proof

2025-06-22 13:53:39 +00:00 · 2020-01-27 14:58:19 -08:00
parent a0fb8eaaf9
commit 27f30e0ba6
3 changed files with 16 additions and 16 deletions
--- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md
@ -22,11 +22,11 @@ ms.date: 04/19/2017
 **Applies to**
 -   Windows 10

-This topic for the IT professional describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.
+This article for IT professionals describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.

 Central access policies and rules determine access permissions for files on multiple file servers, so it's important to monitor changes to them. Like user claim and device claim definitions, central access policy and rule definitions reside in Active Directory Domain Services (AD DS). You can monitor them just like any other object in Active Directory. These policies and rules are critical elements in a Dynamic Access Control deployment. They are stored in AD DS, so they're less likely to be tampered with than other network objects. But it's important to monitor them for potential changes in security auditing and to verify that policies are being enforced.

-Follow these procedures to configure settings to monitor changes to central access policy and central access rule definitions and to verify the changes. These procedures assume that you've configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you haven't yet deployed Dynamic Access Control in your network, see [Deploy a Central Access Policy (demonstration steps)](https://technet.microsoft.com/library/hh846167.aspx).
+Follow the procedures in this article to configure settings to monitor changes to central access policy and central access rule definitions and to verify the changes. These procedures assume that you've configured and deployed Dynamic Access Control, including central access policies, claims, and other components, in your network. If you haven't yet deployed Dynamic Access Control in your network, see [Deploy a Central Access Policy (demonstration steps)](https://technet.microsoft.com/library/hh846167.aspx).

 > [!NOTE]
 > Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings.
@ -34,7 +34,7 @@ Follow these procedures to configure settings to monitor changes to central acce
 **Configure settings to monitor central access policy and rule definition changes**

 1.  Sign in to your domain controller by using domain administrator credentials.
-2.  In Server Manager, point to **Tools**, and then select **Group Policy Management**.
+2.  In Server Manager, point to **Tools** and select **Group Policy Management**.
 3.  In the console tree, right-click the default domain controller Group Policy Object, and then select **Edit**.
 4.  Double-click **Computer Configuration** and select **Security Settings**. Expand **Advanced Audit Policy Configuration** and **System Audit Policies**, select **DS Access**, and then double-click **Audit directory service changes**.
 5.  Select the **Configure the following audit events** and **Success** check boxes (and the **Failure** check box, if you want). Then select **OK**.
@ -53,7 +53,7 @@ After you configure settings to monitor changes to central access policy and cen
 3.  Under **Dynamic Access Control**, right-click **Central Access Policies**, and then select **Properties**.
 4.  Select the **Security** tab, select **Advanced** to open the **Advanced Security Settings** dialog box, and then select the **Auditing** tab.
 5.  Select **Add**, add a security auditing setting for the container, and then close all security properties dialog boxes.
-6.  In the **Central Access Policies** container, add a new central access policy (or select one that exists). Select **Properties** in the **Tasks** pane, and then change one or more attributes.
+6.  In the **Central Access Policies** container, add a new central access policy (or select one that already exists). Select **Properties** in the **Tasks** pane, and then change one or more attributes.
 7.  Select **OK**, and then close the Active Directory Administrative Center.
 8.  In Server Manager, select **Tools** and then **Event Viewer**.
 9.  Expand **Windows Logs**, and then select **Security**. Verify that event 4819 appears in the security log.
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
@ -25,12 +25,12 @@ ms.topic: article

 > Want to experience Microsoft Defender Advanced Threat Protection (ATP)? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).

-[Attack surface reduction (ASR) rules](./attack-surface-reduction.md) identify and prevent typically malware exploits. They control when and how potentially malicious code can run. For example, you can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, and block processes that run from USB drives.
+[Attack surface reduction (ASR) rules](./attack-surface-reduction.md) identify and prevent typical malware exploits. They control when and how potentially malicious code can run. For example, they can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, and block processes that run from USB drives.

 ![Attack surface management card](images/secconmgmt_asr_card.png)<br>
 *Attack surface management card*

-The *Attack surface management* card is an entry point to tools in Microsoft 365 security center that you can use to:
+The *Attack surface management card* is an entry point to tools in Microsoft 365 security center that you can use to:

 * Understand how ASR rules are currently deployed in your organization.
 * Review ASR detections and identify possible incorrect detections.
@ -39,15 +39,15 @@ The *Attack surface management* card is an entry point to tools in Microsoft 365
 Select **Go to attack surface management** > **Monitoring & reports > Attack surface reduction rules > Add exclusions**. From there, you can navigate to other sections of Microsoft 365 security center.

 ![Add exclusions tab in the Attack surface reduction rules page in Microsoft 365 security center](images/secconmgmt_asr_m365exlusions.png)<br>
-***Add exclusions*** tab in the Attack surface reduction rules page in Microsoft 365 security center*
+The ***Add exclusions** tab in the Attack surface reduction rules page in Microsoft 365 security center*

 > [!NOTE]
-> To access Microsoft 365 security center, you need a Microsoft 365 E3 or E5 license and an account that has certain roles on Azure Active Directory. [Read more about required licenses and permissions](https://docs.microsoft.com/office365/securitycompliance/microsoft-security-and-compliance#required-licenses-and-permissions)
+> To access Microsoft 365 security center, you need a Microsoft 365 E3 or E5 license and an account that has certain roles on Azure Active Directory. [Read about required licenses and permissions](https://docs.microsoft.com/office365/securitycompliance/microsoft-security-and-compliance#required-licenses-and-permissions).

-For more information about ASR rule deployment in Microsoft 365 security center, see [Monitor and manage ASR rule deployment and detections](https://docs.microsoft.com/office365/securitycompliance/monitor-devices#monitor-and-manage-asr-rule-deployment-and-detections)
+For more information about ASR rule deployment in Microsoft 365 security center, see [Monitor and manage ASR rule deployment and detections](https://docs.microsoft.com/office365/securitycompliance/monitor-devices#monitor-and-manage-asr-rule-deployment-and-detections).

 **Related topics**

 * [Ensure your machines are configured properly](configure-machines.md)
 * [Get machines onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
-* [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
+* [Monitor compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
@ -26,22 +26,22 @@ This article describes the best practices, location, values, policy management,

 ## Reference

-This policy setting determines when users are warned that their passwords are about to expire. This warning gives users time to select a strong password before their current password expires and avoid losing system access.
+This policy setting determines when users are warned that their passwords are about to expire. This warning gives users time to select a strong password before their current password expires to avoid losing system access.

 ### Possible values

-   A user-defined number of days from 0 through 999.
-   Not defined.
+-   A user-defined number of days from 0 through 999
+-   Not defined

 ### Best practices

-  Configure user passwords to expire periodically. Users need warning that their passwords are going to expire, or they might  get locked out of the system.
+-  Configure user passwords to expire periodically. Users need warning that their password is going to expire, or they might  get locked out of the system.
 -  Set **Interactive logon: Prompt user to change password before expiration** to five days. When their password expiration date is five or fewer days away, users will see a dialog box each time that they log on to the domain.
 -  Don't set the value to zero, which displays the password expiration warning every time the user logs on.

 ### Location

-Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+*Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\Security Options*

 ### Default values

@ -70,7 +70,7 @@ None.

 ### Group Policy

-This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy isn't contained in a distributed GPO, it can be configured on the local computer through the Local Security Policy snap-in.
+Configure this policy setting by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy isn't contained in a distributed GPO, it can be configured on the local computer through the Local Security Policy snap-in.

 ## Security considerations