From 538195f92f0fe9ad195c8e0d2b0603949f4835aa Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Fri, 15 Mar 2019 12:05:56 +0200
Subject: [PATCH 01/16] Update firewall-csp.md
Liine 280 Added tokens not supported by RS4 resolves https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2735
Line 310 Removed "comma separated list" fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2601
Line 324 Removed "mobile broadband" fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2602
---
windows/client-management/mdm/firewall-csp.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 798680aa7c..0dcd162b1f 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -277,6 +277,7 @@ Sample syncxml to provision the firewall settings to evaluate
If not specified, the default is All.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are not supported on RS4.
**FirewallRules/_FirewallRuleName_/Description**
Specifies the description of the rule.
@@ -306,7 +307,7 @@ Sample syncxml to provision the firewall settings to evaluate
Value type is integer. Supported operations are Get and Replace.
**FirewallRules/_FirewallRuleName_/Direction**
-Comma separated list. The rule is enabled based on the traffic direction as following. Supported values:
+The rule is enabled based on the traffic direction as following. Supported values:
- IN - the rule applies to inbound traffic.
- OUT - the rule applies to outbound traffic.
@@ -320,7 +321,6 @@ Sample syncxml to provision the firewall settings to evaluate
- RemoteAccess
- Wireless
- Lan
-- MobileBroadband
If not specified, the default is All.
Value type is string. Supported operations are Get and Replace.
From 868de51409d91c084bbe4409da9ecb610c15e008 Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Fri, 15 Mar 2019 17:24:09 -0700
Subject: [PATCH 02/16] update allow block list
---
...ows-defender-advanced-threat-protection.md | 1 -
...ows-defender-advanced-threat-protection.md | 61 +++++++++++++++++++
2 files changed, 61 insertions(+), 1 deletion(-)
create mode 100644 windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 938b358427..3e342505d6 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 11/16/2018
---
# Configure advanced features in Windows Defender ATP
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..bc6a86de66
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,61 @@
+---
+title: Manage allowed/blocked lists
+description: Create lists that control what items are blocked or allowed during an investigation.
+keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Manage allowed/blocked lists
+
+**Applies to:**
+
+
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
+
+Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to.
+
+
+## Create a rule
+1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
+
+2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
+ - File hash
+ - IP address
+ - URLs/Domains
+ - Certificate
+
+3. Click **Add indicator**.
+
+4. For each attribute specify the following details:
+ - Indicator - Specify the entity details and define the expiration of the indicator.
+ - Action - Specify the action to be taken and provide a description.
+ - Scope - Define the scope of the machine group.
+
+5. Review the details in the Summary tab, then click **Save**.
+
+## Manage a rule
+1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
+
+2. Select the tab of the entity type you'd like to manage.
+
+3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list.
+
+
+## Related topics
+- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
+- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
From 5585ce86e03de1d955ee6a76384edeaf17e7b9e1 Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Fri, 15 Mar 2019 17:33:27 -0700
Subject: [PATCH 03/16] update toc to add new allow block topic
---
windows/security/threat-protection/TOC.md | 1 +
.../windows-defender-atp/TOC.md | 1 +
...ows-defender-advanced-threat-protection.md | 23 +++++++++++++++++++
3 files changed, 25 insertions(+)
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 66995768bb..13216258b8 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -389,6 +389,7 @@
#####Rules
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+###### [Manage allowed/blocked](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index 5904aa5d30..9a492e82fb 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -376,6 +376,7 @@
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+##### [Manage allowed/blocked](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
index bc6a86de66..b9d04fab65 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -29,6 +29,25 @@ ms.topic: article
Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to.
+It is where you can manage custom indicators for detection, prevention, and even exclusion.
+
+
+Take advantage of the following conveniences:
+
+
+- Unified
+ The same list is used for prevention (blocking), detection (alerts), and AutoIR.
+
+
+- Flexible
+ Single entry, batch import, API or direct block from the file page, all the indicators sourcing options are now available.
+
+
+- Visible
+ Now all the indicators are available in the portal. You can now search, filter, edit and export your lists in one place.
+
+
+
## Create a rule
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
@@ -55,6 +74,10 @@ Create a rule to define the response action to apply on entities. You can define
3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list.
+## Import entities
+You can also choose to upload a CSV file of the entity.
+
+
## Related topics
- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
From c7cc9f5dad08309c0b1ecc5d96dcd85cc13c965b Mon Sep 17 00:00:00 2001
From: Nicole Turner <39884432+nenonix@users.noreply.github.com>
Date: Mon, 18 Mar 2019 21:37:02 +0200
Subject: [PATCH 04/16] Update firewall-csp.md
Fixes error RS4/5
---
windows/client-management/mdm/firewall-csp.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 0dcd162b1f..f64d0cdc9d 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -277,7 +277,7 @@ Sample syncxml to provision the firewall settings to evaluate
If not specified, the default is All.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
-The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are not supported on RS4.
+The tokens "Intranet", "RmtIntranet", "Internet" and "Ply2Renders" are supported on Windows 10, version 1809, and later.
**FirewallRules/_FirewallRuleName_/Description**
Specifies the description of the rule.
From 8cb70f62d534b45487559c1e596611a292464582 Mon Sep 17 00:00:00 2001
From: Oren Levin
Date: Tue, 19 Mar 2019 08:08:51 +0000
Subject: [PATCH 05/16] Updated
manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
---
...d-blocked-list-windows-defender-advanced-threat-protection.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
index b9d04fab65..c6dc3a58d3 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -56,7 +56,6 @@ Take advantage of the following conveniences:
- File hash
- IP address
- URLs/Domains
- - Certificate
3. Click **Add indicator**.
From d4b1aa030cc6e98d25c947afb8ccdd1b80041499 Mon Sep 17 00:00:00 2001
From: Sriraman M S <45987684+msbemba@users.noreply.github.com>
Date: Fri, 22 Mar 2019 19:29:48 +0530
Subject: [PATCH 06/16] Update kernel-dma-protection-for-thunderbolt.md
Made changes to the driver requirements/
---
.../kernel-dma-protection-for-thunderbolt.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 1244ed3951..f2529a4719 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -103,7 +103,7 @@ Please check the driver instance for the device you are testing. Some drivers ma
### What should I do if the drivers for my Thunderbolt™ 3 peripherals do not support DMA-remapping?
-If the peripherals do have class drivers provided by Windows 10, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support this functionality. Details for driver compatibility requirements can be found here (add link to OEM documentation).
+If the peripherals do have class drivers provided by Windows 10, please use these drivers on your systems. If there are no class drivers provided by Windows for your peripherals, please contact your peripheral vendor/driver vendor to update the driver to support this functionality.
### Do Microsoft drivers support DMA-remapping?
In Windows 10 1803 and beyond, the Microsoft inbox drivers for USB XHCI (3.x) Controllers, Storage AHCI/SATA Controllers and Storage NVMe Controllers support DMA-remapping.
From 9a814c75d05cc28a0b271d078fcd1e5d860648bd Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Fri, 22 Mar 2019 14:26:45 -0700
Subject: [PATCH 07/16] update allow block intro and add csv details
---
...ows-defender-advanced-threat-protection.md | 45 +++++++------------
1 file changed, 17 insertions(+), 28 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
index c6dc3a58d3..58f5ee8b7e 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -20,39 +20,28 @@ ms.topic: article
# Manage allowed/blocked lists
**Applies to:**
-
-
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+[!include[Prerelease information](prerelease.md)]
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
-Create a rule to define the response action to apply on entities. You can define the duration for when to apply the action as well as the scope of the machine group to apply it to.
-
-It is where you can manage custom indicators for detection, prevention, and even exclusion.
-
-
-Take advantage of the following conveniences:
-
-
-- Unified
- The same list is used for prevention (blocking), detection (alerts), and AutoIR.
-
-
-- Flexible
- Single entry, batch import, API or direct block from the file page, all the indicators sourcing options are now available.
-
-
-- Visible
- Now all the indicators are available in the portal. You can now search, filter, edit and export your lists in one place.
-
+Create rules to define the detection, prevention, and exclusion of entities based on indicators. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
+On the top navigation you can:
+- Import a list
+- Add an indicator rule
+- Customize columns to add or remove columns
+- Export the entire list in CSV format
+- Select the items to show per page
+- Navigate between pages
+- Apply filters
## Create a rule
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
-2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
+2. Select the tab of the type of entity you'd like to create a rule for. You can choose any of the following entities:
- File hash
- IP address
- URLs/Domains
@@ -66,18 +55,18 @@ Take advantage of the following conveniences:
5. Review the details in the Summary tab, then click **Save**.
-## Manage a rule
+## Manage a rule
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the entity type you'd like to manage.
3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list.
-## Import entities
-You can also choose to upload a CSV file of the entity.
+## Import a rule list
+You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details.
+
+Download the sample CSV to know the supported column attributes.
+
-## Related topics
-- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
-- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
From fb17b6a08a962ade1dde76b771151141ce3cc95f Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Fri, 22 Mar 2019 15:00:46 -0700
Subject: [PATCH 08/16] change to indicators
---
...-windows-defender-advanced-threat-protection.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
index 58f5ee8b7e..282071403b 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -27,21 +27,21 @@ ms.topic: article
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
-Create rules to define the detection, prevention, and exclusion of entities based on indicators. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
+Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
On the top navigation you can:
- Import a list
-- Add an indicator rule
+- Add an indicator
- Customize columns to add or remove columns
- Export the entire list in CSV format
- Select the items to show per page
- Navigate between pages
- Apply filters
-## Create a rule
+## Create an indicator
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
-2. Select the tab of the type of entity you'd like to create a rule for. You can choose any of the following entities:
+2. Select the tab of the type of entity you'd like to create an indicator for. You can choose any of the following entities:
- File hash
- IP address
- URLs/Domains
@@ -55,14 +55,14 @@ On the top navigation you can:
5. Review the details in the Summary tab, then click **Save**.
-## Manage a rule
+## Manage indicators
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.
2. Select the tab of the entity type you'd like to manage.
-3. Update the details of the rule and click **Save** or click the **Delete** button if you'd like to remove the entity from the rule list.
+3. Update the details of the indicator and click **Save** or click the **Delete** button if you'd like to remove the entity from the list.
-## Import a rule list
+## Import a list
You can also choose to upload a CSV file that defines the attributes of indicators, the action to be taken, and other details.
Download the sample CSV to know the supported column attributes.
From 6a63a791a0ee62b2bf0db13f5a0f5793c65f43a0 Mon Sep 17 00:00:00 2001
From: Jose Ortega
Date: Sat, 23 Mar 2019 04:02:02 -0600
Subject: [PATCH 09/16] Coorected HVCI an virtualizacion as well as some
information about the features of HVCI. #2704
---
...alization-based-protection-of-code-integrity.md | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index ea42cb4313..5efdacf7f8 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -24,6 +24,18 @@ Some applications, including device drivers, may be incompatible with HVCI.
This can cause devices or software to malfunction and in rare cases may result in a blue screen. Such issues may occur after HVCI has been turned on or during the enablement process itself.
If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
+>[!NOTE]
+>HVCI works with modern 7th gen CPUs or higher and its equivalent on AMD. CPU new feature is required *Mode based execution control (MBE) Virtualization*.
+
+>[!TIP]
+> "The Secure Kernel relies on the Mode-Based Execution Control (MBEC) feature, if present in hardware, which enhances the SLAT with a user/kernel executable bit, or the hypervisor’s software emulation of this feature, called Restricted User Mode (RUM).". Mark Russinovich and Alex Ionescu. Windows Internals 7th Edition book
+
+## HVCI Features
+
+* HVCI protects modification of the Code Flow Guard (CFG) bitmap.
+* HVCI also ensure your other Truslets, like Credential Guard have a valid certificate.
+* Modern device drivers must also have an EV (Extended Validation) certificate and should support HVCI.
+
## How to turn on HVCI in Windows 10
To enable HVCI on Windows 10 devices with supporting hardware throughout an enterprise, use any of these options:
@@ -279,6 +291,6 @@ Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true
### Requirements for running HVCI in Hyper-V virtual machines
- The Hyper-V host must run at least Windows Server 2016 or Windows 10 version 1607.
- The Hyper-V virtual machine must be Generation 2, and running at least Windows Server 2016 or Windows 10.
- - HVCI and [nested virtualization](https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) cannot be enabled at the same time.
+ - HVCI and [virtualization](https://docs.microsoft.com/virtualization/hyper-v-on-windows/user-guide/nested-virtualization) can be enabled at the same time
- Virtual Fibre Channel adapters are not compatible with HVCI. Before attaching a virtual Fibre Channel Adapter to a virtual machine, you must first opt out of virtualization-based security using `Set-VMSecurity`.
- The AllowFullSCSICommandSet option for pass-through disks is not compatible with HVCI. Before configuring a pass-through disk with AllowFullSCSICommandSet, you must first opt out of virtualization-based security using `Set-VMSecurity`.
From a67e8b3201fa91a89f1a7df3845fda8cf8437335 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 24 Mar 2019 22:41:03 +0500
Subject: [PATCH 10/16] update
minimum-requirements-windows-defender-advanced-threat-protection.md
added link for the article about windows server
---
...m-requirements-windows-defender-advanced-threat-protection.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 27b07e63d4..1ff94f3cdf 100644
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -43,6 +43,7 @@ For more information on the array of features in Windows 10 editions, see [Compa
For a detailed comparison table of Windows 10 commercial edition comparison, see the [comparison PDF](https://go.microsoft.com/fwlink/p/?linkid=2069559).
+For more information about licensing requirements for Windows Defender ATP platform on Windows Server, see [Protecting Windows Servers with Windows Defender ATP](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Protecting-Windows-Server-with-Windows-Defender-ATP/ba-p/267114).
## Related topic
From bbc6bcd5a863fccee4260c499d3a925a012c0ff2 Mon Sep 17 00:00:00 2001
From: Lindsay <45809756+lindspea@users.noreply.github.com>
Date: Sun, 24 Mar 2019 22:54:32 +0200
Subject: [PATCH 11/16] Update secure-the-windows-10-boot-process.md
Changed link in secure boot section.
---
.../secure-the-windows-10-boot-process.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index 37232dee00..072e16abfe 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -78,7 +78,7 @@ All x86-based Certified For Windows 10 PCs must meet several requirements relat
These requirements help protect you from rootkits while allowing you to run any operating system you want. You have three options for running non-Microsoft operating systems:
-- **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to .
+- **Use an operating system with a certified bootloader.** Because all Certified For Windows 10 PCs must trust Microsoft’s certificate, Microsoft offers a service to analyze and sign any non-Microsoft bootloader so that it will be trusted by all Certified For Windows 10 PCs. In fact, an [open source bootloader](http://mjg59.dreamwidth.org/20303.html) capable of loading Linux is already available. To begin the process of obtaining a certificate, go to .
- **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
- **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.
From 0ef9619f58ca1993c704248a2af05f0c8d5996b2 Mon Sep 17 00:00:00 2001
From: Peter Baumgartner <32550988+pebaum@users.noreply.github.com>
Date: Mon, 25 Mar 2019 11:09:09 -0700
Subject: [PATCH 12/16] Update windows-10-enterprise-subscription-activation.md
adding metadata so this shows up in m365 admin center search results
---
.../deployment/windows-10-enterprise-subscription-activation.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/windows/deployment/windows-10-enterprise-subscription-activation.md b/windows/deployment/windows-10-enterprise-subscription-activation.md
index 8fe7eba6f0..767a8c0724 100644
--- a/windows/deployment/windows-10-enterprise-subscription-activation.md
+++ b/windows/deployment/windows-10-enterprise-subscription-activation.md
@@ -9,6 +9,8 @@ ms.sitesec: library
ms.pagetype: mdt
author: greg-lindsay
ms.collection: M365-modern-desktop
+search.appverid:
+- MET150
ms.topic: article
---
From ed8719c25b173ebb01193368985b81d183eb638d Mon Sep 17 00:00:00 2001
From: Justin Hall
Date: Mon, 25 Mar 2019 16:24:20 -0700
Subject: [PATCH 13/16] added feedback from readers
---
.../create-wip-policy-using-intune-azure.md | 7 +++++--
.../recommended-network-definitions-for-wip.md | 13 ++++++++++---
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 6a27c63800..fc50cfc48c 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -11,7 +11,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 03/15/2019
+ms.date: 03/25/2019
---
# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
@@ -67,6 +67,9 @@ Before you can create a WIP policy using Intune, you need to configure an MDM or
- [Recommended apps](#add-recommended-apps)
- [Store apps](#add-store-apps)
- [Desktop apps](#add-desktop-apps)
+
+>[!NOTE]
+>An application might return access denied errors after removing it from the list of protected apps. Rather than remove it from the list, uninstall and reinstall the application or exempt it from WIP policy.
### Add recommended apps
@@ -397,7 +400,7 @@ To define the network boundaries, click **App policy** > the name of your policy
-Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the following options, and then click **OK**.
+Select the type of network boundary to add from the **Boundary type** box. Type a name for your boundary into the **Name** box, add your values to the **Value** box, based on the options covered in the following subsections, and then click **OK**.
### Cloud resources
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
index 4af9ce947b..46b7344b5f 100644
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
@@ -13,7 +13,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 02/26/2019
+ms.date: 03/25/2019
---
# Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
@@ -38,8 +38,15 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
|Visual Studio Online |contoso.visualstudio.com |
|Power BI |contoso.powerbi.com |
->[!NOTE]
->You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.
+You can add other work-only apps to the Cloud Resource list, or you can create a packaged app rule for the .exe file to protect every file the app creates or modifies. Depending on how the app is accessed, you might want to add both.
+
+For Office 365 endpoints, see [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges).
+Office 365 endpoints are updated monthly.
+Allow the domains listed in section number 46 Allow Required and add also add the apps.
+Note that apps from officeapps.live.com can also store personal data.
+
+When multiple files are selected from SharePoint Online or OneDrive, the files are aggregated and the URL can change. In this case, add a entry for a second-level domain and use a wildcard such as .svc.ms.
+
## Recommended Neutral Resources
We recommended adding these URLs if you use the Neutral Resources network setting with Windows Information Protection (WIP).
From 06dba4f29b12c178911f6ffc7fab924b9e63f5c8 Mon Sep 17 00:00:00 2001
From: Joey Caparas
Date: Mon, 25 Mar 2019 18:08:44 -0700
Subject: [PATCH 14/16] update description
---
...d-list-windows-defender-advanced-threat-protection.md | 9 +++++++--
...nlevel-windows-defender-advanced-threat-protection.md | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
index 282071403b..5f648b914c 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
---
title: Manage allowed/blocked lists
-description: Create lists that control what items are blocked or allowed during an investigation.
-keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious
+description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
+keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
@@ -68,5 +68,10 @@ You can also choose to upload a CSV file that defines the attributes of indicato
Download the sample CSV to know the supported column attributes.
+## Related topics
+- [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
+
+
+
diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
index 0cb3ee7552..700436d636 100644
--- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md
@@ -66,7 +66,7 @@ Review the following details to verify minimum system requirements:
- Install either [.NET framework 4.5](https://www.microsoft.com/en-us/download/details.aspx?id=30653) (or later) or [KB3154518](https://support.microsoft.com/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework)
- >[NOTE]
+ >[!NOTE]
>Only applicable for Windows 7 SP1 Enterprise and Windows 7 SP1 Pro.
>Don't install .NET framework 4.0.x, since it will negate the above installation.
From 7dbdedd30918b8444246804f50bda81c863e9409 Mon Sep 17 00:00:00 2001
From: John Kaiser <35939694+CoveMiner@users.noreply.github.com>
Date: Mon, 25 Mar 2019 19:14:07 -0700
Subject: [PATCH 15/16] Update
deploy-the-latest-firmware-and-drivers-for-surface-devices.md
---
...irmware-and-drivers-for-surface-devices.md | 45 +++++++------------
1 file changed, 15 insertions(+), 30 deletions(-)
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index 6a7e4495eb..694c577a1b 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -15,19 +15,26 @@ ms.topic: article
---
# Deploying the latest firmware and drivers for Surface devices
-Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. If you need to install drivers and firmware separately from Windows Update, you can find the requisite files on the Microsoft Download Center. Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
+Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment.
+
+## Downloading MSI files
+To download MSI files, refer to the following Microsoft Support page:
+
+- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)
+Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
## Deploying MSI files
-Driver and firmware updates for Surface devices containing all required cumulative updates are available as separate MSI files packaged for specific versions of Windows 10. For example, for Surface Pro 6, there are separate MSI files for Windows 10 versions 16299, 17134, and 17763.
-When deploying updates to Surface devices in your organization, you need to first determine the appropriate .MSI file for the Windows version running on your target devices.
+Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
+In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info.aspx) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
-### Naming convention for Surface MSI files
-Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows OS floor number and version number, and ending with the revision of version number:
+
+### Surface MSI naming convention
+Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build number and version number, and ending with the revision of version number. SurfacePro6_Win10_16299_1900307_0.msi is classified as follows:
**Example:**
SurfacePro6_Win10_16299_1900307_0.msi :
-| Product | Windows release | OS floor | Version | Revision of version |
+| Product | Windows release | Build | Version | Revision of version |
| --- | --- | --- | --- | --- |
| SurfacePro6 | Win10 | 16299 | 1900307 | 0 |
| | | | Indicates key date and sequence information | Indicates release history of the MSI file |
@@ -42,31 +49,9 @@ Look to the **version** number to determine the latest files that contain the mo
The first file — SurfacePro6_Win10_16299_1900307_0.msi — is the newest because its VERSION field has the newest build in 2019; the other files are from 2018.
-### Downloading MSI files
-To download MSI files, refer to the following Microsoft Support page:
-
-- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)
+## Supported devices
+Downloadable MSI files are available for Surface devices from Surface Pro 2 and later.
-
-The following MSI files are available:
-
-- Surface Laptop 2
-- Surface Pro 6
-- Surface Go
-- Surface Go with LTE Advanced
-- Surface Book 2
-- Surface Laptop
-- Surface Pro
-- Surface Pro with LTE Advanced
-- Surface Pro 6
-- Surface Studio
-- Surface Studio 2
-- Surface Book
-- Surface Pro 4
-- Surface Pro 3
-- Surface 3
-- Surface 3 LTE
-- Surface Pro 2
[!NOTE]
There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update.
From 00d16c7a0131862cb2965112e70630a36c8c64d1 Mon Sep 17 00:00:00 2001
From: Jeanie Decker
Date: Tue, 26 Mar 2019 04:56:11 -0700
Subject: [PATCH 16/16] fix release info url
---
...eploy-the-latest-firmware-and-drivers-for-surface-devices.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index 694c577a1b..d0e16a8292 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -25,7 +25,7 @@ Installation files for administrative tools, drivers for accessories, and update
## Deploying MSI files
Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
-In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info.aspx) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
+In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
### Surface MSI naming convention