diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index fe160a4fe0..7550924275 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -18,6 +18,8 @@ ms.topic: reference +> [!NOTE] +> [ControlPolicyConflict (MDMWinsOverGP)](policy-csp-controlpolicyconflict.md) is not applicable to the Defender CSP. If using MDM, remove your current Defender group policy settings to avoid conflicts with your MDM settings. @@ -2479,7 +2481,7 @@ Information about the current status of the threat. The following list shows the | 7 | Removed | | 8 | Cleaned | | 9 | Allowed | -| 10 | No Status ( Cleared) | +| 10 | No Status (Cleared) | @@ -3674,7 +3676,7 @@ OfflineScan action starts a Microsoft Defender Offline scan on the computer wher -RollbackEngine action rolls back Microsoft Defender engine to it's last known good saved version on the computer where you run the command. +RollbackEngine action rolls back Microsoft Defender engine to its last known good saved version on the computer where you run the command. diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md index b6865f7b07..4d9b9ad115 100644 --- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md +++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md @@ -44,15 +44,14 @@ If set to 1 then any MDM policy that is set that has an equivalent GP policy wil > [!NOTE] -> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs. -This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. -The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. +> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). + +This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1. > [!NOTE] > This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1. -The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. -This ensures that: +The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that: - GP settings that correspond to MDM applied settings aren't conflicting - The current Policy Manager policies are refreshed from what MDM has set @@ -65,8 +64,7 @@ The [Policy DDF](configuration-service-provider-ddf.md) contains the following t - \ - \ -For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy -](./policies-in-policy-csp-supported-by-group-policy.md). +For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy](./policies-in-policy-csp-supported-by-group-policy.md). The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**. diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index 969423ed4a..713bd9297b 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -44,7 +44,7 @@ It's advisable to set **Account lockout duration** to approximately 15 minutes. ### Location -**Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy** +**Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Account Lockout Policy** ### Default values diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md index 5220f9868b..238193ef00 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md @@ -75,6 +75,6 @@ There are several ways to get and use security baselines: ## See also -- [Microsoft Security Guidance Blog](/archive/blogs/secguide/) +- [Microsoft Security Baselines Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) - [Microsoft Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319) - [Security Baseline Policy Analyzer](https://learn-video.azurefd.net/vod/player?show=defrag-tools&ep=174-security-baseline-policy-analyzer-lgpo)