From 6ad2b380099407d9b8c0a0cc981e7c6dbaf0f347 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 11:20:55 -0700 Subject: [PATCH 01/30] Added formatting to the file. --- .../.vscode/settings.json | 8 ++ .../understanding-wdac-policy-settings.md | 76 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json create mode 100644 windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md diff --git a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json new file mode 100644 index 0000000000..ed9462b7e6 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json @@ -0,0 +1,8 @@ +{ + "markdownlint.config": { + "MD028": false, + "MD025": { + "front_matter_title": "" + } + } +} \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md new file mode 100644 index 0000000000..e966d5669a --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -0,0 +1,76 @@ +--- +title: Understanding WDAC secure settings. +description: Learn about secure settings in Windows Defender Application Control. +keywords: security, malware +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +ms.prod: m365-security +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +audience: ITPro +ms.collection: M365-security-compliance +author: creator of the word doc +ms.reviewer: jogeurte +ms.author: dansimp +manager: dansimp +ms.date: 10/11/2021 +ms.technology: mde +--- + +# Understanding WDAC Policy Settings +Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using [WldpQuerySecurityPolicy].
+ +An example settings section of a WDAC Policy: +```xml + + + + true + + + +``` + +### Example Scenario +An application that may want to restrict its capabilities, when used on a system with an active WDAC policy. Application authors can define a WDAC policy, setting their application queries, in order to disable certain features. For example, if Contoso’s Foo Application wants to disable a risky feature, such as macro execution, they can define a WDAC policy setting, and query for it at runtime. Contoso can then instruct IT administrators to configure the setting in their WDAC policy, if they don’t want Foo Application to execute macros on a system with a WDAC policy.
+ + +### WldpQuerySecurityPolicy +API that queries the secure settings of a WDAC policy. + +#### Syntax +``` C++ +HRESULT WINAPI WldpQuerySecurityPolicy( + _In_ const UNICODE_STRING * Provider, + _In_ const UNICODE_STRING * Key, + _In_ const UNICODE_STRING * ValueName, + _Out_ PWLDP_SECURE_SETTING_VALUE_TYPE ValueType, + _Out_writes_bytes_opt_(*ValueSize) PVOID Value, + _Inout_ PULONG ValueSize) +``` + +#### Parameters +Provider [in] +Setting Provider name. + +Key [in] +Key name of the Key-Value pair under Setting Provider "Provider". + +ValueName [in] +The value name of the "Key-Value" pair. + +ValueType [in, out] +Pointer to receive the value type. + +Value [in, out] +Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function will return the required buffer size for Value. + +ValueSize [in, out] +On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer. + +#### Return Value +This method returns S_OK if successful or a failure code otherwise. + +#### Remarks +See [WDAC Policy Settings] for more information on WDAC policy settings. From 371c645f32e0abf8712d513e98504e14c724c195 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 11:30:01 -0700 Subject: [PATCH 02/30] added new file to index and toc --- .../windows-defender-application-control/TOC.yml | 2 ++ .../windows-defender-application-control/index.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 6e2bbdd64b..47bc7d1ad7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -22,6 +22,8 @@ href: understand-windows-defender-application-control-policy-design-decisions.md - name: Understand WDAC policy rules and file rules href: select-types-of-rules-to-create.md + - name: Understand WDAC secure settings + href: understand-wdac-policy-settings.md items: - name: Allow apps installed by a managed installer href: configure-authorized-apps-deployed-with-a-managed-installer.md diff --git a/windows/security/threat-protection/windows-defender-application-control/index.yml b/windows/security/threat-protection/windows-defender-application-control/index.yml index ef5892459f..152d5cb75f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/index.yml +++ b/windows/security/threat-protection/windows-defender-application-control/index.yml @@ -69,6 +69,8 @@ landingContent: links: - text: Understanding policy and file rules url: select-types-of-rules-to-create.md + - text: Understanding WDAC secure settings + url: understanding-wdac-policy-settings.md - linkListType: how-to-guide links: - text: Allow managed installer and configure managed installer rules From 0ff09040b4199de166bd4486c7a9d05545432945 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 12:19:12 -0700 Subject: [PATCH 03/30] removed brackets in wldpquerysecuritypolicy --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index e966d5669a..6f583d977a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -19,7 +19,7 @@ ms.technology: mde --- # Understanding WDAC Policy Settings -Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using [WldpQuerySecurityPolicy].
+Windows Defender Application Control (WDAC) Policies expose a Settings section where policy authors can define arbitrary secure settings. Secure Settings provide local admin tamper-free settings for secure boot enabled systems, with policy signing enabled. Settings consist of a Provider, Key, and ValueName, as well as a setting value. Setting values can be of type boolean, ulong, binary, and string. Applications can query for policy settings using WldpQuerySecurityPolicy.
An example settings section of a WDAC Policy: ```xml From 80c417c09fe88702e1623c22c5a1b7ad7468123b Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:19:02 -0700 Subject: [PATCH 04/30] updated the author --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 6f583d977a..530c147315 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: creator of the word doc +author: Robert Wait ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From 000a26dc6eabada6db05cb2334017c03caa8c551 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:20:20 -0700 Subject: [PATCH 05/30] corrected the md file name --- .../windows-defender-application-control/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml index 47bc7d1ad7..9cfa2e9982 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml @@ -23,7 +23,7 @@ - name: Understand WDAC policy rules and file rules href: select-types-of-rules-to-create.md - name: Understand WDAC secure settings - href: understand-wdac-policy-settings.md + href: understanding-wdac-policy-settings.md items: - name: Allow apps installed by a managed installer href: configure-authorized-apps-deployed-with-a-managed-installer.md From e1834ca4c51520b046f39208eb864de39340bb5d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 18 Oct 2021 13:24:33 -0700 Subject: [PATCH 06/30] Update understanding-wdac-policy-settings.md --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 530c147315..28eb21e297 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: Robert Wait +author: Robert Waite ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From 59eed88aea573972a8ddd291da37330535aad2e0 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 1 Nov 2021 11:58:16 -0700 Subject: [PATCH 07/30] added headers for each parameter section Also removed Robert Waite as author since GitHub doesn't have him listed as an approved author. --- .../understanding-wdac-policy-settings.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 28eb21e297..9a9fe9f38b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,7 +10,6 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: Robert Waite ms.reviewer: jogeurte ms.author: dansimp manager: dansimp @@ -39,7 +38,7 @@ An application that may want to restrict its capabilities, when used on a system ### WldpQuerySecurityPolicy API that queries the secure settings of a WDAC policy. -#### Syntax +### Syntax ``` C++ HRESULT WINAPI WldpQuerySecurityPolicy( _In_ const UNICODE_STRING * Provider, @@ -50,23 +49,23 @@ HRESULT WINAPI WldpQuerySecurityPolicy( _Inout_ PULONG ValueSize) ``` -#### Parameters +### Parameters Provider [in] Setting Provider name. -Key [in] +#### Key [in] Key name of the Key-Value pair under Setting Provider "Provider". -ValueName [in] +#### ValueName [in] The value name of the "Key-Value" pair. -ValueType [in, out] +#### ValueType [in, out] Pointer to receive the value type. -Value [in, out] +#### Value [in, out] Pointer to a buffer to receive the value. The buffer should be of size “ValueSize”. If this value is NULL, this function will return the required buffer size for Value. -ValueSize [in, out] +#### ValueSize [in, out] On input, it indicates the buffer size of "Value". On successful return, it indicates the size of data written to Value buffer. #### Return Value From d40a2d17978763a90dad4e3692e0e9c201fc9186 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 8 Nov 2021 12:21:00 -0800 Subject: [PATCH 08/30] added settings.json to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9841e0daea..3a642828d6 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ common/ .openpublishing.build.mdproj .openpublishing.buildcore.ps1 packages.config +settings.json # User-specific files .vs/ From 89d1befa026685fa1423ad6f39b1794dd044c12d Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 8 Nov 2021 12:23:08 -0800 Subject: [PATCH 09/30] Deleted settings.json from .vscode --- .../.vscode/settings.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json diff --git a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json b/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json deleted file mode 100644 index ed9462b7e6..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "markdownlint.config": { - "MD028": false, - "MD025": { - "front_matter_title": "" - } - } -} \ No newline at end of file From 305a3a0479a7b601a621f64b5138eddfc2c1c13a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 9 Nov 2021 12:49:43 -0800 Subject: [PATCH 10/30] Listed jogeurte as the author --- .../understanding-wdac-policy-settings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index 9a9fe9f38b..d54ed1b819 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,6 +10,7 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance +author: jogeurte ms.reviewer: jogeurte ms.author: dansimp manager: dansimp From cc9e3d5a617417f2fc5ddb8dabbb7499f73c5a7a Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 9 Nov 2021 12:57:38 -0800 Subject: [PATCH 11/30] corrected Jordan's ID in both the author and ms.reviewer fields. --- .../understanding-wdac-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index d54ed1b819..d68f3d6a3f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -10,8 +10,8 @@ ms.pagetype: security ms.localizationpriority: medium audience: ITPro ms.collection: M365-security-compliance -author: jogeurte -ms.reviewer: jogeurte +author: jgeurten +ms.reviewer: jgeurten ms.author: dansimp manager: dansimp ms.date: 10/11/2021 From 5f70354e96cd88c2f0e4ccebda539d1d37c192f2 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Mon, 29 Nov 2021 16:42:16 -0500 Subject: [PATCH 12/30] Update security-compliance-toolkit-10.md Updated Edge to v96 --- .../security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 2d66169700..a7d705c22e 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -50,7 +50,7 @@ The Security Compliance Toolkit consists of: - Office 2016 - Microsoft Edge security baseline - - Edge Browser Version 93 + - Edge Browser Version 96 - Tools - Policy Analyzer tool From cb274fe19a032751c11fff88e7c9b14438e3b2e7 Mon Sep 17 00:00:00 2001 From: v-susne <95305712+v-susne@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:49:40 -0800 Subject: [PATCH 13/30] Add latest competed evaluation to Common Criteria Topics The security evaluation team just completed the latest Common Criteria evaluation against Windows Server + Windows 10. Adding the evaluation to the Common Criteria topic, including links to downloadable evaluation documentation (Security Target, Admin Guide, Validation Report, Assurance Activities Report). Using the same format/approach as the rest of the evaluations listed in this topic. --- .../windows-platform-common-criteria.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index d87f9d1dcc..23ab9c183a 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -9,7 +9,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 3/20/2019 +ms.date: 1/14/2022 ms.reviewer: ms.technology: windows-sec --- @@ -22,6 +22,14 @@ Microsoft is committed to optimizing the security of its products and services. The product releases below are currently certified against the cited Protection Profile, as listed on the [Common Criteria Portal](https://www.commoncriteriaportal.org/products/). The Security Target describes the product edition(s) in scope, the security functionality in the product, and the assurance measures from the Protection Profile used as part of the evaluation. The Administrative Guide provides guidance on configuring the product to match the evaluated configuration. The Certification Report or Validation Report documents the results of the evaluation by the validation team, with the Assurance Activity Report providing details on the evaluator's actions. +### Microsoft Windows 10, Windows Server version 2004 (May 2020 Update); Microsoft Windows Server Core Datacenter (Azure Frabic Controller); Microsoft Windows Server Core Datacenter (Azure Stack) +Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients and the Module for Virtual Private Network Clients. + +- [Security Target](https://download.microsoft.com/download/a/5/6/a5650848-e86a-4554-bb13-1ad6ff2d45d2/Windows%2010%202004%20GP%20OS%20Security%20Target.pdf) +- [Administrative Guide](https://download.microsoft.com/download/4/a/6/4a66a459-3c73-4c34-84bb-92cb20301206/Windows%2010%202004%20GP%20OS%20Administrative%20Guide.pdf) +- [Validation Report](https://download.microsoft.com/download/1/c/b/1cb65e32-f87d-41dd-bc29-88dc943fad9d/Windows%2010%202004%20GP%20OS%20Validation%20Reports.pdf) +- [Assurance Activity Report](https://download.microsoft.com/download/3/2/4/324562b6-0917-4708-8f9d-8d2d12859839/Windows%2010%202004%20GP%20OS%20Assurance%20Activity%20Report-Public%20.pdf) + ### Microsoft Windows Server, Windows 10 version 1909 (November 2019 Update), Microsoft Windows Server 2019 (version 1809) Hyper-V Certified against the Protection Profile for Virtualization, including the Extended Package for Server Virtualization. From 948c8a9f0da15cfad4477d1bdf8428fdf5a1b3fe Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Mon, 24 Jan 2022 10:56:56 -0700 Subject: [PATCH 14/30] Update waas-delivery-optimization.md -Add links to 'Download Mode' details. -Fix grammar, clarity of content --- windows/deployment/update/waas-delivery-optimization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 6fa98d31a6..ad45f25a09 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -220,9 +220,9 @@ Try these steps: Try these steps: 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. -2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **DownloadMode** is 1 or 2 on both devices. +2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. Open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address. +4. If the number of peers is zero and **[DownloadMode](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting to the same public IP address, configure **[DownloadMode](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 2 (Group) and a custom **[GroupID (Guid)](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#group-id)** to fix this. > [!NOTE] > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. From 83627ad9b7d732f402c925ebc659ba458ea6271f Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Mon, 24 Jan 2022 11:04:16 -0700 Subject: [PATCH 15/30] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index ad45f25a09..39d985bd13 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -220,9 +220,9 @@ Try these steps: Try these steps: 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. -2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. +2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and **[DownloadMode](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting to the same public IP address, configure **[DownloadMode](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 2 (Group) and a custom **[GroupID (Guid)](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference#group-id)** to fix this. +4. If the number of peers is zero and **[DownloadMode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting to the same public IP address, configure **[DownloadMode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 2 (Group) and a custom **[GroupID (Guid)](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#group-id)** to fix this. > [!NOTE] > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. From 305f8dfb9da7e559bedfe162f246cc251ec2d556 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Mon, 24 Jan 2022 11:14:24 -0700 Subject: [PATCH 16/30] Update waas-delivery-optimization.md --- .../deployment/update/waas-delivery-optimization.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 39d985bd13..d45a782cdc 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -164,7 +164,7 @@ Delivery Optimization attempts to identify VPNs by checking the network adapter If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. -If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the DownloadMode policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN. +If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](//waas-delivery-optimization-reference#download-mode) policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN. With split tunneling, make sure to allow direct access to these endpoints: @@ -211,8 +211,8 @@ If you don't see any bytes coming from peers the cause might be one of the follo Try these steps: 1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga"). -2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3. -3. If **DownloadMode** is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. +2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DownloadMode](//waas-delivery-optimization-reference#download-mode) setting. For peering to work, DownloadMode should be 1, 2, or 3. +3. If DownloadMode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. ### The cloud service doesn't see other peers on the network. @@ -220,9 +220,9 @@ Try these steps: Try these steps: 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. -2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. +2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and **[DownloadMode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting to the same public IP address, configure **[DownloadMode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)** = 2 (Group) and a custom **[GroupID (Guid)](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#group-id)** to fix this. +4. If the number of peers is zero and **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting to the same public IP address, configure **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 2 (Group) and a custom **[GroupID (Guid)](//waas-delivery-optimization-reference#group-id)** to fix this. > [!NOTE] > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. From b65c0f4ea0d28d41584d7d31945fc4227ceb4614 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Mon, 24 Jan 2022 15:03:36 -0700 Subject: [PATCH 17/30] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index d45a782cdc..65ec3b303d 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -222,7 +222,7 @@ Try these steps: 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting to the same public IP address, configure **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 2 (Group) and a custom **[GroupID (Guid)](//waas-delivery-optimization-reference#group-id)** to fix this. +4. If the number of peers is zero and **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting the same public IP address, configure **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** to 2 (Group) and use a custom **[GroupID (Guid)](//waas-delivery-optimization-reference#group-id)**, to fix this. > [!NOTE] > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. From bbe358968610eabcd8e34a09631b3061d7dfe71d Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Mon, 24 Jan 2022 15:13:13 -0700 Subject: [PATCH 18/30] Update waas-delivery-optimization.md --- .../deployment/update/waas-delivery-optimization.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 65ec3b303d..5653512b73 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -32,14 +32,13 @@ Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimi For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md). - >[!NOTE] >WSUS can also use [BranchCache](waas-branchcache.md) for content sharing and caching. If Delivery Optimization is enabled on devices that use BranchCache, Delivery Optimization will be used instead. ## New in Windows 10, version 20H2 and Windows 11 - New peer selection options: Currently the available options include: 0 = None, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)." -- Local Peer Discovery: a new option for **Restrict Peer Selection By** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). +- Local Peer Discovery: a new option for **[Restrict Peer Selection By](/waas-delivery-optimization-reference#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). > [!NOTE] > The Local Peer Discovery (DNS-SD, [RFC 6763](https://datatracker.ietf.org/doc/html/rfc6763)) option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**. For more information, see [Delivery Optimization reference](/windows/deployment/update/waas-delivery-optimization-reference). @@ -91,13 +90,10 @@ The following table lists the minimum Windows 10 version that supports Delivery > [!NOTE] > Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910). - - In Windows client Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT (which includes either Ethernet or WiFi), but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune. For more information, see "Download mode" in [Delivery optimization reference](waas-delivery-optimization-reference.md). - ## Set up Delivery Optimization See [Set up Delivery Optimization](waas-delivery-optimization-setup.md) for suggested values for many common scenarios. @@ -115,14 +111,11 @@ Starting with Microsoft Intune version 1902, you can set many Delivery Optimizat For complete list of every possible Delivery Optimization setting, see [Delivery Optimization reference](waas-delivery-optimization-reference.md). - ## How Microsoft uses Delivery Optimization At Microsoft, to help ensure that ongoing deployments weren't affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet. For more information, check out the [Adopting Windows as a Service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) technical case study. - - ## Frequently asked questions #### Does Delivery Optimization work with WSUS? @@ -135,7 +128,6 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. - #### What are the requirements if I use a proxy? For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting). @@ -205,7 +197,6 @@ If you don't see any bytes coming from peers the cause might be one of the follo - Clients aren’t able to connect to peers that are offered back from the cloud service. - None of the computers on the network are getting updates from peers. - ### Clients aren't able to reach the Delivery Optimization cloud services. Try these steps: @@ -214,7 +205,6 @@ Try these steps: 2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DownloadMode](//waas-delivery-optimization-reference#download-mode) setting. For peering to work, DownloadMode should be 1, 2, or 3. 3. If DownloadMode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. - ### The cloud service doesn't see other peers on the network. Try these steps: @@ -246,4 +236,3 @@ Check Delivery Optimization settings that could limit participation in peer cach - Minimum disk size allowed to use peer caching - Enable peer caching while the device connects using VPN. - Allow uploads when the device is on battery while under the set battery level - From 0cab54299f8b96d2ced959bb67c22d641c5be1c5 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 25 Jan 2022 10:19:13 -0600 Subject: [PATCH 19/30] Update security-compliance-toolkit-10.md Forgot to add the 2 new tools, had the descriptions but not the top sections. --- .../security-compliance-toolkit-10.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index eac63f1ad2..3c45b32e97 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -52,8 +52,10 @@ The Security Compliance Toolkit consists of: - Edge Browser Version 97 - Tools - - Policy Analyzer tool - - Local Group Policy Object (LGPO) tool + - Policy Analyzer + - Local Group Policy Object (LGPO) + - Set Object Security + - GPO to Policy Rules You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](/archive/blogs/secguide/). From f11faae982b7c1484778f34804aa5a3d91f5d322 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Tue, 25 Jan 2022 11:11:36 -0600 Subject: [PATCH 20/30] Update get-support-for-security-baselines.md Updated all the supported versions and links --- .../get-support-for-security-baselines.md | 26 +++++-------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index 5bdccb2a0d..c603f7a917 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -39,7 +39,7 @@ The toolkit supports formats created by the Windows GPO backup feature (.pol, .i **Does SCT support Desired State Configuration (DSC) file format?** -Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We are currently developing a tool to provide customers with these features. +No. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. **Does SCT support the creation of Microsoft Endpoint Manager DCM packs?** @@ -57,12 +57,9 @@ No. SCM supported only SCAP 1.0, which was not updated as SCAP evolved. The new | Name | Build | Baseline Release Date | Security Tools | | ---- | ----- | --------------------- | -------------- | -| Windows 10 | [1809 (October 2018)](/archive/blogs/secguide/security-baseline-draft-for-windows-10-v1809-and-windows-server-2019)
[1803 (RS4)](/archive/blogs/secguide/security-baseline-for-windows-10-v1803-redstone-4-draft)
[1709 (RS3)](/archive/blogs/secguide/security-baseline-for-windows-10-fall-creators-update-v1709-draft)
[1703 (RS2)](/archive/blogs/secguide/security-baseline-for-windows-10-creators-update-v1703-final)
[1607 (RS1)](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
[1511 (TH2)](/archive/blogs/secguide/security-baseline-for-windows-10-v1511-threshold-2-final)
[1507 (TH1)](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| October 2018
March 2018
October 2017
August 2017
October 2016
January 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Windows 11 | [](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-security-baseline/ba-p/2810772)
| October 2021
|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Windows 10 | [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703)
[21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353)
[20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393)
[1909](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093)
[1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082)
[1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| December 2021
May 2021
December 2020
November 2019
October 2018
October 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -Windows 8 |[9200](/previous-versions/tn-archive/jj916413(v=technet.10)) |October 2012| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10))| -Windows 7 |[7601 (SP1)](/previous-versions/tn-archive/ee712767(v=technet.10))| October 2009| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Vista |[6002 (SP2)](/previous-versions/tn-archive/dd450978(v=technet.10))| January 2007| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Windows XP |[2600 (SP3)](/previous-versions/tn-archive/cc163061(v=technet.10))| October 2001| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10))|
@@ -70,13 +67,10 @@ Windows 7 |[7601 (SP1)](/previous-versions/tn-archive/ee712767(v=technet.10))| O | Name | Build | Baseline Release Date | Security Tools | |---|---|---|---| +|Windows Server 2022 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685) |September 2021 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +|Windows Server 2019 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) |November 2018 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | |Windows Server 2016 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) |October 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | |Windows Server 2012 R2|[SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)|August 2014 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319)| -|Windows Server 2012|[Technet](/previous-versions/tn-archive/jj898542(v=technet.10)) |2012| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -Windows Server 2008 R2 |[SP1](/previous-versions/tn-archive/gg236605(v=technet.10))|2009 | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Windows Server 2008 |[SP2](/previous-versions/tn-archive/cc514539(v=technet.10))| 2008 | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -|Windows Server 2003 R2|[Technet](/previous-versions/tn-archive/cc163140(v=technet.10))| 2003 | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10))| -|Windows Server 2003|[Technet](/previous-versions/tn-archive/cc163140(v=technet.10))|2003|[SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10))|
@@ -85,14 +79,8 @@ Windows Server 2008 R2 |[SP1](/previous-versions/tn-archive/gg236605(v=technet.1 | Name | Details | Security Tools | |---------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------| -| Internet Explorer 11 | [SecGuide](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | -| Internet Explorer 10 | [Technet](/previous-versions/tn-archive/jj898540(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Internet Explorer 9 | [Technet](/previous-versions/tn-archive/hh539027(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Internet Explorer 8 | [Technet](/previous-versions/tn-archive/ee712766(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Exchange Server 2010 | [Technet](/previous-versions/tn-archive/hh913521(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Exchange Server 2007 | [Technet](/previous-versions/tn-archive/hh913520(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Microsoft Office 2010 | [Technet](/previous-versions/tn-archive/gg288965(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | -| Microsoft Office 2007 SP2 | [Technet](/previous-versions/tn-archive/cc500475(v=technet.10)) | [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | +| Microsoft 365 Apps for enterprise, version 2112 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2112/ba-p/3038172) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Microsoft Edge, version 97 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v97/ba-p/3062252) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
From e92048fc607e410130a5e093e52501d8b5bf55f5 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 27 Jan 2022 21:04:04 +0500 Subject: [PATCH 21/30] update in note As mentioned in a Microsoft blog ( https://docs.microsoft.com/en-us/openspecs/blog/ms-winintbloglp/dd98b93c-0a75-4eb0-b92e-e760c502394f ), MMA has been retired. So I have updated the note. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10138 --- windows/client-management/troubleshoot-tcpip-netmon.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index d63ebc5c58..3ba8c0dd3f 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -18,7 +18,7 @@ ms.collection: highpri In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. > [!NOTE] -> Network Monitor is the archived protocol analyzer and is no longer under development. **Microsoft Message Analyzer** is the replacement for Network Monitor. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). +> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image: @@ -67,4 +67,4 @@ Network traces which are collected using the **netsh** commands built in to Wind [Network Monitor Wireless Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1900.network-monitor-wireless-filtering.aspx)
[Network Monitor TCP Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1134.network-monitor-tcp-filtering.aspx)
[Network Monitor Conversation Filtering](https://social.technet.microsoft.com/wiki/contents/articles/1829.network-monitor-conversation-filtering.aspx)
-[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
\ No newline at end of file +[How to setup and collect network capture using Network Monitor tool](/archive/blogs/msindiasupp/how-to-setup-and-collect-network-capture-using-network-monitor-tool)
From 1f46bc5fd24a84813793d7626220469d149b9c1f Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Thu, 27 Jan 2022 11:10:40 -0700 Subject: [PATCH 22/30] Update waas-delivery-optimization.md --- .../update/waas-delivery-optimization.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 5653512b73..e01282e8c0 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -38,10 +38,10 @@ For information about setting up Delivery Optimization, including tips for the b ## New in Windows 10, version 20H2 and Windows 11 - New peer selection options: Currently the available options include: 0 = None, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)." -- Local Peer Discovery: a new option for **[Restrict Peer Selection By](/waas-delivery-optimization-reference#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). +- Local Peer Discovery: a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). > [!NOTE] -> The Local Peer Discovery (DNS-SD, [RFC 6763](https://datatracker.ietf.org/doc/html/rfc6763)) option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**. For more information, see [Delivery Optimization reference](/windows/deployment/update/waas-delivery-optimization-reference). +> The Local Peer Discovery (DNS-SD, [RFC 6763](https://datatracker.ietf.org/doc/html/rfc6763)) option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**. For more information, see [Delivery Optimization reference](/windows/deployment/update/waas-delivery-optimization-reference.md). - Starting with Windows 11, the Bypass option of [Download Mode](waas-delivery-optimization-reference.md#download-mode) is no longer used. @@ -88,7 +88,7 @@ The following table lists the minimum Windows 10 version that supports Delivery |------------------------|----------------|-----------------|--------------|---------------| | Device Update for IoT Hub | Ubuntu 18.04, 20.04 / Debian 9, 10 | :heavy_check_mark: | | :heavy_check_mark: | > [!NOTE] -> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910). +> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery.md#bkmk_DO-1910). In Windows client Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT (which includes either Ethernet or WiFi), but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune. @@ -129,7 +129,7 @@ If you set up Delivery Optimization to create peer groups that include devices a Delivery Optimization also communicates with its cloud service by using HTTP/HTTPS over port 80. #### What are the requirements if I use a proxy? -For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting). +For Delivery Optimization to successfully use the proxy, you should set up the proxy by using Windows proxy settings or Internet Explorer proxy settings. For details see [Using a proxy with Delivery Optimization](./delivery-optimization-proxy.md). Most content downloaded with Delivery Optimization uses byte range requests. Make sure your proxy allows byte range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting.md). #### What hostnames should I allow through my firewall to support Delivery Optimization? @@ -156,7 +156,7 @@ Delivery Optimization attempts to identify VPNs by checking the network adapter If the connection is identified as a VPN, Delivery Optimization will suspend uploads to other peers. However, you can allow uploads over a VPN by using the [Enable Peer Caching while the device connects via VPN](waas-delivery-optimization-reference.md#enable-peer-caching-while-the-device-connects-via-vpn) policy. -If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](//waas-delivery-optimization-reference#download-mode) policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN. +If you have defined a boundary group in Configuration Manager for VPN IP ranges, you can set the [DownloadMode](waas-delivery-optimization-reference.md#download-mode) policy to 0 for that boundary group to ensure that there will be no peer-to-peer activity over the VPN. When the device is not connected using a VPN, it can still use peer-to-peer with the default of LAN. With split tunneling, make sure to allow direct access to these endpoints: @@ -202,7 +202,7 @@ If you don't see any bytes coming from peers the cause might be one of the follo Try these steps: 1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga"). -2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DownloadMode](//waas-delivery-optimization-reference#download-mode) setting. For peering to work, DownloadMode should be 1, 2, or 3. +2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and observe the [DownloadMode](waas-delivery-optimization-reference.md#download-mode) setting. For peering to work, DownloadMode should be 1, 2, or 3. 3. If DownloadMode is 99, it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization host names are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**. ### The cloud service doesn't see other peers on the network. @@ -210,9 +210,9 @@ Try these steps: Try these steps: 1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads. -2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1 or 2 on both devices. +2. Run `Get-DeliveryOptimizationStatus` from an elevated PowerShell window and ensure that **[DownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1 or 2 on both devices. 3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated PowerShell window on the second device. The **NumberOfPeers** field should be non-zero. -4. If the number of peers is zero and **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting the same public IP address, configure **[DownloadMode](//waas-delivery-optimization-reference#download-mode)** to 2 (Group) and use a custom **[GroupID (Guid)](//waas-delivery-optimization-reference#group-id)**, to fix this. +4. If the number of peers is zero and **[DownloadMode](waas-delivery-optimization-reference.md#download-mode)** is 1, ensure that both devices are using the same public IP address to reach the internet (you can easily do this by opening a browser window and do a search for “what is my IP”). In the case where devices are not reporting the same public IP address, configure **[DownloadMode](waas-delivery-optimization-reference.md#download-mode)** to 2 (Group) and use a custom **[GroupID (Guid)](waas-delivery-optimization-reference.md#group-id)**, to fix this. > [!NOTE] > Starting in Windows 10, version 2004, `Get-DeliveryOptimizationStatus` has a new option `-PeerInfo` which returns a real-time list of the connected peers. From 23a0a937e3cc92e1c268ad2e2e05ec4edafef96e Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Thu, 27 Jan 2022 11:20:00 -0700 Subject: [PATCH 23/30] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index e01282e8c0..83c042e7af 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -26,9 +26,9 @@ ms.custom: seo-marvel-apr2020 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158). -Windows updates, upgrades, and applications can contain packages with very large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a self-organizing distributed cache that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Manager (when installation of Express Updates is enabled). +Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Manager (when installation of Express Updates is enabled). -Delivery Optimization is a cloud-managed solution. Access to the Delivery Optimization cloud services is a requirement. This means that in order to use the peer-to-peer functionality of Delivery Optimization, devices must have access to the internet. + Access to the Delivery Optimization cloud services and the Internet, are both requirements for using the peer-to-peer functionality of Delivery Optimization. For information about setting up Delivery Optimization, including tips for the best settings in different scenarios, see [Set up Delivery Optimization](waas-delivery-optimization-setup.md). For a comprehensive list of all Delivery Optimization settings, see [Delivery Optimization reference](waas-delivery-optimization-reference.md). @@ -38,7 +38,7 @@ For information about setting up Delivery Optimization, including tips for the b ## New in Windows 10, version 20H2 and Windows 11 - New peer selection options: Currently the available options include: 0 = None, 1 = Subnet mask, and 2 = Local Peer Discovery. The subnet mask option applies to both Download Modes LAN (1) and Group (2). If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID)." -- Local Peer Discovery: a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If you also enabled Group mode, Delivery Optimization will connect to locally discovered peers that are also part of the same group (that is, those which have the same Group ID). +- Local Peer Discovery: a new option for **[Restrict Peer Selection By](waas-delivery-optimization-reference.md#select-a-method-to-restrict-peer-selection)** (in Group Policy) or **DORestrictPeerSelectionBy** (in MDM). This option restricts the discovery of local peers using the DNS-SD protocol. When you set Option 2, Delivery Optimization will restrict peer selection to peers that are locally discovered (using DNS-SD). If Group mode is enabled, Delivery Optimization will connect to locally discovered peers that are also part of the same group, for those devices with the same Group ID). > [!NOTE] > The Local Peer Discovery (DNS-SD, [RFC 6763](https://datatracker.ietf.org/doc/html/rfc6763)) option can only be set via MDM delivered policies on Windows 11 builds. This feature can be enabled in supported Windows 10 builds by setting the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\DORestrictPeerSelectionBy` value to **2**. For more information, see [Delivery Optimization reference](/windows/deployment/update/waas-delivery-optimization-reference.md). From 768b1dfcf8931b8ea6b19c16b9b181e71863de41 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Thu, 27 Jan 2022 11:22:39 -0700 Subject: [PATCH 24/30] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 83c042e7af..b134f2739a 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -88,7 +88,7 @@ The following table lists the minimum Windows 10 version that supports Delivery |------------------------|----------------|-----------------|--------------|---------------| | Device Update for IoT Hub | Ubuntu 18.04, 20.04 / Debian 9, 10 | :heavy_check_mark: | | :heavy_check_mark: | > [!NOTE] -> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery.md#bkmk_DO-1910). +> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery.md#bkmk_DO-1910). In Windows client Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT (which includes either Ethernet or WiFi), but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune. From f54d6d146a1d5582a32c087542eb32a5ca8645b7 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Thu, 27 Jan 2022 11:39:52 -0700 Subject: [PATCH 25/30] Update waas-delivery-optimization.md --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index b134f2739a..c28ce0b0d1 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -88,7 +88,7 @@ The following table lists the minimum Windows 10 version that supports Delivery |------------------------|----------------|-----------------|--------------|---------------| | Device Update for IoT Hub | Ubuntu 18.04, 20.04 / Debian 9, 10 | :heavy_check_mark: | | :heavy_check_mark: | > [!NOTE] -> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery.md#bkmk_DO-1910). +> Starting with Configuration Manager version 1910, you can use Delivery Optimization for the distribution of all Windows update content for clients running Windows 10 version 1709 or newer, not just express installation files. For more, see [Delivery Optimization starting in version 1910](/mem/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#bkmk_DO-1910). In Windows client Enterprise, Professional, and Education editions, Delivery Optimization is enabled by default for peer-to-peer sharing on the local network (NAT). Specifically, all of the devices must be behind the same NAT (which includes either Ethernet or WiFi), but you can configure it differently in Group Policy and mobile device management (MDM) solutions such as Microsoft Intune. From d97cd72d148e9ed96fa6400a693534167f28d3ba Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 27 Jan 2022 12:41:53 -0800 Subject: [PATCH 26/30] Update troubleshoot-tcpip-netmon.md --- windows/client-management/troubleshoot-tcpip-netmon.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 3ba8c0dd3f..64d8d13db9 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -7,7 +7,7 @@ ms.topic: troubleshooting author: dansimp ms.localizationpriority: medium ms.author: dansimp -ms.date: 12/06/2018 +ms.date: 01/27/2022 ms.reviewer: manager: dansimp ms.collection: highpri @@ -15,7 +15,7 @@ ms.collection: highpri # Collect data using Network Monitor -In this topic, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. +In this article, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. > [!NOTE] > Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). From 609b51c9dc532e97c8efb4124864fb9dfabbfd0b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 27 Jan 2022 12:43:30 -0800 Subject: [PATCH 27/30] Update troubleshoot-tcpip-netmon.md --- windows/client-management/troubleshoot-tcpip-netmon.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/troubleshoot-tcpip-netmon.md b/windows/client-management/troubleshoot-tcpip-netmon.md index 64d8d13db9..7bbb4f70f3 100644 --- a/windows/client-management/troubleshoot-tcpip-netmon.md +++ b/windows/client-management/troubleshoot-tcpip-netmon.md @@ -18,7 +18,7 @@ ms.collection: highpri In this article, you will learn how to use Microsoft Network Monitor 3.4, which is a tool for capturing network traffic. > [!NOTE] -> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). +> Network Monitor is the archived protocol analyzer and is no longer under development. Also, Microsoft Message Analyzer (MMA) was retired and its download packages were removed from microsoft.com sites on November 25, 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, consider using another, non-Microsoft network protocol analyzer tool. For more details, see [Microsoft Message Analyzer Operating Guide](/message-analyzer/microsoft-message-analyzer-operating-guide). To get started, [download Network Monitor tool](https://www.microsoft.com/download/details.aspx?id=4865). When you install Network Monitor, it installs its driver and hooks it to all the network adapters installed on the device. You can see the same on the adapter properties, as shown in the following image: @@ -28,11 +28,11 @@ When the driver gets hooked to the network interface card (NIC) during installat **To capture traffic** -1. Run netmon in an elevated status by choosing Run as Administrator. +1. Run netmon in an elevated status by choosing **Run as Administrator**. ![Image of Start search results for Netmon.](images/nm-start.png) -2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then click **Start**. +2. Network Monitor opens with all network adapters displayed. Select the network adapters where you want to capture traffic, click **New Capture**, and then select **Start**. ![Image of the New Capture option on menu.](images/tcp-ts-4.png) From 98007ce9eb064c8c6581a27002d0ddde5cad7ae8 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 27 Jan 2022 15:14:19 -0800 Subject: [PATCH 28/30] Update understanding-wdac-policy-settings.md --- .../understanding-wdac-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md index d68f3d6a3f..fd7b1f528e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/understanding-wdac-policy-settings.md @@ -1,5 +1,5 @@ --- -title: Understanding WDAC secure settings. +title: Understanding Windows Defender Application Control (WDAC) secure settings description: Learn about secure settings in Windows Defender Application Control. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb From e3472e86b3bd120e1b0b123bc7422f165506689b Mon Sep 17 00:00:00 2001 From: denisebmsft <18405051+denisebmsft@users.noreply.github.comgit> Date: Fri, 28 Jan 2022 11:36:03 -0800 Subject: [PATCH 29/30] Update get-support-for-security-baselines.md --- .../get-support-for-security-baselines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md index c603f7a917..ff87af323d 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 01/24/2022 +ms.date: 01/28/2022 ms.reviewer: ms.technology: windows-sec --- @@ -57,7 +57,7 @@ No. SCM supported only SCAP 1.0, which was not updated as SCAP evolved. The new | Name | Build | Baseline Release Date | Security Tools | | ---- | ----- | --------------------- | -------------- | -| Windows 11 | [](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-security-baseline/ba-p/2810772)
| October 2021
|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | +| Windows 11 | [Windows 11](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-security-baseline/ba-p/2810772)
| October 2021
|[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | | Windows 10 | [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703)
[21H1](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353)
[20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393)
[1909](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093)
[1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082)
[1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)
[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update)| December 2021
May 2021
December 2020
November 2019
October 2018
October 2016
January 2016 |[SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) | Windows 8.1 |[9600 (April Update)](/archive/blogs/secguide/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final)| October 2013| [SCM 4.0](/previous-versions/tn-archive/cc936627(v=technet.10)) | From 3bb40439e4b49af4eee15e5940f9d6844244ee64 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 28 Jan 2022 11:45:29 -0800 Subject: [PATCH 30/30] Update security-compliance-toolkit-10.md --- .../security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md index 3c45b32e97..51f02ea52d 100644 --- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md @@ -11,7 +11,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 01/24/2022 +ms.date: 01/28/2022 ms.reviewer: rmunck ms.technology: windows-sec ---