From 9cf817231f8ab09c2232c6a92a158c78bb77d625 Mon Sep 17 00:00:00 2001 From: arottem Date: Mon, 23 Jul 2018 14:29:40 -0700 Subject: [PATCH 1/6] Update licensing and brand Update to reflect ASR in E3 and the up to date content of WD ATP --- .../windows-defender-exploit-guard.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index a7574b02af..aa73196ed9 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -53,10 +53,9 @@ You can also [enable audit mode](audit-windows-defender-exploit-guard.md) for th >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how each of them work. Windows Defender EG can be managed and reported on in the Windows Defender Security Center as part of the Windows Defender Advanced Threat Protection suite of threat mitigation, preventing, protection, and analysis technologies, which also includes: -- [The Windows Defender ATP console](../windows-defender-atp/windows-defender-advanced-threat-protection.md) +- [Windows Defender Security Center](../windows-defender-atp/windows-defender-security-center-atp) - [Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -- [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) -- Windows Defender Device Guard +- [Windows Defender Application Control](../windows-defender-application-control/windows-defender-application-control) - [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md) You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works. @@ -76,7 +75,7 @@ This section covers requirements for each feature in Windows Defender EG. | Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 | | ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: | | Exploit protection | ![supported](./images/ball_50.png) | ![supported](./images/ball_50.png) | ![supported, enhanced](./images/ball_75.png) | ![supported, full reporting](./images/ball_full.png) | -| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, full reporting](./images/ball_full.png) | +| Attack surface reduction | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | | Network protection | ![not supported](./images/ball_empty.png) | ![not supported](./images/ball_empty.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | | Controlled folder access | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, limited reporting](./images/ball_50.png) | ![supported, full reporting](./images/ball_full.png) | From f46fcc896da550951739c3a71604fb6379ef9425 Mon Sep 17 00:00:00 2001 From: Mihai Peicu <41653989+MihaiSP@users.noreply.github.com> Date: Tue, 24 Jul 2018 17:17:57 -0700 Subject: [PATCH 2/6] Fixed default values for 2 fields, and adjusted the statment on atomicity for more clarity. --- windows/client-management/mdm/firewall-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 1a552c057a..57a80b55f0 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -14,7 +14,7 @@ ms.date: 01/26/2018 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709. -Firewall configuration commands must be wrapped in an Atomic block in SyncML. +Each of the Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML. For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/en-us/library/mt620101.aspx). @@ -284,7 +284,7 @@ Sample syncxml to provision the firewall settings to evaluate **FirewallRules/_FirewallRuleName_/Enabled**

Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. -

If not specified - a new rule is disabled by default.

+

If not specified - a new rule is enabled by default.

Boolean value. Supported operations are Get and Replace.

**FirewallRules/_FirewallRuleName_/Profiles** @@ -310,7 +310,7 @@ Sample syncxml to provision the firewall settings to evaluate

Value type is string. Supported operations are Get and Replace.

From fadc0b19e54f7f975ea5db507477672974b4b71b Mon Sep 17 00:00:00 2001 From: mistermik Date: Tue, 24 Jul 2018 20:12:49 -0700 Subject: [PATCH 3/6] A parameter cannot be found that matches parameter name 'IncludeManageTools' Add-WindowsFeature Adcs-Cert-Authority does not have an 'IncludeManageTools' parameter. --- .../hello-for-business/hello-hybrid-key-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 11d1a66100..1a48a21306 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -60,7 +60,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o 1. Open an elevated Windows PowerShell prompt. 2. Use the following command to install the Active Directory Certificate Services role. ```PowerShell - Add-WindowsFeature Adcs-Cert-Authority -IncludeManageTools + Add-WindowsFeature Adcs-Cert-Authority ``` 3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration. From cda330c3bc02f81e433616bc89d5ec9b6e49a351 Mon Sep 17 00:00:00 2001 From: mistermik Date: Tue, 24 Jul 2018 20:22:45 -0700 Subject: [PATCH 4/6] Update cmdlet with correct parameter There is a typo into the cmdlet, -IncludeManageTools should be changed to -IncludeManagementTools --- .../hello-for-business/hello-hybrid-key-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 1a48a21306..f986fd3e0e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -60,7 +60,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o 1. Open an elevated Windows PowerShell prompt. 2. Use the following command to install the Active Directory Certificate Services role. ```PowerShell - Add-WindowsFeature Adcs-Cert-Authority + add-windowsfeature adcs-cert-authority -IncludeManagementTools ``` 3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration. From 9fab58eef6dcf2b9dbed2637e41c9543eb1687ee Mon Sep 17 00:00:00 2001 From: peteregerton <30479892+peteregerton@users.noreply.github.com> Date: Wed, 25 Jul 2018 12:42:59 +0100 Subject: [PATCH 5/6] Updated supported ConfigMgr version Djam confirmed MBAM compatibility with CM versions 1802+ in this UV item https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/19123522-support-mbam-2-5-integration-with-sccm-current-bra May be worth a re-word so not further edits are required. --- mdop/mbam-v25/mbam-25-supported-configurations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 195791d851..4eb36ebf32 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -284,7 +284,7 @@ MBAM supports the following versions of Configuration Manager. -

Microsoft System Center Configuration Manager (Current Branch), version 1610

+

Microsoft System Center Configuration Manager (Current Branch), versions up to 1806

64-bit

From 1fb5a6d6e21411305208613fe0261ad740842fec Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 25 Jul 2018 16:53:35 +0000 Subject: [PATCH 6/6] Merged PR 10069: remove extra characters --- windows/configuration/wcd/wcd-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index a8b96f80b9..1ba48ada16 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -49,7 +49,7 @@ This section describes the **Policies** settings that you can configure in [prov | [AllowDeveloperUnlock](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | X | X | X | X | X | | [AllowGameDVR](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | X | | | | | | [AllowSharedUserAppData](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | X | X | | | | -| [AllowStore](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device (?) | | X | | | | +| [AllowStore](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | X | | | | | [ApplicationRestrictions](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | x | | | | | [RestrictAppDataToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | X | X | | | | | [RestrictAppToSystemVolume](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | X | X | | | |