From 840bcc7b6cca660898932c8db701fd3f25ebca24 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Jun 2018 10:14:47 -0700 Subject: [PATCH 1/7] added other entities for allowed blocked list settings --- ...ows-defender-advanced-threat-protection.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 4b6a427b67..f1e3dbc4a5 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/11/2018 --- # Manage automation allowed/blocked lists @@ -38,30 +38,31 @@ You can define the conditions for when entities are identified as malicious or s ## Create an allowed or blocked list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities: +2. Select the tab of the type of entity you'd like to create an exclusion for. You can choose any of the following entities: - File hash - Certificate + - IP address + - DNS + - Email + - Process memory 3. Click **Add system exclusion**. -4. For each attribute specify the exclusion type, details, and the following required values: - - - **Files** - Hash value - - **Certificate** - PEM certificate file +4. For each attribute specify the exclusion type, details, and their corresponding required values. -5. Click **Update rule**. +5. Click **Add rule**. ## Edit a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to edit the list from. +2. Select the tab of the entity type you'd like to edit the list from. 3. Update the details of the rule and click **Update rule**. ## Delete a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to delete the list from. +2. Select the tab of the entity type you'd like to delete the list from. 3. Select the list type by clicking the check-box beside the list type. From 719eeb5302d3965fcfb66f4146c873480c4b48ad Mon Sep 17 00:00:00 2001 From: JohnRajunas Date: Thu, 14 Jun 2018 12:38:36 -0400 Subject: [PATCH 2/7] Update windows-10-start-layout-options-and-policies.md I think adding the reference to CopyProfile not being supported will help insure IT Pros do not consider using it as a alternative to the options detailed here --- .../windows-10-start-layout-options-and-policies.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index 58bb51fd67..82f903e308 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -30,6 +30,8 @@ Organizations might want to deploy a customized Start and taskbar configuration >Start and taskbar configuration can be applied to devices running Windows 10 Pro, version 1703. > >Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx). +> +>Using CopyProfile for Start menu customization in Windows 10 isn't supported. For more information [Customize the Default User Profile by Using CopyProfile](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/customize-the-default-user-profile-by-using-copyprofile) From 74700422bc9d02a594ddcacb94f21e06ff34a6c1 Mon Sep 17 00:00:00 2001 From: Paul Fitzgerald Date: Thu, 14 Jun 2018 11:38:46 -0500 Subject: [PATCH 3/7] Update upgrade-readiness-deployment-script.md Updated URL to point to new location for referenced information. --- .../deployment/upgrade/upgrade-readiness-deployment-script.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index c28763cabf..774f54ce73 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -229,7 +229,7 @@ The deployment script displays the following exit codes to let you know if it wa 32 - Appraiser version on the machine is outdated. - The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1. + The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-get-started#deploy-the-compatibility-update-and-related-updates) for Windows 7 SP1/Windows 8.1. 33 - **CompatTelRunner.exe** exited with an exit code From b4295544c7e8ccac5962e8725e34e804ec3faaac Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 14 Jun 2018 17:07:02 -0700 Subject: [PATCH 4/7] update allowed blocked lists --- ...ced-hunting-windows-defender-advanced-threat-protection.md | 4 +++- ...locked-list-windows-defender-advanced-threat-protection.md | 4 +--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index c5a0aa9147..c8d4b355cc 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/13/2018 --- # Query data using Advanced hunting in Windows Defender ATP @@ -54,6 +54,8 @@ We then add a filter on the _FileName_ to contain only instances of _powershell Afterwards, we add a filter on the _ProcessCommandLine_ Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**. +You have the option of expanding the screen view so you can focus on your hunting query and related results. + ### Use operators The query language is very powerful and has a lot of available operators, some of them are - diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index f1e3dbc4a5..824dbb804b 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/11/2018 +ms.date: 06/14/2018 --- # Manage automation allowed/blocked lists @@ -43,8 +43,6 @@ You can define the conditions for when entities are identified as malicious or s - Certificate - IP address - DNS - - Email - - Process memory 3. Click **Add system exclusion**. From 145451a9a405ef7d3afe8f5b510f3dc83d3f95e0 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Fri, 15 Jun 2018 12:22:38 -0700 Subject: [PATCH 5/7] Fixed link. --- .../customize-attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index f8f6992650..10bb054f45 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/30/2018 +ms.date: 06/15/2018 --- # Customize Attack surface reduction @@ -54,7 +54,7 @@ This could potentially allow unsafe files to run and infect your devices. You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions. -Windows 10, version 1803 supports environment variables and wildcards. For information about using wildcards in Windows Defender Exploit Guard, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +Windows 10, version 1803 supports environment variables and wildcards. For information about using wildcards in Windows Defender Exploit Guard, see [Use wildcards in the file name and folder path or extension exclusion lists](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists). Exclusions will only be applied to certain rules. Some rules will not honor the exclusion list. This means that even if you have added a file to the exclusion list, some rules will still evaluate and potentially block that file if the rule determines the file to be unsafe. From 5cf6a869a5ad1a91b4c9c658820694cec6d2e76d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 15 Jun 2018 14:26:01 -0700 Subject: [PATCH 6/7] add browser support --- ...quirements-windows-defender-advanced-threat-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index bd53b3a21d..f42a764acb 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/04/2018 +ms.date: 06/15/2018 --- # Minimum requirements for Windows Defender ATP @@ -42,6 +42,9 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). +### Browser requirements +Internet Explorer and Microsoft Edge are supported. Any HTML5 compliant browsers are also supported. + ### Network and data storage and configuration requirements When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter. From 973d18a9b8fec6972023e8c4c3f5fbcac9f44af0 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Fri, 15 Jun 2018 22:45:20 +0000 Subject: [PATCH 7/7] Merged PR 9122: removed checks from pro for workstations as they're not downgradable removed checks from pro for workstations as they're not downgradable --- windows/deployment/upgrade/windows-10-downgrade-paths.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/upgrade/windows-10-downgrade-paths.md b/windows/deployment/upgrade/windows-10-downgrade-paths.md index 4422179d21..3fc6d13445 100644 --- a/windows/deployment/upgrade/windows-10-downgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-downgrade-paths.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.localizationpriority: high ms.pagetype: mobile author: greg-lindsay -ms.date: 06/07/2018 +ms.date: 06/15/2018 --- # Windows 10 downgrade paths @@ -77,9 +77,9 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a Pro for Workstations - ✔ - ✔ + +