From 94543435e6783db31fc0b9b630cb8a532b880a74 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 1 Mar 2021 14:28:24 +0530 Subject: [PATCH 1/8] Update network-protection.md update per 4906123 --- .../microsoft-defender-atp/network-protection.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index 065da4f483..c5ffa6ec3a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -45,6 +45,9 @@ When network protection blocks a connection, a notification will be displayed fr You can also use [audit mode](audit-windows-defender.md) to evaluate how Network protection would impact your organization if it were enabled. +> [!NOTE] +> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity.In a managed environment, make sure that configuration manager Auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. + ## Requirements Network protection requires Windows 10 Pro or Enterprise, and Microsoft Defender Antivirus real-time protection. From 2953122c4f793002b0df0666a5d5237d589a2f71 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 16:00:12 +0200 Subject: [PATCH 2/8] Update gov.md 1. Linux, macOS and integration with third-party products is rolling out. 2. Email notifications are now available in all Gov clouds. --- .../threat-protection/microsoft-defender-atp/gov.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index f94220e3bd..7aabf92500 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -86,8 +86,8 @@ Windows 8.1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/ Windows 8 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 7 SP1 Enterprise | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Windows 7 SP1 Pro | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Linux | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development -macOS | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development +Linux | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out +macOS | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out Android | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog iOS | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog @@ -140,16 +140,16 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/ ## Feature parity with commercial Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. -These are the known gaps as of February 2021: +These are the known gaps as of March 2021: Feature name | GCC | GCC High | DoD (PREVIEW) :---|:---|:---|:--- Automated investigation and remediation: Live response | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Automated investigation and remediation: Response to Office 365 alerts | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog | ![No](../images/svg/check-no.svg) On engineering backlog -Email notifications | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out +Email notifications | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Evaluation lab | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Management and APIs: Device health and compliance report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) -Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development +Management and APIs: Integration with third-party products | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out | ![No](../images/svg/check-no.svg) Rolling out Management and APIs: Streaming API | ![Yes](../images/svg/check-yes.svg) | ![No](../images/svg/check-no.svg) In development | ![No](../images/svg/check-no.svg) In development Management and APIs: Threat protection report | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) Threat & vulnerability management | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) | ![Yes](../images/svg/check-yes.svg) From a59ffeda7300f2226f2557ee36324114ce01c857 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 16:19:57 +0200 Subject: [PATCH 3/8] Update gov.md Adding M365 G5 DoD bundles. --- .../security/threat-protection/microsoft-defender-atp/gov.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 7aabf92500..ad6e8b4bf1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -37,8 +37,8 @@ Microsoft Defender for Endpoint for US Government customers requires one of the GCC | GCC High | DoD :---|:---|:--- Windows 10 Enterprise E5 GCC | Windows 10 Enterprise E5 for GCC High | Windows 10 Enterprise E5 for DOD -| | Microsoft 365 E5 for GCC High | -| | Microsoft 365 G5 Security for GCC High | +| | Microsoft 365 E5 for GCC High | Microsoft 365 G5 for DOD +| | Microsoft 365 G5 Security for GCC High | Microsoft 365 G5 Security for DOD Microsoft Defender for Endpoint - GCC | Microsoft Defender for Endpoint for GCC High | Microsoft Defender for Endpoint for DOD ### Server licensing From 799359c4dd4b62e9b7e43da6153db58dc8408aa7 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 10 Mar 2021 09:17:35 -0800 Subject: [PATCH 4/8] Update network-protection.md --- .../microsoft-defender-atp/network-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md index b0dd0411a8..7ff00a13e3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/network-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/network-protection.md @@ -44,7 +44,7 @@ When network protection blocks a connection, a notification is displayed from th You can also use [audit mode](audit-windows-defender.md) to evaluate how network protection would impact your organization if it were enabled. > [!NOTE] -> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity.In a managed environment, make sure that configuration manager Auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. +> If network protection is enabled and platform updates are managed, it could cause some systems to lose network connectivity if their systems aren't updated. As a result, some devices might lose network connectivity. In a managed environment, make sure that Configuration Manager auto deployment rule is updating the platform. Make sure this is fully deployed to all clients before turning on network protection. ## Requirements From bf4750b522b8cce3d89783192562243db56e8a0e Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:34:06 +0200 Subject: [PATCH 5/8] Update gov.md --- .../microsoft-defender-atp/gov.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index ad6e8b4bf1..985f1d4595 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -23,7 +23,7 @@ ms.technology: mde **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) -Microsoft Defender for Endpoint for US Government customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. +Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial. This offering is available to GCC, GCC High, and DoD customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some differences in the availability of capabilities for this offering. @@ -124,6 +124,20 @@ For more information, see [Configure device proxy and Internet connectivity sett > > When filtering, look for the records labeled as "US Gov" and your specific cloud under the geography column. +### Service backend IP ranges + +If your network devices don't support DNS rules and you can't use the URLs listed in the spreadsheet above, use IP ranges instead. + +Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions: + +- AzureCloud.usgovtexas +- AzureCloud.usgovvirginia + +You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). + +> [!NOTE] +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS resolving setting. +
## API @@ -138,7 +152,7 @@ SIEM | `https://wdatp-alertexporter-us.gcc.securitycenter.windows.us` | `https:/
## Feature parity with commercial -Defender for Endpoint doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. +Defender for Endpoint for US Government customers doesn't have complete parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government customers, there are some capabilities not yet available we want to highlight. These are the known gaps as of March 2021: From 8e64878b239d79c2c073080752729eaa96b2c9b0 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:39:18 +0200 Subject: [PATCH 6/8] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 985f1d4595..3a35ff95fa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -126,7 +126,7 @@ For more information, see [Configure device proxy and Internet connectivity sett ### Service backend IP ranges -If your network devices don't support DNS rules and you can't use the URLs listed in the spreadsheet above, use IP ranges instead. +If your network devices don't support DNS-based rules, use IP ranges instead. Defender for Endpoint for US Government customers is built in the Azure US Government environment, deployed in the following regions: From 91b644f5abc8aa85b18d3a959deb756419897db7 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:44:16 +0200 Subject: [PATCH 7/8] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index 3a35ff95fa..e4709b7cc2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -136,7 +136,7 @@ Defender for Endpoint for US Government customers is built in the Azure US Gover You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). > [!NOTE] -> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS resolving setting. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS-based rules.
From 0943de90581534c2bd10e626df26f73031ac6ab4 Mon Sep 17 00:00:00 2001 From: adirdidi <68847945+adirdidi@users.noreply.github.com> Date: Wed, 10 Mar 2021 19:47:50 +0200 Subject: [PATCH 8/8] Update gov.md --- .../security/threat-protection/microsoft-defender-atp/gov.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/gov.md b/windows/security/threat-protection/microsoft-defender-atp/gov.md index e4709b7cc2..e40a3ed5d3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/gov.md @@ -136,7 +136,7 @@ Defender for Endpoint for US Government customers is built in the Azure US Gover You can find the Azure IP ranges in [Azure IP Ranges and Service Tags – US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063). > [!NOTE] -> As a cloud-based solution, the IP address ranges can change. It's recommended you move to a DNS-based rules. +> As a cloud-based solution, the IP address ranges can change. It's recommended you move to DNS-based rules.