deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into MDBranchADMXBackedPoliciesPhase1

Browse Source
This commit is contained in:
ManikaDhiman
2020-08-26 15:55:08 -07:00
parent 7da92a413c 840cd1c53e
commit 11a50ed469
14 changed files with 201 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
browsers/edge/microsoft-edge.yml
View File

@ -1,60 +1,144 @@
### YamlMime:YamlDocument
### YamlMime:Landing
title: Microsoft Edge Legacy # < 60 chars
summary: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # < 160 chars
documentType: LandingData
title: Microsoft Edge
metadata:
title: Microsoft Edge
description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization.
title: Microsoft Edge Legacy # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. # Required; article description that is displayed in search results. < 160 chars.
keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories
ms.prod: edge
ms.localizationpriority: medium
author: lizap
ms.author: elizapo
manager: dougkim
ms.topic: article
ms.topic: landing-page
ms.devlang: na
ms.date: 08/19/2020 #Required; mm/dd/yyyy format.
sections:
- items:
- type: markdown
text: "
Find the tools and resources you need to help deploy and use Microsoft Edge in your organization.
"
- title: What's new
- items:
- type: markdown
text: "
Find out the latest and greatest news on Microsoft Edge.<br>
<table><tr><td><img src='images/new1.png' width='192' height='192'><br>**The latest in Microsoft Edge**<br>See what's new for users and developers in the next update to Microsoft Edge - now available with the Windows 10 April 2018 update!<br><a href='https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97'>Find out more</a></td><td><img src='images/new2.png' width='192' height='192'><br>**Evaluate the impact**<br>Review the latest Forrester Total Economic Impact (TEI) report to learn about the impact Microsoft Edge can have in your organization.<br><a href='microsoft-edge-forrester'>Download the reports</a></td></tr><tr><td><img src='images/new3.png' width='192' height='192'><br>**Microsoft Edge for iOS and Android**<br>Microsoft Edge brings familiar features across your PC and phone, which allows browsing to go with you, no matter what device you use.<br><a href='https://blogs.windows.com/windowsexperience/2017/11/30/microsoft-edge-now-available-for-ios-and-android'>Learn more</a></td><td><img src='images/new4.png' width='192' height='192'><br>**Application Guard**<br>Microsoft Edge with Windows Defender Application Guard is the most secure browser on Windows 10 Enterprise.<br><a href='https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview'>Learn more</a></td></tr>
</table>
"
- title: Compatibility
- items:
- type: markdown
text: "
Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.<br>
<table><tr><td><img src='images/compat1.png' width='192' height='192'><br>**Test your site on Microsoft Edge**<br>Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.<br><a href='https://developer.microsoft.com/microsoft-edge/tools/remote/'>Test your site on Microsoft Edge for free on BrowserStack</a><br><a href='https://sonarwhal.com/'>Use sonarwhal to improve your website.</a></td><td><img src='images/compat2.png' width='192' height='192'><br>**Improve compatibility with Enterprise Mode**<br>With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.<br><a href='https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility'>Use Enterprise mode to improve compatibility</a><br><a href='https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list'>Turn on Enterprise Mode and use a site list</a><br><a href='https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal'>Enterprise Site List Portal</a><br><a href='https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/04/25/the-ultimate-browser-strategy-on-windows-10/'>Ultimate browser strategy on Windows 10</a></td><td><img src='images/compat3.png' width='192' height='192'><br>**Web Application Compatibility Lab Kit**<br>The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.<br><a href='web-app-compat-toolkit'>Find out more</a></td></tr>
</table>
"
- title: Security
- items:
- type: markdown
text: "
Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.<br>
<table><tr><td><img src='images/security1.png' width='192' height='192'><br>**NSS Labs web browser security reports**<br>See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks.<br><a href='https://www.microsoft.com/download/details.aspx?id=54773'>Download the reports</a></td><td><img src='images/security2.png' width='192' height='192'><br>**Microsoft Edge sandbox**<br>See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.<br><a href='https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/'>Find out more</a></td><td><img src='images/security3.png' width='192' height='192'><br>**Windows Defender SmartScreen**<br>Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely.<br><a href='https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview'>Read the docs</a></td></tr>
</table>
"
- title: Deployment and end user readiness
- items:
- type: markdown
text: "
Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.<br>
<table><tr><td><img src='images/deploy-land.png' width='192' height='192'><br>**Deployment**<br>Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.<br><a href='https://docs.microsoft.com/microsoft-edge/deploy/'>Microsoft Edge deployment guide</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-faq'>Microsoft Edge FAQ</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/hardware-and-software-requirements'>System requirements and language support</a><br><a href='https://docs.microsoft.com/microsoft-edge/deploy/available-policies'>Group Policy and MDM settings in Microsoft Edge</a><br><a href='https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit'>Download the Web Application Compatibility Lab Kit</a><br><a href='edge-technical-demos.md'>Microsoft Edge training and demonstrations</a></td><td><img src='images/enduser-land.png' width='192' height='192'><br>**End user readiness**<br>Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.<br><a href='https://go.microsoft.com/fwlink/?linkid=825648'>Quick Start: Microsoft Edge (PDF, .98 MB)</a><br><a href='https://go.microsoft.com/fwlink/?linkid=825661'>Find it faster with Microsoft Edge (PDF, 605 KB)</a><br><a href='https://go.microsoft.com/fwlink/?linkid=825653'>Use Microsoft Edge to collaborate (PDF, 468 KB)</a><br><a href='https://microsoftedgetips.microsoft.com/en-us/2/39'>Import bookmarks</a><br><a href='https://microsoftedgetips.microsoft.com/en-us/2/18'>Password management</a><br><a href='https://myignite.microsoft.com/sessions/56630?source=sessions'>Microsoft Edge tips and tricks (video, 20:26)</a></td></tr>
</table>
"
- title: Stay informed
- items:
- type: markdown
text: "
<table><tr><td><img src='images/wipinsider.png' width='192' height='192'><br>**Sign up for the Windows IT Pro Insider**<br>Get the latest tools, tips, and expert guidance on deployment, management, security, and more.<br><a href='https://aka.ms/windows-it-pro-insider'>Learn more</a></td><td><img src='images/edgeblog.png' width='192' height='192'><br>**Microsoft Edge Dev blog**<br>Keep up with the latest browser trends, security tips, and news for IT professionals.<br><a href='https://blogs.windows.com/msedgedev'>Read the blog</a></td><td><img src='images/twitter.png' width='192' height='192'><br>**Microsoft Edge Dev on Twitter**<br>Get the latest news and updates from the Microsoft Web Platform team.<br><a href='https://twitter.com/MSEdgeDev'>Visit Twitter</a></td></tr>
</table>
"
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- title: What's new
linkLists:
- linkListType: whats-new
links:
- text: Documentation for Microsoft Edge version 77 or later
url: https://docs.microsoft.com/DeployEdge/
- text: Microsoft Edge Legacydesktop appwill reach end of support on March 9, 2021
url: https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666
- text: The latest in Microsoft Edge
url: https://blogs.windows.com/msedgedev/2018/04/30/edgehtml-17-april-2018-update/#C7jCBdbPSG6bCXHr.97
- text: Microsoft Edge for iOS and Android
url: https://blogs.windows.com/windowsexperience/2017/11/30/microsoft-edge-now-available-for-ios-and-android
- text: Application Guard
url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview
- linkListType: download
links:
- text: Evaluate the impact
url: /microsoft-edge/deploy/microsoft-edge-forrester
# Card (optional)
- title: Test your site on Microsoft Edge
linkLists:
- linkListType: overview
links:
- text: Test your site on Microsoft Edge for free on BrowserStack
url: https://developer.microsoft.com/microsoft-edge/tools/remote/
- text: Use sonarwhal to improve your website
url: https://sonarwhal.com/
# Card (optional)
- title: Improve compatibility with Enterprise Mode
linkLists:
- linkListType: how-to-guide
links:
- text: Use Enterprise mode to improve compatibility
url: /microsoft-edge/deploy/emie-to-improve-compatibility
- text: Turn on Enterprise Mode and use a site list
url: https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list
- text: Enterprise Site List Portal
url: https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal
# Card (optional)
- title: Web Application Compatibility Lab Kit
linkLists:
- linkListType: overview
links:
- text: Overview
url: /microsoft-edge/deploy/emie-to-improve-compatibility
# Card (optional)
- title: Security
linkLists:
- linkListType: download
links:
- text: NSS Labs web browser security reports
url: https://www.microsoft.com/download/details.aspx?id=54773
- linkListType: overview
links:
- text: Microsoft Edge sandbox
url: https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/
- text: Windows Defender SmartScreen
url: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview
# Card (optional)
- title: Deployment
linkLists:
- linkListType: overview
links:
- text: Microsoft Edge deployment guide
url: /microsoft-edge/deploy/
- text: Microsoft Edge FAQ
url: /microsoft-edge/deploy/microsoft-edge-faq
- text: System requirements and language support
url: /microsoft-edge/deploy/hardware-and-software-requirements
- text: Group Policy and MDM settings in Microsoft Edge
url: /microsoft-edge/deploy/available-policies
- text: Microsoft Edge training and demonstrations
url: /microsoft-edge/deploy/edge-technical-demos
- linkListType: download
links:
- text: Web Application Compatibility Lab Kit
url: https://www.microsoft.com/itpro/microsoft-edge/web-app-compat-toolkit
# Card (optional)
- title: End user readiness
linkLists:
- linkListType: video
links:
- text: Microsoft Edge tips and tricks (video, 20:26)
url: https://myignite.microsoft.com/sessions/56630?source=sessions
- linkListType: download
links:
- text: Quick Start - Microsoft Edge (PDF, .98 MB)
url: https://go.microsoft.com/fwlink/?linkid=825648
- text: Find it faster with Microsoft Edge (PDF, 605 KB)
url: https://go.microsoft.com/fwlink/?linkid=825661
- text: Use Microsoft Edge to collaborate (PDF, 468 KB)
url: https://go.microsoft.com/fwlink/?linkid=825653
- text: Group Policy and MDM settings in Microsoft Edge
url: /microsoft-edge/deploy/available-policies
- text: Microsoft Edge training and demonstrations
url: /microsoft-edge/deploy/edge-technical-demos
- linkListType: how-to-guide
links:
- text: Import bookmarks
url: https://microsoftedgetips.microsoft.com/2/39
- text: Password management
url: https://microsoftedgetips.microsoft.com/2/18
# Card (optional)
- title: Stay informed
linkLists:
- linkListType: overview
links:
- text: Sign up for the Windows IT Pro Insider
url: https://aka.ms/windows-it-pro-insider
- text: Microsoft Edge Dev blog
url: https://blogs.windows.com/msedgedev
- text: Microsoft Edge Dev on Twitter
url: https://twitter.com/MSEdgeDev

2
windows/client-management/mdm/policy-csp-deviceguard.md
View File

@ -90,7 +90,7 @@ Secure Launch configuration:
- 1 - Enables Secure Launch if supported by hardware
- 2 - Disables Secure Launch.
For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How hardware-based containers help protect Windows 10](https://docs.microsoft.com/windows/security/hardware-protection/how-hardware-based-containers-help-protect-windows).
For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How a hardware-based root of trust helps protect Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows).
<!--/Description-->
<!--ADMXMapped-->

21
windows/security/threat-protection/microsoft-defender-antivirus/configure-block-at-first-sight-microsoft-defender-antivirus.md
View File

@ -12,6 +12,7 @@ ms.author: deniseb
ms.reviewer:
manager: dansimp
ms.custom: nextgen
ms.date: 08/26/2020
---
# Turn on block at first sight
@ -31,10 +32,10 @@ You can [specify how long the file should be prevented from running](configure-c
When Microsoft Defender Antivirus encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend applies heuristics, machine learning, and automated analysis of the file to determine whether the files are malicious or not a threat.
Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. To learn more, see this blog: [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
Microsoft Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, intelligent, and real-time protection. To learn more, see this blog: [Get to know the advanced technologies at the core of Microsoft Defender ATP next-generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
![List of Microsoft Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png)
In Windows 10, version 1803, block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
In Windows 10, version 1803 or later, block at first sight can block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
Block at first sight only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or that originate from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
@ -86,7 +87,7 @@ For a list of Microsoft Defender Antivirus device restrictions in Intune, see [D
5. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
![Enable Advanced settings](images/defender/sccm-advanced-settings.png)
6. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
6. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking suspicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
![Enable Cloud Protection Service](images/defender/sccm-cloud-protection-service.png)
7. Click **OK** to create the policy.
@ -99,9 +100,9 @@ For a list of Microsoft Defender Antivirus device restrictions in Intune, see [D
3. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **MAPS**, configure the following Group Policies, and then click **OK**:
- Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**.
1. Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**.
- Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either **Send safe samples (1)** or **Send all samples (3)**.
2. Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either **Send safe samples (1)** or **Send all samples (3)**.
> [!WARNING]
> Setting to **Always prompt (0)** will lower the protection state of the device. Setting to **Never send (2)** means block at first sight will not function.
@ -112,6 +113,12 @@ For a list of Microsoft Defender Antivirus device restrictions in Intune, see [D
2. Double-click **Turn off real-time protection** and ensure the option is set to **Disabled**, and then click **OK**.
5. In the **Group Policy Management Editor**, expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **MpEngine**:
1. Double-click **Select cloud protection level** and ensure the option is set to **Enabled**.
2. Ensure that **Select cloud blocking level** section on the same page is set to **High blocking level**, and then click **OK**.
If you had to change any of the settings, you should redeploy the Group Policy Object across your network to ensure all endpoints are covered.
### Confirm block at first sight is turned on with Registry editor
@ -130,6 +137,8 @@ If you had to change any of the settings, you should redeploy the Group Policy O
2. **DisableRealtimeMonitoring** key is set to **0**
4. Go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\MpEngine`, and make sure that the **MpCloudBlockLevel** key is set to **2**
### Confirm Block at First Sight is enabled on individual clients
You can confirm that block at first sight is enabled on individual clients using Windows security settings.
@ -169,7 +178,7 @@ You may choose to disable block at first sight if you want to retain the prerequ
4. Double-click **Configure the 'Block at First Sight' feature** and set the option to **Disabled**.
> [!NOTE]
> Disabling block at first sight will not disable or alter the prerequisite group policies.
> Disabling block at first sight does not disable or alter the prerequisite group policies.
## See also

3
windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md
View File

@ -13,6 +13,7 @@ ms.author: deniseb
ms.custom: nextgen
ms.reviewer:
manager: dansimp
ms.date: 08/26/2020
---
# Microsoft Defender Antivirus compatibility
@ -26,7 +27,7 @@ manager: dansimp
Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) together with your antivirus protection.
- If your organization's endpoints and devices are protected with a non-Microsoft antivirus/antimalware solution, and Microsoft Defender ATP is not used, then Microsoft Defender Antivirus automatically goes into disabled mode.
- If your organization is using Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) together with a non-Microsoft antivirus/antimalware solution, then Microsoft Defender Antivirus automatically goes into passive mode. (Real-time protection and threats are not remediated by Microsoft Defender Antivirus.)
- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in private preview) enabled, then Microsoft Defender Antivirus runs in the background and blocks/remediates malicious items that are detected, such as during a post-breach attack.
- If your organization is using Microsoft Defender ATP together with a non-Microsoft antivirus/antimalware solution, and you have [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode) (currently in preview) enabled, then whenever a malicious artifact is detected, Microsoft Defender ATP takes action to block and remediate the artifact.
## Antivirus and Microsoft Defender ATP

14
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
View File

@ -1,7 +1,7 @@
---
title: Overview of advanced hunting in Microsoft Defender ATP
description: Use threat hunting capabilities in Microsoft Defender ATP to build queries that find threats and weaknesses in your network
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto
keywords: advanced hunting, threat hunting, cyber threat hunting, mdatp, microsoft defender atp, wdatp, search, query, telemetry, custom detections, schema, kusto, time zone, UTC
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@ -43,10 +43,14 @@ You can also go through each of the following steps to ramp up your advanced hun
| **Use predefined queries** | Explore collections of predefined queries covering different threat hunting scenarios. | [Shared queries](advanced-hunting-shared-queries.md) |
| **Learn about custom detections** | Understand how you can use advanced hunting queries to trigger alerts and apply response actions automatically. | - [Custom detections overview](overview-custom-detections.md)<br>- [Custom detection rules](custom-detection-rules.md) |
## Get help as you write queries
Take advantage of the following functionality to write queries faster:
- **Autosuggest** — as you write queries, advanced hunting provides suggestions from IntelliSense.
- **Schema reference** — a schema reference that includes the list of tables and their columns is provided next to your working area. For more information, hover over an item. Double-click an item to insert it to the query editor.
## Data freshness and update frequency
Advanced hunting data can be categorized into two distinct types, each consolidated differently:
- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Microsoft Defender ATP.
- **Entity data**—populates tables with consolidated information about users and devices. To provide fresh data, tables are updated every 15 minutes with any new information, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
## Time zone
All time information in advanced hunting is currently in the UTC time zone.
## Related topics
- [Learn the query language](advanced-hunting-query-language.md)

19
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
View File

@ -144,11 +144,28 @@ Data in advanced hunting tables are generally classified into the following data
| `int` | 32-bit numeric value |
| `long` | 64-bit numeric value |
## Get help as you write queries
Take advantage of the following functionality to write queries faster:
- **Autosuggest**—as you write queries, advanced hunting provides suggestions from IntelliSense.
- **Schema tree**—a schema representation that includes the list of tables and their columns is provided next to your working area. For more information, hover over an item. Double-click an item to insert it to the query editor.
- **[Schema reference](advanced-hunting-schema-reference.md#get-schema-information-in-the-security-center)**—in-portal reference with table and column descriptions as well as supported event types (`ActionType` values) and sample queries
## Work with multiple queries in the editor
The query editor can serve as your scratch pad for experimenting with multiple queries. To use multiple queries:
- Separate each query with an empty line.
- Place the cursor on any part of a query to select that query before running it. This will run only the selected query. To run another query, move the cursor accordingly and select **Run query**.
![Image of the advanced hunting query editor with multiple queries](images/ah-multi-query.png)
_Query editor with multiple queries_
## Use sample queries
The **Get started** section provides a few simple queries using commonly used operators. Try running these queries and making small modifications to them.
![Image of advanced hunting window](images/atp-advanced-hunting.png)
![Image of the advanced hunting get started tab](images/atp-advanced-hunting.png)
> [!NOTE]
> Apart from the basic query samples, you can also access [shared queries](advanced-hunting-shared-queries.md) for specific threat hunting scenarios. Explore the shared queries on the left side of the page or the GitHub query repository.

2
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
View File

@ -24,8 +24,6 @@ ms.topic: article
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
[!INCLUDE [Prerelease information](../../includes/prerelease.md)]
While you can construct your [advanced hunting](advanced-hunting-overview.md) queries to return very precise information, you can also work with the query results to gain further insight and investigate specific activities and indicators. You can take the following actions on your query results:
- View results as a table or chart

15
windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
View File

@ -29,7 +29,20 @@ ms.date: 01/14/2020
The [advanced hunting](advanced-hunting-overview.md) schema is made up of multiple tables that provide either event information or information about devices and other entities. To effectively build queries that span multiple tables, you need to understand the tables and the columns in the advanced hunting schema.
## Schema tables
## Get schema information in the security center
While constructing queries, use the built-in schema reference to quickly get the following information about each table in the schema:
- **Tables description**—type of data contained in the table and the source of that data.
- **Columns**—all the columns in the table.
- **Action types**—possible values in the `ActionType` column representing the event types supported by the table. This is provided only for tables that contain event information.
- **Sample query**—example queries that feature how the table can be utilized.
### Access the schema reference
To quickly access the schema reference, select the **View reference** action next to the table name in the schema representation. You can also select **Schema reference** to search for a table.
![Image showing how to access in-portal schema reference](images/ah-reference.png)
## Learn the schema tables
The following reference lists all the tables in the advanced hunting schema. Each table name links to a page describing the column names for that table.

2
windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
View File

@ -28,7 +28,7 @@ Check if network protection has been enabled on a local device by using Registry
1. Select the **Start** button in the task bar and type **regedit** to open Registry editor
1. Choose **HKEY_LOCAL_MACHINE** from the side menu
1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** **Windows Defender** > **Policy Manager**
1. Navigate through the nested menus to **SOFTWARE** > **Policies** > **Microsoft** > **Windows Defender** > **Policy Manager**
1. Select **EnableNetworkProtection** to see the current state of network protection on the device
* 0, or **Off**

BIN
windows/security/threat-protection/microsoft-defender-atp/images/ah-multi-query.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/ah-reference.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

2
windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md
View File

@ -139,7 +139,7 @@ Threat Analytics is a set of interactive reports published by the Microsoft Defe
- [Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10)
- Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
- Microsoft Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/microsoft-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security.
- Microsoft Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox) (preview), increasing its security.
- [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-advanced-scan-types-microsoft-defender-antivirus) for Microsoft Defender Antivirus scans.

2
windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
View File

@ -26,7 +26,7 @@ Describes the best practices, location, values, management, and security conside
## Reference
This setting prevents using the **Settings** app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services.
This setting prevents using the **Settings** app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services. For more details, see [Microsoft Accounts](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts).
There are two options if this setting is enabled:

3
windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
View File

@ -39,7 +39,8 @@ To create a new GPO
4. In the **Name** text box, type the name for your new GPO.
>**Note:** Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
> [!NOTE]
> Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
5. Leave **Source Starter GPO** set to **(none)**, and then click **OK**.