From 601599de8f97848ca158e26b2ba7eaa4984a1452 Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 3 Mar 2020 16:55:26 -0800 Subject: [PATCH 01/13] Update custom-detection-rules.md --- .../microsoft-defender-atp/custom-detection-rules.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index c5a436c489..5254713db3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -1,7 +1,7 @@ --- title: Create and manage custom detection rules in Microsoft Defender ATP ms.reviewer: -description: Learn how to create and manage custom detections rules based on advanced hunting queries +description: Learn how to create and manage custom detection rules based on advanced hunting queries keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp search.product: eADQiWindows 10XVcnh search.appverid: met150 @@ -19,7 +19,7 @@ ms.topic: article --- -# Create and manage custom detections rules +# Create and manage custom detection rules **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) @@ -34,7 +34,7 @@ Custom detection rules built from [Advanced hunting](advanced-hunting-overview.m In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results. #### Required columns in the query results -To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don’t use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. +To use a query for a custom detection rule, the query must return the `Timestamp`, `DeviceId`, and `ReportId` columns in the results. Simple queries, such as those that don't use the `project` or `summarize` operator to customize or aggregate results, typically return these common columns. There are various ways to ensure more complex queries return these columns. For example, if you prefer to aggregate and count by `DeviceId`, you can still return `Timestamp` and `ReportId` by getting them from the most recent event involving each machine. From 70c0dd8239e6d8f09febc66c83f203c29fa98832 Mon Sep 17 00:00:00 2001 From: lomayor Date: Tue, 3 Mar 2020 17:00:54 -0800 Subject: [PATCH 02/13] Update TOC.md --- windows/security/threat-protection/TOC.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 55521c5955..8b97a7b7b7 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -136,8 +136,8 @@ #### [Custom detections]() -##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) -##### [Create and manage custom detections rules](microsoft-defender-atp/custom-detection-rules.md) +##### [Understand custom detections](microsoft-defender-atp/overview-custom-detections.md) +##### [Create and manage detection rules](microsoft-defender-atp/custom-detection-rules.md) ### [Management and APIs]() #### [Overview of management and APIs](microsoft-defender-atp/management-apis.md) From f5331dcc12f59629b4ad0b88f16ec5ad0d14666e Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 3 Mar 2020 19:41:37 -0800 Subject: [PATCH 03/13] Add note on kext -> system extension work --- .../microsoft-defender-atp/mac-whatsnew.md | 6 ++++++ .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 5bf5c0c266..25ce7a6c21 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -19,6 +19,12 @@ ms.topic: conceptual # What's new in Microsoft Defender Advanced Threat Protection for Mac +> [!NOTE] +> In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. +> In the meantime, starting with macOS Catalina update 10.15.4, Apple introduced a user facing *Legacy System Extension* warning to signal applications that rely on kernel extensions. +> If you previously whitelisted the Microsoft Defender ATP for Mac kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist our kernel extension, your users will be presented with the warning. +> To proactively silence the warning, you can still deploy a configuration to whitelist the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. + ## 100.86.91 > [!CAUTION] diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index be43f23ee8..fa9b382efb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -114,6 +114,10 @@ Microsoft regularly publishes software updates to improve performance, security, Guidance for how to configure the product in enterprise environments is available in [Set preferences for Microsoft Defender ATP for Mac](mac-preferences.md). +## macOS kernel and system extensions + +In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. Visit [What's new in Microsoft Defender Advanced Threat Protection for Mac](mac-whatsnew.md) for relevant details. + ## Resources - For more information about logging, uninstalling, or other topics, see the [Resources](mac-resources.md) page. From dbdec82022655d033517fb304edf6f7a6e8aa1b6 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 3 Mar 2020 19:43:31 -0800 Subject: [PATCH 04/13] Updates resources --- .../microsoft-defender-atp/mac-resources.md | 25 +------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md index e35c4b95e5..02831671bc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-resources.md @@ -100,27 +100,4 @@ Important tasks, such as controlling product settings and triggering on-demand s ## Microsoft Defender ATP portal information -In the Microsoft Defender ATP portal, you'll see two categories of information. - -Antivirus alerts, including: - - - Severity - - Scan type - - Device information (hostname, machine identifier, tenant identifier, app version, and OS type) - - File information (name, path, size, and hash) - - Threat information (name, type, and state) - -Device information, including: - - - Machine identifier - - Tenant identifier - - App version - - Hostname - - OS type - - OS version - - Computer model - - Processor architecture - - Whether the device is a virtual machine - - > [!NOTE] - > Certain device information might be subject to upcoming releases. To send us feedback, use the Microsoft Defender ATP for Mac app and select **Help** > **Send feedback** on your device. Optionally, use the **Feedback** button in the Microsoft Defender Security Center. +[This blog](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/edr-capabilities-for-macos-have-now-arrived/ba-p/1047801) provides detailed guidance on what to expect in Microsoft Defender ATP Security Center. \ No newline at end of file From cbee11b55aca04456bffaf7119fa4e9ed5139a98 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 3 Mar 2020 20:06:16 -0800 Subject: [PATCH 05/13] Wording --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 25ce7a6c21..c9a534c29d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -22,7 +22,7 @@ ms.topic: conceptual > [!NOTE] > In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. > In the meantime, starting with macOS Catalina update 10.15.4, Apple introduced a user facing *Legacy System Extension* warning to signal applications that rely on kernel extensions. -> If you previously whitelisted the Microsoft Defender ATP for Mac kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist our kernel extension, your users will be presented with the warning. +> If you have previously whitelisted the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist the kernel extension, your users will be presented with the warning. > To proactively silence the warning, you can still deploy a configuration to whitelist the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. ## 100.86.91 From 9450b55215d6923e23394d4a0cb34250866b53b5 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 3 Mar 2020 21:11:07 -0800 Subject: [PATCH 06/13] Spacing --- .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index c9a534c29d..ebad1005b3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -21,9 +21,10 @@ ms.topic: conceptual > [!NOTE] > In alignment with macOS evolution, we are preparing a Microsoft Defender ATP for Mac update that leverages system extensions instead of kernel extensions. +> > In the meantime, starting with macOS Catalina update 10.15.4, Apple introduced a user facing *Legacy System Extension* warning to signal applications that rely on kernel extensions. -> If you have previously whitelisted the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist the kernel extension, your users will be presented with the warning. -> To proactively silence the warning, you can still deploy a configuration to whitelist the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. +> +> If you have previously whitelisted the kernel extension as part of your remote deployment, that warning should not be presented to the end user. If you have not previously deployed a policy to whitelist the kernel extension, your users will be presented with the warning. To proactively silence the warning, you can still deploy a configuration to whitelist the kernel extension. Refer to the instructions in the [JAMF-based deployment](mac-install-with-jamf.md#approved-kernel-extension) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. ## 100.86.91 From 54e212c5994fbcd77362fe82d8c2761cdfbfd70f Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:04:10 -0800 Subject: [PATCH 07/13] Update configure-server-exclusions-windows-defender-antivirus.md --- ...ure-server-exclusions-windows-defender-antivirus.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md index c1e4a6ba6e..97a45e8794 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md @@ -22,7 +22,7 @@ ms.custom: nextgen - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Windows Defender Antivirus on Windows Server 2016 or 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). +Windows Defender Antivirus on Windows Server 2016 and 2019 automatically enrolls you in certain exclusions, as defined by your specified server role. See the [list of automatic exclusions](#list-of-automatic-exclusions) (in this article). These exclusions do not appear in the standard exclusion lists that are shown in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions). > [!NOTE] > Automatic exclusions only apply to Real-time protection (RTP) scanning. Automatic exclusions are not honored during a Full/Quick or On-demand scan. @@ -46,13 +46,13 @@ In addition to server role-defined automatic exclusions, you can add or remove c In Windows Server 2016 and 2019, the predefined exclusions delivered by Security intelligence updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, make sure to opt out of the automatic exclusions delivered in Security intelligence updates. But keep in mind that the exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. > [!WARNING] -> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 or 2019 roles. +> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 and 2019 roles. Because predefined exclusions only exclude **default paths**, if you move NTDS and SYSVOL to another drive or path that is *different from the original path*, you must add exclusions manually using the information [here](configure-extension-file-exclusions-windows-defender-antivirus.md#configure-the-list-of-exclusions-based-on-folder-name-or-file-extension) . You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI. -### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 +### Use Group Policy to disable the auto-exclusions list on Windows Server 2016 and 2019 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx). Right-click the Group Policy Object you want to configure, and then click **Edit**. @@ -62,7 +62,7 @@ You can disable the automatic exclusion lists with Group Policy, PowerShell cmdl 4. Double-click **Turn off Auto Exclusions**, and set the option to **Enabled**. Then click **OK**. -### Use PowerShell cmdlets to disable the auto-exclusions list on Windows Server 2016 +### Use PowerShell cmdlets to disable the auto-exclusions list on Windows Server 2016 and 2019 Use the following cmdlets: @@ -74,7 +74,7 @@ Set-MpPreference -DisableAutoExclusions $true [Use PowerShell with Windows Defender Antivirus](https://technet.microsoft.com/itpro/powershell/windows/defender/index). -### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 +### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016 and 2019 Use the **Set** method of the [MSFT_MpPreference](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties: From bba7d53355b998571444a19cb7987720cad534ba Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:11:13 -0800 Subject: [PATCH 08/13] Update TOC.md --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 8b97a7b7b7..2b444785f5 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -277,7 +277,7 @@ ###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) +###### [Configure antivirus exclusions Windows Server 2016 and 2019](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) ##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) From bcb1a0be7193ab221e5a8956ec163a877c34a2f3 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:15:57 -0800 Subject: [PATCH 09/13] Update office-365-windows-defender-antivirus.md --- .../office-365-windows-defender-antivirus.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md index 6c0a6b6fe1..5e80d45294 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md @@ -14,12 +14,12 @@ ms.topic: article author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 02/26/2020 +ms.date: 03/04/2020 ms.reviewer: manager: dansimp --- -# Better together: Windows Defender Antivirus and Office 365 (including OneDrive) +# Better together: Windows Defender Antivirus and Office 365 **Applies to:** @@ -46,9 +46,9 @@ Read the following sections to learn more. When you save your files to [OneDrive](https://docs.microsoft.com/onedrive), and [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) detects a ransomware threat on your device, the following things occur: -1. **You are told about the threat**. (If your organization is using Microsoft Defender Advanced Threat Protection, your security operations team is notified, too.) +1. **You are told about the threat**. (If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (ATP), your security operations team is notified, too.) -2. **Windows Defender Antivirus helps you (and your organization's security team) remove the ransomware** from your device(s). +2. **Windows Defender Antivirus helps you (and your organization's security team) remove the ransomware** from your device(s). (If your organization is using Microsoft Defender ATP, your security operations team can determine whether other devices are infected and take appropriate action, too.) 3. **You get the option to recover your files in OneDrive**. With the OneDrive Files Restore feature, you can recover your files in OneDrive to the state they were in before the ransomware attack occurred. See [Ransomware detection and recovering your files](https://support.office.com/article/0d90ec50-6bfd-40f4-acc7-b8c12c73637f). @@ -56,7 +56,7 @@ Think of the time and hassle this can save. ## Integration means better protection -Office 365 Advanced Threat Protection integrated with Microsoft Defender Advanced Threat Protection means better protection. Here's how: +Office 365 Advanced Threat Protection integrated with Microsoft Defender Advanced Threat Protection means better protection for your organization. Here's how: - [Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-atp) safeguards your organization against malicious threats posed in email messages, email attachments, and links (URLs) in Office documents. @@ -68,7 +68,7 @@ Office 365 Advanced Threat Protection integrated with Microsoft Defender Advance - Once integration is enabled, your security operations team can see a list of devices that are used by the recipients of any detected URLs or email messages, along with recent alerts for those devices, in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). -If you haven't already done so, [integrate Office 365 Advanced Threat Protection with Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp). +If you haven't already done so, [integrate Office 365 Advanced Threat Protection with Microsoft Defender ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp). ## More good reasons to use OneDrive From f7db4a29f9a207bfab761ece675b42149fef8ded Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:40:09 -0800 Subject: [PATCH 10/13] Update office-365-windows-defender-antivirus.md --- .../office-365-windows-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md index 5e80d45294..b5eb9e9f63 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md @@ -1,6 +1,6 @@ --- -title: Better together: Windows Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats -description: Office 365, which includes OneDrive, goes together wonderfully with Windows Defender Antivirus. Read this article to learn more. +title: "Better together: Windows Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats" +description: "Office 365, which includes OneDrive, goes together wonderfully with Windows Defender Antivirus. Read this article to learn more." keywords: windows defender, antivirus, office 365, onedrive search.product: eADQiWindows 10XVcnh ms.pagetype: security From 99a71ae80510cc6323a401c520578d62073c44ae Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:40:48 -0800 Subject: [PATCH 11/13] Update office-365-windows-defender-antivirus.md --- .../office-365-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md index b5eb9e9f63..86a03010eb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md @@ -1,7 +1,7 @@ --- title: "Better together: Windows Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats" description: "Office 365, which includes OneDrive, goes together wonderfully with Windows Defender Antivirus. Read this article to learn more." -keywords: windows defender, antivirus, office 365, onedrive +keywords: windows defender, antivirus, office 365, onedrive, restore, ransomware search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 From 8f061e74fa33f6dfecae3777cced137841621aba Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:41:21 -0800 Subject: [PATCH 12/13] Update office-365-windows-defender-antivirus.md --- .../office-365-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md index 86a03010eb..77a5c15cf1 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md @@ -1,5 +1,5 @@ --- -title: "Better together: Windows Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats" +title: "Better together - Windows Defender Antivirus and Office 365 (including OneDrive) - better protection from ransomware and cyberthreats" description: "Office 365, which includes OneDrive, goes together wonderfully with Windows Defender Antivirus. Read this article to learn more." keywords: windows defender, antivirus, office 365, onedrive, restore, ransomware search.product: eADQiWindows 10XVcnh From 3cd7cd5d1d4a4dc45b4d923bfe55bd0f9e8ab77b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Mar 2020 07:42:00 -0800 Subject: [PATCH 13/13] Update why-use-microsoft-antivirus.md --- .../windows-defender-antivirus/why-use-microsoft-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md index 9ba7a43bf9..9c284e75a0 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md @@ -1,6 +1,6 @@ --- -title: Why you should use Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection -description: For best results, use Windows Defender Antivirus together with your other Microsoft offerings. +title: "Why you should use Windows Defender Antivirus together with Microsoft Defender Advanced Threat Protection" +description: "For best results, use Windows Defender Antivirus together with your other Microsoft offerings." keywords: windows defender, antivirus, third party av search.product: eADQiWindows 10XVcnh ms.pagetype: security