mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-14 14:27:22 +00:00
Merge branch 'master' into thirdparty
This commit is contained in:
Joey Caparas
commit
1df23f83a6
@ -429,7 +429,7 @@ The following diagram shows the BitLocker configuration service provider in tree
|
|||||||
<p style="margin-left: 20px">The possible values for 'xx' are:</p>
|
<p style="margin-left: 20px">The possible values for 'xx' are:</p>
|
||||||
|
|
||||||
- 0 = Empty
|
- 0 = Empty
|
||||||
- 1 = Use default recovery message and URL.
|
- 1 = Use default recovery message and URL (in this case you don't need to specify a value for "RecoveryMessage_Input" or "RecoveryUrl_Input").
|
||||||
- 2 = Custom recovery message is set.
|
- 2 = Custom recovery message is set.
|
||||||
- 3 = Custom recovery URL is set.
|
- 3 = Custom recovery URL is set.
|
||||||
- 'yy' = string of max length 900.
|
- 'yy' = string of max length 900.
|
||||||
|
|||||||
@ -401,7 +401,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
|
|||||||
Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.
|
Nodes under the PluginProfile are required when using a Microsoft Store based VPN plugin.
|
||||||
|
|
||||||
<a href="" id="vpnv2-profilename-pluginprofile-serverurllist"></a>**VPNv2/***ProfileName***/PluginProfile/ServerUrlList**
|
<a href="" id="vpnv2-profilename-pluginprofile-serverurllist"></a>**VPNv2/***ProfileName***/PluginProfile/ServerUrlList**
|
||||||
Required for plug-in profiles. Comma separated list of servers in URL, hostname, or IP format.
|
Required for plug-in profiles. Semicolon-separated list of servers in URL, hostname, or IP format.
|
||||||
|
|
||||||
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
|
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
|
||||||
|
|
||||||
|
|||||||
@ -106,7 +106,7 @@ The following resources provide additional information about using Windows Updat
|
|||||||
- regsvr32.exe wuwebv.dll
|
- regsvr32.exe wuwebv.dll
|
||||||
7. Reset Winsock. To do this, type the following command at a command prompt, and then press ENTER:
|
7. Reset Winsock. To do this, type the following command at a command prompt, and then press ENTER:
|
||||||
```
|
```
|
||||||
netsh reset winsock
|
netsh winsock reset
|
||||||
```
|
```
|
||||||
8. If you are running Windows XP or Windows Server 2003, you have to set the proxy settings. To do this, type the following command at a command prompt, and then press ENTER:
|
8. If you are running Windows XP or Windows Server 2003, you have to set the proxy settings. To do this, type the following command at a command prompt, and then press ENTER:
|
||||||
```
|
```
|
||||||
|
|||||||
@ -360,9 +360,9 @@ You can turn on or turn off System Center diagnostic data gathering. The default
|
|||||||
|
|
||||||
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
|
The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server 2016 is **Enhanced**.
|
||||||
|
|
||||||
### Configure the operating system diagnostic data level
|
## Configure the operating system diagnostic data level
|
||||||
|
|
||||||
You can configure your operating system diagnostic data settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
|
You can configure your operating system diagnostic data settings using the management tools you’re already using, such as **Group Policy, MDM, or Windows Provisioning.** You can also manually change your settings using Registry Editor. Setting your diagnostic data levels through a management policy sets the upper level for diagnostic data on the device.
|
||||||
|
|
||||||
Use the appropriate value in the table below when you configure the management policy.
|
Use the appropriate value in the table below when you configure the management policy.
|
||||||
|
|
||||||
@ -392,7 +392,7 @@ Use the [Policy Configuration Service Provider (CSP)](https://msdn.microsoft.com
|
|||||||
|
|
||||||
### Use Registry Editor to set the diagnostic data level
|
### Use Registry Editor to set the diagnostic data level
|
||||||
|
|
||||||
Use Registry Editor to manually set the registry level on each device in your organization or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, it will override this registry setting.
|
Use Registry Editor to manually set the registry level on the devices in your organization, or you can write a script to edit the registry. If a management policy already exists, such as Group Policy or MDM, the policy will replace the manually set registry level.
|
||||||
|
|
||||||
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
|
1. Open Registry Editor, and go to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DataCollection**.
|
||||||
|
|
||||||
|
|||||||
@ -21,17 +21,17 @@ ms.date: 01/17/2018
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10, version 1809
|
- Windows 10, version 1809
|
||||||
- Windows 10, version 1803
|
- Windows 10, version 1803
|
||||||
|
|
||||||
## Introduction
|
## Introduction
|
||||||
The Diagnostic Data Viewer is a Windows app that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
|
The Diagnostic Data Viewer is a Windows app that lets you review the Windows diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft.
|
||||||
|
|
||||||
## Install and Use the Diagnostic Data Viewer
|
## Install and Use the Diagnostic Data Viewer
|
||||||
|
|
||||||
You must turn on data viewing and download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
|
You must download the app before you can use the Diagnostic Data Viewer to review your device's diagnostic data.
|
||||||
|
|
||||||
### Turn on data viewing
|
### Turn on data viewing
|
||||||
Before you can use this tool, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device.
|
Before you can use this tool for viewing Windows diagnostic data, you must turn on data viewing in the **Settings** panel. Turning on data viewing lets Windows store your device's diagnostic data until you turn it off. Turning off data viewing stops Windows from collecting your diagnostic data and clears the existing diagnostic data from your device. Note that this setting does not affect your Office data viewing or history.
|
||||||
|
|
||||||
**To turn on data viewing**
|
**To turn on data viewing**
|
||||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||||
@ -44,7 +44,7 @@ Before you can use this tool, you must turn on data viewing in the **Settings**
|
|||||||
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
|
Download the app from the [Microsoft Store Diagnostic Data Viewer](https://www.microsoft.com/en-us/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
|
||||||
|
|
||||||
### Start the Diagnostic Data Viewer
|
### Start the Diagnostic Data Viewer
|
||||||
You must start this app from the **Settings** panel.
|
You can start this app from the **Settings** panel.
|
||||||
|
|
||||||
**To start the Diagnostic Data Viewer**
|
**To start the Diagnostic Data Viewer**
|
||||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||||
@ -58,29 +58,25 @@ You must start this app from the **Settings** panel.
|
|||||||
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
|
3. Close the Diagnostic Data Viewer app, use your device as you normally would for a few days, and then open Diagnostic Data Viewer again to review the updated list of diagnostic data.
|
||||||
|
|
||||||
>[!Important]
|
>[!Important]
|
||||||
>Turning on data viewing can use up to 1GB of disk space on your system drive. We strongly recommend that your turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
|
>Turning on data viewing can use up to 1GB (by default) of disk space on your system drive. We strongly recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article.
|
||||||
|
|
||||||
### Use the Diagnostic Data Viewer
|
### Use the Diagnostic Data Viewer
|
||||||
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
|
The Diagnostic Data Viewer provides you with the following features to view and filter your device's diagnostic data.
|
||||||
|
|
||||||
- **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
|
- **View your Windows diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft.
|
||||||
|
|
||||||
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
|
Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system.
|
||||||
|
|
||||||
>[!Important]
|
>[!Important]
|
||||||
>Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.
|
>Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
|
- **Search your diagnostic events.** The **Search** box at the top of the screen lets you search amongst all of the diagnostic event details. The returned search results include any diagnostic event that contains the matching text.
|
||||||
|
|
||||||
Selecting an event opens the detailed JSON view, with the matching text highlighted.
|
Selecting an event opens the detailed JSON view, with the matching text highlighted.
|
||||||
|
|
||||||
- **Filter your diagnostic event categories.** The apps Menu button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft.
|
- **Filter your diagnostic event categories.** The app's **Menu** button opens the detailed menu. In here, you'll find a list of diagnostic event categories, which define how the events are used by Microsoft. Selecting a check box lets you filter between the diagnostic event categories.
|
||||||
|
|
||||||
Selecting a check box lets you filter between the diagnostic event categories.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If you’re a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
|
- **Help to make your Windows experience better.** Microsoft only needs diagnostic data from a small amount of devices to make big improvements to the Windows operating system and ultimately, your experience. If you’re a part of this small device group and you experience issues, Microsoft will collect the associated event diagnostic data, allowing your info to potentially help fix the issue for others.
|
||||||
|
|
||||||
@ -93,8 +89,20 @@ The Diagnostic Data Viewer provides you with the following features to view and
|
|||||||
>[!Important]
|
>[!Important]
|
||||||
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
|
>All content in the Feedback Hub is publicly viewable. Therefore, make sure you don't put any personal info into your feedback comments.
|
||||||
|
|
||||||
|
- **View a summary of the data you've shared with us over time.** Available for users on build 19H1+, 'About my data' in Diagnostic Data Viewer lets you see an overview of the Windows data you've shared with Microsoft.
|
||||||
|
|
||||||
|
Through this feature, you can checkout how much data you send on average each day, the breakdown of your data by category, the top components and services that have sent data, and more.
|
||||||
|
|
||||||
|
>[!Important]
|
||||||
|
>This content is a reflection of the history of Windows data the app has stored. If you'd like to have extended analyses, please modify the storage capacity of Diagnostic Data Viewer.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## View Office Diagnostic Data
|
||||||
|
By default, Diagnostic Data Viewer shows you Windows data. You can also view Office diagnostic data by enabling the feature in the app settings page. To learn more about how to view Office diagnostic data, please visit this [page](https://go.microsoft.com/fwlink/?linkid=2023830).
|
||||||
|
|
||||||
## Turn off data viewing
|
## Turn off data viewing
|
||||||
When you're done reviewing your diagnostic data, you should turn of data viewing.
|
When you're done reviewing your diagnostic data, you should turn of data viewing. This will also remove your Windows data history. Note that this setting does not affect your Office data viewing or history.
|
||||||
|
|
||||||
**To turn off data viewing**
|
**To turn off data viewing**
|
||||||
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
|
||||||
@ -103,8 +111,24 @@ When you're done reviewing your diagnostic data, you should turn of data viewing
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Modifying the size of your data history
|
||||||
|
By default, Diagnostic Data Viewer shows you up to 1GB or 30 days of data (whichever comes first) for Windows diagnostic data. Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first.
|
||||||
|
|
||||||
|
>[!Important]
|
||||||
|
>Note that if you have [Office diagnostic data viewing enabled](#view-office-diagnostic-data), the Office data history is fixed at 1 GB and cannot be modified.
|
||||||
|
|
||||||
|
**Modify the size of your data history**
|
||||||
|
|
||||||
|
To make changes to the size of your Windows diagnostic data history, visit the **app settings**, located at the bottom of the navigation menu. Data will be incrementally dropped with the oldest data points first once your chosen size or time limit is reached.
|
||||||
|
|
||||||
|
>[!Important]
|
||||||
|
>Decreasing the maximum amount of diagnostic data viewable through the tool will remove all data history and requires a reboot of your device. Additionally, increasing the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## View additional diagnostic data in the View problem reports tool
|
## View additional diagnostic data in the View problem reports tool
|
||||||
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
|
Available on Windows 1809 and higher, you can review additional Windows Error Reporting diagnostic data in the **View problem reports** page within the Diagnostic Data Viewer.
|
||||||
|
|
||||||
This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
|
This page provides you with a summary of various crash reports that are sent to Microsoft as part of Windows Error Reporting.
|
||||||
We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
|
We use this data to find and fix specific issues that are hard to replicate and to improve the Windows operating system.
|
||||||
|
|
||||||
@ -123,3 +147,4 @@ Go to **Start** and search for _Problem Reports_.
|
|||||||
The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft.
|
The **Review problem reports** tool opens, showing you your Windows Error Reporting reports, along with a status about whether it was sent to Microsoft.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
BIN
windows/privacy/images/ddv-analytics.png
Normal file
BIN
windows/privacy/images/ddv-analytics.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 53 KiB |
BIN
windows/privacy/images/ddv-event-view.jpg
Normal file
BIN
windows/privacy/images/ddv-event-view.jpg
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 337 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 149 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 105 KiB After Width: | Height: | Size: 108 KiB |
@ -405,52 +405,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
|||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoints are used to download operating system patches and updates.
|
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
| Source process | Protocol | Destination |
|
||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTP | *.windowsupdate.com |
|
| svchost | HTTP | *.windowsupdate.com |
|
||||||
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
|
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | | cds.d2s7q6s2.hwcdn.net |
|
|
||||||
|
|
||||||
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
|
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | HTTP | *wac.phicdn.net |
|
|
||||||
| | | *wac.edgecastcdn.net |
|
|
||||||
|
|
||||||
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
|
|
||||||
|
|
||||||
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| svchost | | emdl.ws.microsoft.com |
|
|
||||||
|
|
||||||
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
| Source process | Protocol | Destination |
|
||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | fe2.update.microsoft.com |
|
| svchost | HTTPS | *.update.microsoft.com |
|
||||||
| svchost | | fe3.delivery.mp.microsoft.com |
|
| svchost | HTTPS | *.delivery.mp.microsoft.com |
|
||||||
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
|
|
||||||
| svchost | HTTPS | sls.update.microsoft.com |
|
|
||||||
|
|
||||||
The following endpoint is used for content regulation.
|
The following endpoint is used for content regulation.
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
||||||
@ -459,14 +428,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
|||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoints are used to download content.
|
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | | a122.dscd.akamai.net |
|
|
||||||
| | | a1621.g.akamai.net |
|
|
||||||
|
|
||||||
## Microsoft forward link redirection service (FWLink)
|
## Microsoft forward link redirection service (FWLink)
|
||||||
|
|
||||||
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.
|
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.
|
||||||
|
|||||||
@ -410,53 +410,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
|||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoints are used to download operating system patches and updates.
|
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
| Source process | Protocol | Destination |
|
||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTP | *.windowsupdate.com |
|
| svchost | HTTP | *.windowsupdate.com |
|
||||||
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
|
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | | cds.d2s7q6s2.hwcdn.net |
|
|
||||||
|
|
||||||
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
|
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | HTTP | *wac.phicdn.net |
|
|
||||||
| | | *wac.edgecastcdn.net |
|
|
||||||
|
|
||||||
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
|
|
||||||
|
|
||||||
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| svchost | | emdl.ws.microsoft.com |
|
|
||||||
|
|
||||||
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
| Source process | Protocol | Destination |
|
||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | fe2.update.microsoft.com |
|
| svchost | HTTPS | *.update.microsoft.com |
|
||||||
| svchost | | fe3.delivery.mp.microsoft.com |
|
| svchost | HTTPS | *.delivery.mp.microsoft.com |
|
||||||
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
|
|
||||||
| svchost | HTTPS | sls.update.microsoft.com |
|
|
||||||
| | HTTP | *.dl.delivery.mp.microsoft.com |
|
|
||||||
|
|
||||||
The following endpoint is used for content regulation.
|
The following endpoint is used for content regulation.
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
||||||
@ -465,14 +433,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
|||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoints are used to download content.
|
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | | a122.dscd.akamai.net |
|
|
||||||
| | | a1621.g.akamai.net |
|
|
||||||
|
|
||||||
## Microsoft forward link redirection service (FWLink)
|
## Microsoft forward link redirection service (FWLink)
|
||||||
|
|
||||||
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.
|
The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer.
|
||||||
|
|||||||
@ -440,53 +440,21 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
|||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
| svchost | HTTPS | *.prod.do.dsp.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoints are used to download operating system patches and updates.
|
The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store.
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to download updates for the operating system.
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
| Source process | Protocol | Destination |
|
||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTP | *.windowsupdate.com |
|
| svchost | HTTP | *.windowsupdate.com |
|
||||||
| | HTTP | fg.download.windowsupdate.com.c.footprint.net |
|
| svchost | HTTP | *.dl.delivery.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoint is used by the Highwinds Content Delivery Network to perform Windows updates.
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | | cds.d2s7q6s2.hwcdn.net |
|
|
||||||
|
|
||||||
The following endpoints are used by the Verizon Content Delivery Network to perform Windows updates.
|
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not perform updates.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | HTTP | *wac.phicdn.net |
|
|
||||||
| | | *wac.edgecastcdn.net |
|
|
||||||
|
|
||||||
The following endpoint is used to download apps and Windows Insider Preview builds from the Microsoft Store. Time Limited URL (TLU) is a mechanism for protecting the content. For example, it prevents someone from copying the URL and then getting access to the app that the person has not acquired).
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the updating functionality on this device is essentially in a disabled state, resulting in user unable to get apps from the Store, get latest version of Windows, and so on.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| svchost | | *.tlu.dl.delivery.mp.microsoft.com.c.footprint.net |
|
|
||||||
|
|
||||||
The following endpoint is used to download apps from the Microsoft Store. It's used as part of calculating the right ranges for apps.
|
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), users of the device will not able to get apps from the Microsoft Store.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| svchost | | emdl.ws.microsoft.com |
|
|
||||||
|
|
||||||
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
The following endpoints enable connections to Windows Update, Microsoft Update, and the online services of the Store.
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the device will not be able to connect to Windows Update and Microsoft Update to help keep the device secure. Also, the device will not be able to acquire and update apps from the Store.
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
| Source process | Protocol | Destination |
|
||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | fe2.update.microsoft.com |
|
| svchost | HTTPS | *.update.microsoft.com |
|
||||||
| svchost | | fe3.delivery.mp.microsoft.com |
|
| svchost | HTTPS | *.delivery.mp.microsoft.com |
|
||||||
| | | fe3.delivery.dsp.mp.microsoft.com.nsatc.net |
|
|
||||||
| svchost | HTTPS | sls.update.microsoft.com |
|
|
||||||
| | HTTP | *.dl.delivery.mp.microsoft.com |
|
|
||||||
|
|
||||||
The following endpoint is used for content regulation.
|
The following endpoint is used for content regulation.
|
||||||
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
If you [turn off traffic for this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), the Windows Update Agent will be unable to contact the endpoint and fallback behavior will be used. This may result in content being either incorrectly downloaded or not downloaded at all.
|
||||||
@ -495,13 +463,6 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
|
|||||||
|----------------|----------|------------|
|
|----------------|----------|------------|
|
||||||
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
| svchost | HTTPS | tsfe.trafficshaping.dsp.mp.microsoft.com |
|
||||||
|
|
||||||
The following endpoints are used to download content.
|
|
||||||
If you [turn off traffic for these endpoints](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-wu), you will block any content from being downloaded.
|
|
||||||
|
|
||||||
| Source process | Protocol | Destination |
|
|
||||||
|----------------|----------|------------|
|
|
||||||
| | | a122.dscd.akamai.net |
|
|
||||||
| | | a1621.g.akamai.net |
|
|
||||||
|
|
||||||
## Microsoft forward link redirection service (FWLink)
|
## Microsoft forward link redirection service (FWLink)
|
||||||
|
|
||||||
|
|||||||
@ -40,52 +40,52 @@ We used the following methodology to derive these network endpoints:
|
|||||||
|
|
||||||
| **Destination** | **Protocol** | **Description** |
|
| **Destination** | **Protocol** | **Description** |
|
||||||
| --- | --- | --- |
|
| --- | --- | --- |
|
||||||
|*.aria.microsoft.com* | HTTPS | Office Telemetry
|
|\*.aria.microsoft.com\* | HTTPS | Office Telemetry
|
||||||
|*.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update.
|
|\*.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update.
|
||||||
|*.download.windowsupdate.com* | HTTP | Used to download operating system patches and updates.
|
|\*.download.windowsupdate.com\* | HTTP | Used to download operating system patches and updates.
|
||||||
|*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|
|\*.g.akamai.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use.
|
||||||
|*.msn.com* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|
|\*.msn.com\* |TLSv1.2/HTTPS | Windows Spotlight related traffic
|
||||||
|*.Skype.com | HTTP/HTTPS | Skype related traffic
|
|\*.Skype.com | HTTP/HTTPS | Skype related traffic
|
||||||
|*.smartscreen.microsoft.com* | HTTPS | Windows Defender Smartscreen related traffic
|
|\*.smartscreen.microsoft.com\* | HTTPS | Windows Defender Smartscreen related traffic
|
||||||
|*.telecommand.telemetry.microsoft.com* | HTTPS | Used by Windows Error Reporting.
|
|\*.telecommand.telemetry.microsoft.com\* | HTTPS | Used by Windows Error Reporting.
|
||||||
|*cdn.onenote.net* | HTTP | OneNote related traffic
|
|\*cdn.onenote.net* | HTTP | OneNote related traffic
|
||||||
|*displaycatalog.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|
|\*displaycatalog.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|
||||||
|*emdl.ws.microsoft.com* | HTTP | Windows Update related traffic
|
|\*emdl.ws.microsoft.com\* | HTTP | Windows Update related traffic
|
||||||
|*geo-prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
|\*geo-prod.do.dsp.mp.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
||||||
|*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|
|\*hwcdn.net* | HTTP | Used by the Highwinds Content Delivery Network to perform Windows updates.
|
||||||
|*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|
|\*img-prod-cms-rt-microsoft-com.akamaized.net* | HTTPS | Used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps).
|
||||||
|*maps.windows.com* | HTTPS | Related to Maps application.
|
|\*maps.windows.com\* | HTTPS | Related to Maps application.
|
||||||
|*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|
|\*msedge.net* | HTTPS | Used by OfficeHub to get the metadata of Office apps.
|
||||||
|*nexusrules.officeapps.live.com* | HTTPS | Office Telemetry
|
|\*nexusrules.officeapps.live.com\* | HTTPS | Office Telemetry
|
||||||
|*photos.microsoft.com* | HTTPS | Photos App related traffic
|
|\*photos.microsoft.com\* | HTTPS | Photos App related traffic
|
||||||
|*prod.do.dsp.mp.microsoft.com* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|
|\*prod.do.dsp.mp.microsoft.com\* |TLSv1.2/HTTPS | Used for Windows Update downloads of apps and OS updates.
|
||||||
|*wac.phicdn.net* | HTTP | Windows Update related traffic
|
|\*wac.phicdn.net* | HTTP | Windows Update related traffic
|
||||||
|*windowsupdate.com* | HTTP | Windows Update related traffic
|
|\*windowsupdate.com\* | HTTP | Windows Update related traffic
|
||||||
|*wns.windows.com* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|
|\*wns.windows.com\* | HTTPS, TLSv1.2 | Used for the Windows Push Notification Services (WNS).
|
||||||
|*wpc.v0cdn.net* | | Windows Telemetry related traffic
|
|\*wpc.v0cdn.net* | | Windows Telemetry related traffic
|
||||||
|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js | | MSA related
|
|auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js | | MSA related
|
||||||
|evoke-windowsservices-tas.msedge* | HTTPS | The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
|
|evoke-windowsservices-tas.msedge* | HTTPS | The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office Online. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
|
||||||
|fe2.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
|fe2.update.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
||||||
|fe3.*.mp.microsoft.com.* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
|fe3.\*.mp.microsoft.com.\* |TLSv1.2/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
|
||||||
|fs.microsoft.com | | Font Streaming (in ENT traffic)
|
|fs.microsoft.com | | Font Streaming (in ENT traffic)
|
||||||
|g.live.com* | HTTPS | Used by OneDrive
|
|g.live.com\* | HTTPS | Used by OneDrive
|
||||||
|iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
|
|iriscoremetadataprod.blob.core.windows.net | HTTPS | Windows Telemetry
|
||||||
|mscrl.micorosoft.com | | Certificate Revocation List related traffic.
|
|mscrl.microsoft.com | | Certificate Revocation List related traffic.
|
||||||
|ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|
|ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities.
|
||||||
|officeclient.microsoft.com | HTTPS | Office related traffic.
|
|officeclient.microsoft.com | HTTPS | Office related traffic.
|
||||||
|oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates.
|
|oneclient.sfx.ms* | HTTPS | Used by OneDrive for Business to download and verify app updates.
|
||||||
|purchase.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|
|purchase.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|
||||||
|query.prod.cms.rt.microsoft.com* | HTTPS | Used to retrieve Windows Spotlight metadata.
|
|query.prod.cms.rt.microsoft.com\* | HTTPS | Used to retrieve Windows Spotlight metadata.
|
||||||
|ris.api.iris.microsoft.com* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|
|ris.api.iris.microsoft.com\* |TLSv1.2/HTTPS | Used to retrieve Windows Spotlight metadata.
|
||||||
|ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
|
|ris-prod-atm.trafficmanager.net | HTTPS | Azure traffic manager
|
||||||
|settings.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
|settings.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
||||||
|settings-win.data.microsoft.com* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
|settings-win.data.microsoft.com\* | HTTPS | Used for Windows apps to dynamically update their configuration.
|
||||||
|sls.update.microsoft.com* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
|sls.update.microsoft.com\* |TLSv1.2/HTTPS | Enables connections to Windows Update.
|
||||||
|store*.dsx.mp.microsoft.com* | HTTPS | Used to communicate with Microsoft Store.
|
|store*.dsx.mp.microsoft.com\* | HTTPS | Used to communicate with Microsoft Store.
|
||||||
|storecatalogrevocation.storequality.microsoft.com* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|
|storecatalogrevocation.storequality.microsoft.com\* | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store.
|
||||||
|store-images.s-microsoft.com* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|
|store-images.s-microsoft.com\* | HTTP | Used to get images that are used for Microsoft Store suggestions.
|
||||||
|tile-service.weather.microsoft.com* | HTTP | Used to download updates to the Weather app Live Tile.
|
|tile-service.weather.microsoft.com\* | HTTP | Used to download updates to the Weather app Live Tile.
|
||||||
|tsfe.trafficshaping.dsp.mp.microsoft.com* |TLSv1.2 | Used for content regulation.
|
|tsfe.trafficshaping.dsp.mp.microsoft.com\* |TLSv1.2 | Used for content regulation.
|
||||||
|v10.events.data.microsoft.com | HTTPS | Diagnostic Data
|
|v10.events.data.microsoft.com | HTTPS | Diagnostic Data
|
||||||
|wdcp.microsoft.* |TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled.
|
|wdcp.microsoft.* |TLSv1.2 | Used for Windows Defender when Cloud-based Protection is enabled.
|
||||||
|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender related traffic.
|
|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com | HTTPS | Windows Defender related traffic.
|
||||||
@ -111,7 +111,7 @@ We used the following methodology to derive these network endpoints:
|
|||||||
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
|
| ipv4.login.msa.akadns6.net | HTTPS | Used for Microsoft accounts to sign in. |
|
||||||
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
|
| location-inference-westus.cloudapp.net | HTTPS | Used for location data. |
|
||||||
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
||||||
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
||||||
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
|
| ris.api.iris.microsoft.com.akadns.net | HTTPS | Used to retrieve Windows Spotlight metadata. |
|
||||||
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
|
| tile-service.weather.microsoft.com/* | HTTP | Used to download updates to the Weather app Live Tile. |
|
||||||
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
|
| tsfe.trafficshaping.dsp.mp.microsoft.com | HTTPS | Used for content regulation. |
|
||||||
@ -127,10 +127,10 @@ We used the following methodology to derive these network endpoints:
|
|||||||
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
|
| *.g.akamaiedge.net | HTTPS | Used to check for updates to maps that have been downloaded for offline use. |
|
||||||
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
|
| *.s-msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. |
|
||||||
| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
| *.telecommand.telemetry.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
||||||
| *.tlu.dl.delivery.mp.microsoft.com* | HTTP | Enables connections to Windows Update. |
|
| *.tlu.dl.delivery.mp.microsoft.com\* | HTTP | Enables connections to Windows Update. |
|
||||||
| *.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
|
| *.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
|
||||||
| *geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
|
| *geo-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
|
||||||
| au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
|
| au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
|
||||||
| cdn.onenote.net/livetile/* | HTTPS | Used for OneNote Live Tile. |
|
| cdn.onenote.net/livetile/* | HTTPS | Used for OneNote Live Tile. |
|
||||||
| client-office365-tas.msedge.net/* | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
|
| client-office365-tas.msedge.net/* | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office Online. |
|
||||||
| config.edge.skype.com/* | HTTPS | Used to retrieve Skype configuration values. |
|
| config.edge.skype.com/* | HTTPS | Used to retrieve Skype configuration values. |
|
||||||
@ -151,7 +151,7 @@ We used the following methodology to derive these network endpoints:
|
|||||||
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application |
|
| maps.windows.com/windows-app-web-link | HTTPS | Link to Maps application |
|
||||||
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
| modern.watson.data.microsoft.com.akadns.net | HTTPS | Used by Windows Error Reporting. |
|
||||||
| ocos-office365-s2s.msedge.net/* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
|
| ocos-office365-s2s.msedge.net/* | HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
|
||||||
| ocsp.digicert.com* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
| ocsp.digicert.com\* | HTTP | CRL and OCSP checks to the issuing certificate authorities. |
|
||||||
| oneclient.sfx.ms/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
|
| oneclient.sfx.ms/* | HTTPS | Used by OneDrive for Business to download and verify app updates. |
|
||||||
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
|
| settings-win.data.microsoft.com/settings/* | HTTPS | Used as a way for apps to dynamically update their configuration. |
|
||||||
| sls.update.microsoft.com/* | HTTPS | Enables connections to Windows Update. |
|
| sls.update.microsoft.com/* | HTTPS | Enables connections to Windows Update. |
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: explore
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -6,8 +6,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
---
|
---
|
||||||
title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business)
|
title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business)
|
||||||
description: Provisioning for Hybrid Windows Hello for Business Deployments
|
description: Provisioning for Hybrid Windows Hello for Business Deployments
|
||||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
@ -18,7 +18,7 @@ ms.date: 08/19/2018
|
|||||||
# Hybrid Windows Hello for Business Provisioning
|
# Hybrid Windows Hello for Business Provisioning
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10, version 1703 or later
|
- Windows 10, version 1703 or later
|
||||||
- Hybrid deployment
|
- Hybrid deployment
|
||||||
- Certificate trust
|
- Certificate trust
|
||||||
|
|
||||||
@ -65,7 +65,7 @@ After a successful key registration, Windows creates a certificate request using
|
|||||||
|
|
||||||
The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
|
The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
|
||||||
|
|
||||||
The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user they can use their PIN to sign-in through the Windows Action Center.
|
The certificate authority validates the certificate was signed by the registration authority. On successful validation of the signature, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user’s certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user they can use their PIN to sign-in through the Windows Action Center.
|
||||||
|
|
||||||
<br><br>
|
<br><br>
|
||||||
|
|
||||||
@ -77,5 +77,5 @@ The certificate authority validates the certificate was signed by the registrati
|
|||||||
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
|
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
|
||||||
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
|
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
|
||||||
5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md)
|
5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md)
|
||||||
6. Sign-in and Provision(*You are here*)
|
6. Sign-in and Provision(*You are here*)
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
---
|
---
|
||||||
title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business)
|
title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business)
|
||||||
description: Provisioning for Hybrid Windows Hello for Business Deployments
|
description: Provisioning for Hybrid Windows Hello for Business Deployments
|
||||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
@ -18,7 +18,7 @@ ms.date: 08/20/2018
|
|||||||
# Hybrid Windows Hello for Business Provisioning
|
# Hybrid Windows Hello for Business Provisioning
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10, version 1703 or later
|
- Windows 10, version 1703 or later
|
||||||
- Hybrid deployment
|
- Hybrid deployment
|
||||||
- Key trust
|
- Key trust
|
||||||
|
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -9,7 +9,7 @@ ms.pagetype: security, mobile
|
|||||||
author: DaniHalfin
|
author: DaniHalfin
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mikestephens-MS
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -8,8 +8,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security
|
ms.pagetype: security
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: security, mobile
|
ms.pagetype: security, mobile
|
||||||
audience: ITPro
|
audience: ITPro
|
||||||
author: mikestephens-MS
|
author: mapalko
|
||||||
ms.author: mstephen
|
ms.author: mapalko
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.collection: M365-identity-device-management
|
ms.collection: M365-identity-device-management
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
|
|||||||
@ -228,6 +228,7 @@
|
|||||||
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||||
###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
###### [Onboard servers](windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||||
###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
###### [Onboard non-Windows machines](windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||||
|
###### [Onboard machines without Internet access](windows-defender-atp/onboard-offline-machines.md)
|
||||||
###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
|
###### [Run a detection test on a newly onboarded machine](windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md)
|
||||||
###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
|
###### [Run simulated attacks on machines](windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md)
|
||||||
###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
###### [Configure proxy and Internet connectivity settings](windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -17,37 +17,48 @@ ms.date: 04/19/2017
|
|||||||
- Windows Server 2016
|
- Windows Server 2016
|
||||||
|
|
||||||
|
|
||||||
This event is logged if the Windows Filtering Platform has blocked a bind to a local port.
|
<img src="images/event-5159.png" alt="Event 5159 illustration" width="491" height="466" hspace="10" align="left" />
|
||||||
|
|
||||||
There is no example of this event in this document.
|
|
||||||
|
|
||||||
***Subcategory:*** [Audit Filtering Platform Connection](audit-filtering-platform-connection.md)
|
***Subcategory:*** [Audit Filtering Platform Connection](audit-filtering-platform-connection.md)
|
||||||
|
|
||||||
***Event Schema:***
|
***Event Description:***
|
||||||
|
|
||||||
*The Windows Filtering Platform has blocked a bind to a local port.*
|
This event is logged if the Windows Filtering Platform has blocked a bind to a local port.
|
||||||
|
|
||||||
*Application Information:*
|
<br clear="all">
|
||||||
|
|
||||||
> *Process ID:%1*
|
***Event XML:***
|
||||||
>
|
```
|
||||||
> *Application Name:%2*
|
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
|
||||||
|
- <System>
|
||||||
|
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
|
||||||
|
<EventID>5159</EventID>
|
||||||
|
<Version>0</Version>
|
||||||
|
<Level>0</Level>
|
||||||
|
<Task>12810</Task>
|
||||||
|
<Opcode>0</Opcode>
|
||||||
|
<Keywords>0x8010000000000000</Keywords>
|
||||||
|
<TimeCreated SystemTime="2019-04-19T07:36:55.955388300Z" />
|
||||||
|
<EventRecordID>44097</EventRecordID>
|
||||||
|
<Correlation />
|
||||||
|
<Execution ProcessID="4" ThreadID="6480" />
|
||||||
|
<Channel>Security</Channel>
|
||||||
|
<Computer>DC01.contoso.local</Computer>
|
||||||
|
<Security />
|
||||||
|
</System>
|
||||||
|
- <EventData>
|
||||||
|
<Data Name="ProcessId">7924</Data>
|
||||||
|
<Data Name="Application">\device\harddiskvolume2\users\test\desktop\netcat\nc.exe</Data>
|
||||||
|
<Data Name="SourceAddress">0.0.0.0</Data>
|
||||||
|
<Data Name="SourcePort">5555</Data>
|
||||||
|
<Data Name="Protocol">6</Data>
|
||||||
|
<Data Name="FilterRTID">84614</Data>
|
||||||
|
<Data Name="LayerName">%%14608</Data>
|
||||||
|
<Data Name="LayerRTID">36</Data>
|
||||||
|
</EventData>
|
||||||
|
</Event>
|
||||||
|
|
||||||
*Network Information:*
|
```
|
||||||
|
|
||||||
> *Source Address:%3*
|
|
||||||
>
|
|
||||||
> *Source Port:%4*
|
|
||||||
>
|
|
||||||
> *Protocol:%5*
|
|
||||||
|
|
||||||
*Filter Information:*
|
|
||||||
|
|
||||||
> *Filter Run-Time ID:%6*
|
|
||||||
>
|
|
||||||
> *Layer Name:%7*
|
|
||||||
>
|
|
||||||
> *Layer Run-Time ID:%8*
|
|
||||||
|
|
||||||
***Required Server Roles:*** None.
|
***Required Server Roles:*** None.
|
||||||
|
|
||||||
@ -55,6 +66,76 @@ There is no example of this event in this document.
|
|||||||
|
|
||||||
***Event Versions:*** 0.
|
***Event Versions:*** 0.
|
||||||
|
|
||||||
|
***Field Descriptions:***
|
||||||
|
|
||||||
|
**Application Information**:
|
||||||
|
|
||||||
|
- **Process ID** \[Type = Pointer\]: hexadecimal Process ID of the process which was permitted to bind to the local port. Process ID (PID) is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
|
||||||
|
|
||||||
|
<img src="images/task-manager.png" alt="Task manager illustration" width="585" height="375" />
|
||||||
|
|
||||||
|
If you convert the hexadecimal value to decimal, you can compare it to the values in Task Manager.
|
||||||
|
|
||||||
|
You can also correlate this process ID with a process ID in other events, for example, “[4688](event-4688.md): A new process has been created” **Process Information\\New Process ID**.
|
||||||
|
|
||||||
|
<!-- -->
|
||||||
|
|
||||||
|
- **Application Name** \[Type = UnicodeString\]**:** full path and the name of the executable for the process.
|
||||||
|
|
||||||
|
Logical disk is displayed in format \\device\\harddiskvolume\#. You can get all local volume numbers by using **diskpart** utility. The command to get volume numbers using diskpart is “**list volume”**:
|
||||||
|
|
||||||
|
<img src="images/diskpart.png" alt="DiskPart illustration" width="786" height="246" />
|
||||||
|
|
||||||
|
**Network Information:**
|
||||||
|
|
||||||
|
- **Source Address** \[Type = UnicodeString\]**:** the local IP address of the computer running the application.
|
||||||
|
|
||||||
|
- IPv4 Address
|
||||||
|
|
||||||
|
- IPv6 Address
|
||||||
|
|
||||||
|
- :: - all IP addresses in IPv6 format
|
||||||
|
|
||||||
|
- 0.0.0.0 - all IP addresses in IPv4 format
|
||||||
|
|
||||||
|
- 127.0.0.1 , ::1 - localhost
|
||||||
|
|
||||||
|
- **Source Port** \[Type = UnicodeString\]**:** the port number used by the application.
|
||||||
|
|
||||||
|
- **Protocol** \[Type = UInt32\]: the protocol number being used.
|
||||||
|
|
||||||
|
| Service | Protocol Number |
|
||||||
|
|----------------------------------------------------|-----------------|
|
||||||
|
| Internet Control Message Protocol (ICMP) | 1 |
|
||||||
|
| Transmission Control Protocol (TCP) | 6 |
|
||||||
|
| User Datagram Protocol (UDP) | 17 |
|
||||||
|
| General Routing Encapsulation (PPTP data over GRE) | 47 |
|
||||||
|
| Authentication Header (AH) IPSec | 51 |
|
||||||
|
| Encapsulation Security Payload (ESP) IPSec | 50 |
|
||||||
|
| Exterior Gateway Protocol (EGP) | 8 |
|
||||||
|
| Gateway-Gateway Protocol (GGP) | 3 |
|
||||||
|
| Host Monitoring Protocol (HMP) | 20 |
|
||||||
|
| Internet Group Management Protocol (IGMP) | 88 |
|
||||||
|
| MIT Remote Virtual Disk (RVD) | 66 |
|
||||||
|
| OSPF Open Shortest Path First | 89 |
|
||||||
|
| PARC Universal Packet Protocol (PUP) | 12 |
|
||||||
|
| Reliable Datagram Protocol (RDP) | 27 |
|
||||||
|
| Reservation Protocol (RSVP) QoS | 46 |
|
||||||
|
|
||||||
|
**Filter Information:**
|
||||||
|
|
||||||
|
- **Filter Run-Time ID** \[Type = UInt64\]: unique filter ID which blocks the application from binding to the port. By default, Windows firewall won't prevent a port from binding by an application, and if this application doesn’t match any filters, you will get value 0 in this field.
|
||||||
|
|
||||||
|
To find specific Windows Filtering Platform filter by ID you need to execute the following command: **netsh wfp show filters**. As a result of this command, **filters.xml** file will be generated. You need to open this file and find the specific substring with the required filter ID (**<filterId>**)**,** for example:
|
||||||
|
|
||||||
|
<img src="images/filters-xml-file.png" alt="Filters.xml file illustration" width="840" height="176" />
|
||||||
|
|
||||||
|
- **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
|
||||||
|
|
||||||
|
- **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find specific Windows Filtering Platform layer ID you need to execute the following command: **netsh wfp show state**. As result of this command **wfpstate.xml** file will be generated. You need to open this file and find specific substring with required layer ID (**<layerId>**)**,** for example:
|
||||||
|
|
||||||
|
<img src="images/wfpstate-xml.png" alt="Wfpstate xml illustration" width="1563" height="780" />
|
||||||
|
|
||||||
## Security Monitoring Recommendations
|
## Security Monitoring Recommendations
|
||||||
|
|
||||||
- There is no recommendation for this event in this document.
|
- There is no recommendation for this event in this document.
|
||||||
|
|||||||
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
@ -227,6 +227,7 @@
|
|||||||
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
|
||||||
##### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
##### [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
|
||||||
##### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
##### [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
|
||||||
|
##### [Onboard machines without Internet access](onboard-offline-machines.md)
|
||||||
##### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
|
##### [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md)
|
||||||
##### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
|
##### [Run simulated attacks on machines](attack-simulations-windows-defender-advanced-threat-protection.md)
|
||||||
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
##### [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
|
||||||
|
|||||||
@ -19,12 +19,9 @@ ms.topic: article
|
|||||||
# Add or Remove Machine Tags API
|
# Add or Remove Machine Tags API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
This API adds or remove tag to a specific machine.
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
- Adds or remove tag to a specific machine.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -20,8 +20,6 @@ ms.topic: article
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Represents an alert entity in Windows Defender ATP.
|
Represents an alert entity in Windows Defender ATP.
|
||||||
|
|
||||||
# Methods
|
# Methods
|
||||||
|
|||||||
@ -14,18 +14,16 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Collect investigation package API
|
# Collect investigation package API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Collect investigation package from a machine.
|
Collect investigation package from a machine.
|
||||||
|
|
||||||
[!include[Machine actions note](machineactionsnote.md)]
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -21,7 +21,7 @@ ms.date: 04/11/2019
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
[!include[Prerelease information](prerelease.md)]
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page.
|
> Secure score is now part of Threat & Vulnerability Management as Configuration score. We’ll keep the secure score page available for a few weeks. View the [Secure score](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection) page.
|
||||||
|
|||||||
@ -20,7 +20,7 @@ ms.topic: article
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Windows Defender Advanced Threat Protection Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
[!include[Prerelease information](prerelease.md)]
|
||||||
|
|
||||||
This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft System Center Configuration Manager (SCCM) for a seamless collaboration of issue remediation.
|
This section guides you through the steps you need to take to configure Threat & Vulnerability Management's integration with Microsoft Intune or Microsoft System Center Configuration Manager (SCCM) for a seamless collaboration of issue remediation.
|
||||||
|
|
||||||
|
|||||||
@ -23,7 +23,7 @@ ms.date: 02/28/2019
|
|||||||
|
|
||||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease<EFBFBD>information](prerelease.md)]
|
[!include[Prerelease information](prerelease.md)]
|
||||||
|
|
||||||
## Before you begin
|
## Before you begin
|
||||||
To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview.
|
To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview.
|
||||||
|
|||||||
@ -14,16 +14,12 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Create alert from event API
|
# Create alert from event API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
|
||||||
|
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity.
|
Enables using event data, as obtained from the [Advanced Hunting](run-advanced-query-api.md) for creating a new alert entity.
|
||||||
|
|||||||
@ -21,10 +21,9 @@ ms.topic: article
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
>[!Note]
|
>[!Note]
|
||||||
> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
> Currently this API is only supported for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
|
||||||
|
|
||||||
|
|
||||||
- Deletes an Indicator entity by ID.
|
- Deletes an Indicator entity by ID.
|
||||||
|
|||||||
@ -19,12 +19,11 @@ ms.date: 09/03/2018
|
|||||||
|
|
||||||
# Use Windows Defender ATP APIs
|
# Use Windows Defender ATP APIs
|
||||||
|
|
||||||
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
|
This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
|
||||||
|
|
||||||
|
|||||||
@ -19,11 +19,11 @@ ms.date: 09/03/2018
|
|||||||
|
|
||||||
# Create an app to access Windows Defender ATP without a user
|
# Create an app to access Windows Defender ATP without a user
|
||||||
|
|
||||||
**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
This page describes how to create an application to get programmatic access to Windows Defender ATP without a user.
|
This page describes how to create an application to get programmatic access to Windows Defender ATP without a user.
|
||||||
|
|
||||||
|
|||||||
@ -21,8 +21,6 @@ ms.date: 09/24/2018
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
Full scenario using multiple APIs from Windows Defender ATP.
|
Full scenario using multiple APIs from Windows Defender ATP.
|
||||||
|
|
||||||
|
|||||||
@ -14,18 +14,17 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 11/15/2018
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# OData queries with Windows Defender ATP
|
# OData queries with Windows Defender ATP
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
- If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
|
|
||||||
|
|
||||||
- Not all properties are filterable.
|
If you are not familiar with OData queries, see: [OData V4 queries](https://www.odata.org/documentation/)
|
||||||
|
|
||||||
|
Not all properties are filterable.
|
||||||
|
|
||||||
### Properties that supports $filter:
|
### Properties that supports $filter:
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,6 @@ ms.topic: article
|
|||||||
**Applies to:**
|
**Applies to:**
|
||||||
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Represent a file entity in Windows Defender ATP.
|
Represent a file entity in Windows Defender ATP.
|
||||||
|
|
||||||
|
|||||||
@ -19,11 +19,8 @@ ms.date: 07/25/2018
|
|||||||
|
|
||||||
# Find machine information by internal IP API
|
# Find machine information by internal IP API
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
|
||||||
|
|
||||||
|
|
||||||
Find a machine by internal IP.
|
Find a machine by internal IP.
|
||||||
|
|||||||
@ -14,19 +14,16 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Find machines by internal IP API
|
# Find machines by internal IP API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp
|
||||||
|
|
||||||
- Find machines seen with the requested internal IP in the time range of 15 minutes prior and after a given timestamp
|
The given timestamp must be in the past 30 days.
|
||||||
- The given timestamp must be in the past 30 days.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -14,14 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert information by ID API
|
# Get alert information by ID API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Retrieves an alert by its ID.
|
Retrieves an alert by its ID.
|
||||||
|
|
||||||
|
|||||||
@ -14,14 +14,12 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert related domain information API
|
# Get alert related domain information API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Retrieves all domains related to a specific alert.
|
Retrieves all domains related to a specific alert.
|
||||||
|
|
||||||
|
|||||||
@ -14,14 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert related files information API
|
# Get alert related files information API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Retrieves all files related to a specific alert.
|
Retrieves all files related to a specific alert.
|
||||||
|
|
||||||
|
|||||||
@ -14,14 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert related IP information API
|
# Get alert related IP information API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
Retrieves all IPs related to a specific alert.
|
Retrieves all IPs related to a specific alert.
|
||||||
|
|||||||
@ -14,17 +14,13 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert related machine information API
|
# Get alert related machine information API
|
||||||
|
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
Retrieves machine that is related to a specific alert.
|
||||||
|
|
||||||
- Retrieves machine that is related to a specific alert.
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -14,14 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get alert related user information API
|
# Get alert related user information API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
Retrieves the user associated to a specific alert.
|
Retrieves the user associated to a specific alert.
|
||||||
|
|||||||
@ -14,21 +14,20 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# List alerts API
|
# List alerts API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
Retrieves a collection of Alerts.
|
||||||
|
|
||||||
|
Supports [OData V4 queries](https://www.odata.org/documentation/).
|
||||||
|
|
||||||
- Retrieves a collection of Alerts.
|
The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
|
||||||
- Supports [OData V4 queries](https://www.odata.org/documentation/).
|
|
||||||
- The OData's Filter query is supported on: "Id", "IncidentId", "AlertCreationTime", "Status", "Severity" and "Category".
|
See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
||||||
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
|
|
||||||
|
|
||||||
## Permissions
|
## Permissions
|
||||||
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
|
||||||
|
|||||||
@ -14,19 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get domain related alerts API
|
# Get domain related alerts API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Retrieves a collection of alerts related to a given domain address.
|
Retrieves a collection of alerts related to a given domain address.
|
||||||
|
|
||||||
|
|||||||
@ -14,14 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get domain related machines API
|
# Get domain related machines API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Retrieves a collection of machines that have communicated to or from a given domain address.
|
Retrieves a collection of machines that have communicated to or from a given domain address.
|
||||||
|
|
||||||
|
|||||||
@ -14,15 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get domain statistics API
|
# Get domain statistics API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
|
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
Retrieves the prevalence for the given domain.
|
Retrieves the prevalence for the given domain.
|
||||||
|
|
||||||
|
|||||||
@ -14,16 +14,11 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 12/08/2017
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Get file information API
|
# Get file information API
|
||||||
**Applies to:**
|
**Applies to:**
|
||||||
|
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
|
||||||
|
|
||||||
[!include[Prerelease information](prerelease.md)]
|
|
||||||
|
|
||||||
|
|
||||||
Retrieves a file by identifier Sha1, Sha256, or MD5.
|
Retrieves a file by identifier Sha1, Sha256, or MD5.
|
||||||
|
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user