From 289e3c6fadf04a8b8d64a8dab7b478338b0ac819 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 14 Nov 2017 12:42:56 -0800 Subject: [PATCH 1/4] updates --- ...indows-defender-advanced-threat-protection.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index 17f7fa36ee..761f4e11dc 100644 --- a/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender ATP data storage and privacy description: Learn about how Windows Defender ATP handles privacy and data that it collects. -keywords: Windows Defender ATP data storage and privacy, storage, privacy +keywords: Windows Defender ATP data storage and privacy, storage, privacy, licensing, geolocation, data retention, data search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -17,23 +17,19 @@ ms.date: 10/17/2017 **Applies to:** -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP. > [!NOTE] -> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information. +> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information. ## What data does Windows Defender ATP collect? Microsoft will collect and store information from your configured endpoints in a database specific to the service for administration, tracking, and reporting purposes. -Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version). +Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version). Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578). @@ -42,11 +38,11 @@ Microsoft uses this data to: - Generate alerts if a possible attack was detected - Provide your security operations with a view into machines, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network. -Microsoft does not mine your data for advertising or for any other purpose other than providing you the service. +Microsoft does not use your data for advertising or for any other purpose other than providing you the service. ## Do I have the flexibility to select where to store my data? -When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. +When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not under any circumstance, transfer the data from the specified geolocation into another geolocation. ## Is my data isolated from other customer data? Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. @@ -69,7 +65,7 @@ No. Customer data is isolated from other customers and is not shared. However, i You can choose the data retention policy for your data. This determines how long Window Defender ATP will store your data. There’s a flexibility of choosing in the range of 1 month to six months to meet your company’s regulatory compliance needs. **At contract termination or expiration**
-Your data will be kept for a period of at least 90 days, during which it will be available to you. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration. +Your data will be kept and will be available to you while the licence is under grace period or suspended mode. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration. ## Can Microsoft help us maintain regulatory compliance? From b64f62d2754cab063e219af551c3873c84e76faa Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Wed, 15 Nov 2017 19:30:15 +0000 Subject: [PATCH 2/4] Merged PR 4537: Added Connectivity/DisallowNetworkConnectivityActiveTests to Policy CSP --- windows/client-management/mdm/euiccs-csp.md | 2 +- .../policy-configuration-service-provider.md | 3 ++ .../mdm/policy-csp-connectivity.md | 38 +++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 127aa77257..1ea5fdf102 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -12,7 +12,7 @@ ms.date: 11/01/2017 # eUICCs CSP -The eUICCs configuration service provider... This CSP was added in windows 10, version 1709. +The eUICCs configuration service provider is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, re-assign, remove) subscriptions to employees. This CSP was added in windows 10, version 1709. The following diagram shows the eUICCs configuration service provider in tree format. diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index c44db4c35b..7a0a83df92 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -573,6 +573,9 @@ The following diagram shows the Policy configuration service provider in tree fo
Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
+
+ Connectivity/DisallowNetworkConnectivityActiveTests +
Connectivity/HardenedUNCPaths
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md index 8eeb5e4585..a0ecb34a40 100644 --- a/windows/client-management/mdm/policy-csp-connectivity.md +++ b/windows/client-management/mdm/policy-csp-connectivity.md @@ -52,6 +52,9 @@ ms.date: 11/01/2017
Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
+
+ Connectivity/DisallowNetworkConnectivityActiveTests +
Connectivity/HardenedUNCPaths
@@ -634,6 +637,41 @@ ADMX Info:
+**Connectivity/DisallowNetworkConnectivityActiveTests** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcheck mark2check mark2check mark2check mark2cross markcross mark
+ + + + +Added in Windows 10, version 1703. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to www.msftconnecttest.com. + +Value type is integer. + + + +
+ **Connectivity/HardenedUNCPaths** From 57735ecc03ef763ff1b1996c775fd2b4cab2f0e4 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 15 Nov 2017 20:44:44 +0000 Subject: [PATCH 3/4] Merged PR 4538: Fixed broken link --- .../customize-windows-10-start-screens-by-using-group-policy.md | 2 +- ...indows-10-start-screens-by-using-mobile-device-management.md | 2 +- ...s-10-start-screens-by-using-provisioning-packages-and-icd.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md index 7c62a1cfd4..929bea684c 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md @@ -47,7 +47,7 @@ Three features enable Start and taskbar layout control: - The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkID=620879) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. >[!NOTE]   - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet. + >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. - [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md index 544462e2ea..1447c25de9 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md @@ -40,7 +40,7 @@ Two features enable Start layout control: - The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. >[!NOTE]   - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet. + >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet.   diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md index 18f215ad22..cae45faff6 100644 --- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md +++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md @@ -35,7 +35,7 @@ Three features enable Start and taskbar layout control: - The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. >[!NOTE]   - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet. + >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://docs.microsoft.com/powershell/module/startlayout/import-startlayout) cmdlet. - [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. From 4326be2928ff024ce3ca39f443f39f6e7b866517 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 16 Nov 2017 17:12:54 +0000 Subject: [PATCH 4/4] Merged PR 4541: Fixed formatting issues Fixed formatting issues --- windows/deployment/windows-10-poc.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md index b7d72b7783..9e55510904 100644 --- a/windows/deployment/windows-10-poc.md +++ b/windows/deployment/windows-10-poc.md @@ -92,7 +92,7 @@ Harware requirements are displayed below: **OS** - Windows 8.1/10 or Windows Server 2012/2012 R2/2016* + Windows 8.1/10 or Windows Server 2012/2012 R2/2016\* Windows 7 or a later @@ -129,7 +129,7 @@ Harware requirements are displayed below: -*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. Providing all steps in this guide as Hyper-V WMI or as 2008 R2 Hyper-V Manager procedures is beyond the scope of the guide. +\*The Hyper-V server role can also be installed on a computer running Windows Server 2008 R2. However, the Windows PowerShell module for Hyper-V is not available on Windows Server 2008 R2, therefore you cannot use many of the steps provided in this guide to configure Hyper-V. To manage Hyper-V on Windows Server 2008 R2, you can use Hyper-V WMI, or you can use the Hyper-V Manager console. Providing all steps in this guide as Hyper-V WMI or as 2008 R2 Hyper-V Manager procedures is beyond the scope of the guide.

The Hyper-V role cannot be installed on Windows 7 or earlier versions of Windows. @@ -229,7 +229,7 @@ When you have completed installation of Hyper-V on the host computer, begin conf After completing registration you will be able to download the 7.47 GB Windows Server 2012 R2 evaluation VHD. An example of the download offering is shown below. - +
![VHD](images/download_vhd.png)
@@ -262,7 +262,7 @@ w10-enterprise.iso >Important: Do not attempt to use the VM resulting from the following procedure as a reference image. Also, to avoid conflicts with existing clients, do not start the VM outside the PoC network. -
+
If you do not have a PC available to convert to VM, perform the following steps to download an evaluation VM:
    @@ -292,7 +292,7 @@ When creating a VM in Hyper-V, you must specify either generation 1 or generatio
    - +
    @@ -363,7 +363,7 @@ The following table displays the Hyper-V VM generation to choose based on the OS
    -
    Architecture
    +
    @@ -372,8 +372,8 @@ The following table displays the Hyper-V VM generation to choose based on the OS - - + + @@ -384,7 +384,7 @@ The following table displays the Hyper-V VM generation to choose based on the OS - + @@ -395,8 +395,8 @@ The following table displays the Hyper-V VM generation to choose based on the OS - - + + @@ -407,7 +407,7 @@ The following table displays the Hyper-V VM generation to choose based on the OS - + @@ -513,7 +513,7 @@ Notes:
    ### Resize VHD -
    +
    **Enhanced session mode** **Important**: Before proceeding, verify that you can take advantage of [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs, between VMs, and between RDP sessions. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer. @@ -524,7 +524,7 @@ To ensure that enhanced session mode is enabled on the Hyper-V host, type the fo >If enhanced session mode was not previously enabled, close any existing virtual machine connections and re-open them to enable access to enhanced session mode. As mentioned previously: instructions to "type" commands provided in this guide can be typed, but the preferred method is to copy and paste these commands. Most of the commands to this point in the guide have been brief, but many commands in sections below are longer and more complex. -
    +
    The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 100GB to support installing imaging tools and storing OS images.
    OS Partition styleProcedure
    Windows 7MBRWindows 7MBR 32 1 [Prepare a generation 1 VM](#prepare-a-generation-1-vm)[Prepare a generation 1 VM](#prepare-a-generation-1-vm)
    GPTGPT 32 N/A N/A[Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)
    Windows 8 or laterMBRWindows 8 or laterMBR 32 1 [Prepare a generation 1 VM](#prepare-a-generation-1-vm)[Prepare a generation 1 VM](#prepare-a-generation-1-vm)
    GPTGPT 32 1 [Prepare a generation 1 VM from a GPT disk](#prepare-a-generation-1-vm-from-a-gpt-disk)