection |Cancel an ongoing on-demand scan |`mdatp scan --cancel` |
|Protection |Request a definition update |`mdatp --signature-update` |
## What to expect in the ATP portal
- AV alerts:
- Severity
- Scan type
- Device information (hostname, machine identifier, tenant identifier, app version, and OS type)
- File information (name, path, size, and hash)
- Threat information (name, type, and state)
- Device information:
- Machine identifier
- Tenant identifier
- App version
- Hostname
- OS type
- OS version
- Computer model
- Processor architecture
- Whether the device is a virtual machine
## Uninstallation
### Removing Microsoft Defender ATP from Mac devices
To remove Microsoft Defender ATP from your macOS devices:
- Open **Finder > Applications**. Right click on **Microsoft Defender ATP > Move to Trash**.
Or, from a command line:
- ```sudo rm -rf '/Applications/Microsoft Defender ATP'```
## Known issues
- Not fully optimized for performance or disk space yet.
- Full Windows Defender ATP integration is not available yet.
- Mac devices that switch networks may appear multiple times in the APT portal.
- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device.
## Collecting diagnostic information
If you can reproduce a problem, please increase the logging level, run the system for some time, and restore the logging level to the default.
1) Increase logging level:
```bash
mavel-mojave:~ testuser$ mdatp log-level --verbose
Creating connection to daemon
Connection established
Operation succeeded
```
2) Reproduce the problem
3) Run `mdatp --diagnostic` to backup Defender ATP's logs. The command will print out location with generated zip file.
```bash
mavel-mojave:~ testuser$ mdatp --diagnostic
Creating connection to daemon
Connection established
"/Library/Application Support/Microsoft/Defender/wdavdiag/d85e7032-adf8-434a-95aa-ad1d450b9a2f.zip"
```
4) Restore logging level:
```bash
mavel-mojave:~ testuser$ mdatp log-level --info
Creating connection to daemon
Connection established
Operation succeeded
```
### Installation issues
If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause.
For further information on logging, uninstalling, the ATP portal, or known issues, see our [Resources](microsoft-defender-atp-mac-resources) page.

2
windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md
View File

@ -51,7 +51,7 @@ The following capabilities are included in the April 2019 preview release.
### In preview
The following capability are included in the March 2019 preview release.
- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-rotection) The machine health and compliance report provides high-level information about the devices in your organization.
- [Machine health and compliance report](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/machine-reports-windows-defender-advanced-threat-protection) The machine health and compliance report provides high-level information about the devices in your organization.
## February 2019