From e8c8872bfaa72856a48ca170a6f98f88bf7b9747 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 23 Oct 2018 13:53:55 -0700 Subject: [PATCH 01/32] Added SE Labs --- .../intelligence/images/se-labs.png | Bin 0 -> 4397 bytes .../intelligence/images/se-labs2.PNG | Bin 0 -> 2989 bytes .../top-scoring-industry-antivirus-tests.md | 24 +++++++++++++----- 3 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 windows/security/threat-protection/intelligence/images/se-labs.png create mode 100644 windows/security/threat-protection/intelligence/images/se-labs2.PNG diff --git a/windows/security/threat-protection/intelligence/images/se-labs.png b/windows/security/threat-protection/intelligence/images/se-labs.png new file mode 100644 index 0000000000000000000000000000000000000000..41bdc75e8a2af502a1d222da72540e328677475a GIT binary patch literal 4397 zcmV+|5z_97P)Px#1ZP1_K>z@;j|==^1pojL*GWV{RCr$PozHLF#udkBxK!%2Me77b54}VN3KX#e zShky7W8HeQjs5|(4n5lj{G&w=ZZ0ii8?f~kSU&brIX$)qJC_1&U|Rwr2LTFL=|2$V z)W9P7`o3?5(PaB7=wTsr;+wM#S7dUH{?}@b+{Yy2VjU-7v`f~gC&Ju2j zljrV!J?bFPG&|3(v*vdP4~P%B1z*N-meEIFytwg4c|#c*72H0--M8t9FaOnSXAODp zgO6EM?4~E1DOY;Sw}nhb>Rp1XI^QYLPO z$ePmwg_^Q!JI`-E@MpED3a)o+w9L-48z=l>C#c}oM+H{}w==>H>|h}yT94DEja*!Z zK`i9VUa5Xov!W0RZj$VuXxf6F1ypeBqk?NpMg=oiVZ?z)2HhKuRgFjUir9)J3TO^L-B0z@e z|I26BugMz?QiyIC+)5*LEhx$qpn}^Hr%&HM&K7NvQD7~7yIl|uC;3ADoV$w;I>3$=z>2)9f?+!;}VrtG{j!5 zTt(>?72LLswdc2;C|4VCVWD#VYxa@karf8W0()@~j52L>6NMh^>@0b8?alAOUk8zzSx zMicHC|6w8egEj$B!EG7W;LC>s@L(`)(^>~gT|~sJy_@q!X&q!QWx& zx<8dcVVu4bMQ{fc)Y^eX`Zr}|yhdCm4)x)7j5ycr-~!?BOCddn8v~{*o%wnDcJ19D zW5;fc2SVBQG}n5V1s|^XHjR<~1*;KmggU~J1%(H91spXG3t^ zY{_2X4t=~S>o!MnQoWBePI_;R^Vy-`^1*|qx0r$}t~6SPw{pXoLDTIJpZ!MCdz#;` z)_u4?e)A{hhu?eKEXA$r{LBFH#0b0d?7DS+Am=|D2&Parx{rp8DU}RQOGYby;Ct8}Z3oSGFxh0$ z6>*w%!R<#@sb#d{qN_e>JOskq%hs9*NT}ed;D&;m2Y}>_5okkj!|NR7IfZQ;v$!Vu z%^)-_Y(~MzjmCs2BsY;&{#We)NHfc#7rLlIStMA|KlO(rl|jXdGJnWQ?E+|%Km~UW z!1N9Q0$88@!Yiv?&fc3?15)N6Ou7Bx)Pn$(KOCtHDwgl^U&zc2mM;3tBy!l=LrG8Zq~4&Jvc&U9m^WsK89|JH`s%6DPbFeD2+s*hvjkaOV_^*p+qg z43>TRLuCPgbqC880xK)2WJROBEdKpKNS#GUyROV2RuY;A2soiQj89EmMSiOP^|=Pd zio`{vFit4E7<|lC3{aAW$uj^qc-^VgN;nD?+&Km=2I)8jYUM5h;x1ro3|1^GS7)(0 zL|h@BPEb~1(P5DUM8@TR-&n(f1PRDWPWVkMAb5%$4g5z;Jv?BPd9T@c7J8o3?CLaN z5OQvc5@ZHp@QUtZFoOjw0(?X+ybA7|5HbgcKHCZ_IjkH1g1Qsv`JpWb& z72G*Tf(SuHdfhR2eu3D=aa`0>aL@+)`LI~$QCtTRt`>{FW0{VR1f^m1^9%q5e6Si6 z7O)IvK_3Gc@Z1W}>dp@;xC?+a*(d(6(ioNb0d54hPhPom0>l8;*&>K+2#a0O#*-wO zs4FDThle``H75Ffzi>H(x$r8u3qWS0paEccurhC;fOc-#ioem)wPBXE&Lx&QF)A>y z<-T8WJ9ywn&$Am;a2J4ZS_NOzu(^rKY=Gx!BXh-{GFAdz{$v3um%1M_$2zg@T_v<~ z5t20|dGIQ@Er1Sz=;cun%t=8})sOY9`BnvYj(8oX=feQmBr0)*gj4ouqmrUUrc8?3W&Q|vFK7y9B)D3@(@f~gMqcbFt}}@BB!bDI zdk5F1g4+W9R&JX$YF#=?U;$-GV>>}8(*av`g%xGfaM443WGQ%`k&scnTyFFM*=4su zAeIrCqE-msld`_;A>i-wI7<>IjT=MNIt#R`g4+Ualq*w2!o0jmg2rU2Ocxq;)K_K$ z%IF(^SX&H3(0;I(BDWfIY-E4z568#ai%s@{q_;0cdE6Q8R;KcYz#_X+E`y#xt&uQ@ zM|MvIw?XBjbixE|} zz?qPxi=01<-2RlUAhSNHeVUYR39UH@WZgC;V%tk(4>t_d6wxKq3yQT+%{*MT^zyid z&Fp3!s}k25_m(zGE1Wj4+RGgeN1VpxcIs?-Hx<~%bIAK3?jziJD!46Dh;ERYC8PWS zm4(Iu4G?AGu!h^e#Lz~6)i7m#5Nl4>@H;Sj8dt<%ak6Fm0>XoHGFCPsU3$G#wAs4# zI9P1=uoBA^e6h>DIDRpXrCSUPfh)l+HW&@uzp#v{wUN}h^`~Qj?~|`CbJz{I^HgwK z1`ij7!NdBR7zOi^ZsT?oG(H65q_YGOWmpnugwiRMxy4y^<*FuFeWSD`{H_fAvVo#q z7R#2hwY(lfrTx^b$6>9z&ZV@6TC=#w})<%ULqr4isI0&!Bn9QByC%3cTw$VP@qdj_c&SMFSf#; zaT<#%%4wBrfEM3*#Oc)_DqBdiRl*~8>*CGd=aX@^=57j^HRJ=CxP{tXKr+ntcT30n zcbw(66wyF;Qr?ExV!gn>cR3UY7S(J0^%(f`v0_rhc${s{%Wcw)lsLq(TthE?Qdp^S zZ?i{9nm+Dt_hp;6_sNoM0p#8x^pn*l0>Wb1R%VCpdQFr)I>;r5>%vw(lts&tA^zJk zD+u2Qv)X(h=uB|^h&0)1Mr6;k;L4YuHo?uosLsNAyYi3*!W|ro7Azg-25{(JQ!-WS zW!IYW*@lAK6|g>Fh4|CfsR(Wd4Ez0MAkWap2DK*yzbspn=6F@GO3-#-c@DA^!+U^Y z+@lKIAi>R%G_k?PhqU{{t~X8h*P0O99C2@?kq;R5gX_V7WcK*FRt~%_Z}7zF(nfeM zJG5}yWm*L{M;z>At_*(2M}r59z?hBcanr#u72Meo+?+v{+Chjou<>({C7c77m2BA~ z5VqqPD)lNS7hL$82hF@j=>rg2-|ETqk=nSV0wZTGbW=I zr1-!ZfmO@*O{Q{uj*-A&;U36&iVToZ0jeTzK{SWT_;mkR6p7)uVGw;lECez>7 zc{X{*PyF}8L<6ty?6V4uJ;F}gO6H*Q zo;c+_np#@eKb7&!Q<@BH*RhVy--$o?{DD&rIBJyk)7J&F=}Yr75BG}sw{56UZ`)j* z$}Q>Z^@NFDFu8vkuwidMiN#jyal^3HhW|6+2Cp&m);~P_*majce;TaG?Eaq87WJAY zZspC%Kh*Q~*UKj*GHdp{iIcoHue|HJ^Gcs6O*e%u8?vV_!Rti%O8kwMQTg1T@ylu7 z2r_KOO1qb3C*=l|f;Cjn(U-sb11P9IX^HIi_Ks++zkDNE*5TE@;nHc$Mik28sdHpN3=k?a;4iI>oo>oKck z19EYrCVTXOBoHbHfRglR0=k=p&-u>u=#TZ?w^p%oN=MZe{7Ym zHQ{0=_mMxP)k56);rxPCh6^x|COSkyZv2$Llip@Lj=Q)fm?NBS!9k1J*qg`;+RWL(Q5&!5Z^7 zT}H^B;ehUSILE}5p&bA{t}y0H-dw41tHzeo3{o4cGY;nwyY!J56LMGSLK)r2iBM&r zoD4ty=$%w|UGJrIG9hYs`(EALuvyg_OMysFmSrf-iE)~(P0n(fuDv>$Lbz$<>`@8E zYgB6l_t{>(oyjHV7F^bGo2!^P9#llFvrK%|ly&w-(pghpnadfBZ-dZ0I_?7MkB?Bv zPJWT2TnmdrqQ%Vl!a2H3A|NJ7BrDQ3hgJIAy^s#2LPPWE$b+nV;maX`UKV0%)cLB) zDLaU^ufk5+2y)u3yiinGFA3rDOwpt@MAOLLCs{w^VVZn^HjLPO_GfJ3gd#-PP0 zq%pZf57(X7CVMN&t505*a9fC_$?YB^S>WA+fJXO;VE#%(JqHvye!F+}JetQc4|`Z^ zzOeS{j`_Bp?v%LU3{W5qmjGEt6emW$xW`T`Zd+XO;nKDini7AWaOq>WtBTe>4x$E` zl-DQJ3dfW5@uMf`Xt9cZHfZAwKC$h6B$fmM&Q21a-;Yz$?_HCz(nrc8YVH&-Y|0CO zlnUd~leOn4T-mZwJMw7%4JL9`XEn?RqOmSm1z>ir(bZ`+pzhUP$`=h^Wm*;Dfr0A@ zYLg9JX=C|8K|gv0D3F;KX86Y^;&p6Y4;>>us04MNr~+;!Q$t?Qb0~GHGVTjaUU1+( zE0uA9c5quwjTw1)-%xyVfeBF)9wVhK0{ctY$aKiVDCfhlhSmF<G)d!&9dK-ylD8if$2!p22 zHMNIAfjx;s@U@b7N8ClpIgBvQ9k9OWM@e^NMeOhg%GFP6pY9guuh&?L!T2h74qJTH z_l65@dO%CW{8LMk15-`$Zb zbEKr?hghR|K7HF9j2T)?yrQ0OM z+@2V1g|9FQbY;ZDMCt}-zHT@vO46^w1_wiMXjAf~`5o~3p0dvr-Wp*r<_hU@zO^p? zSA{LAp?Q@x=7w!W4Y*(fwGI=!oQ_z9meyK`RiMcJj1KeMtCz@6`8pi50%~1pZHZqZ zO|7f$G9^=Nbv4MMp`OBMoFW|)pLbZYnQ9uO$)*c_K>2SL_=iN{0b%&wSU}4Dx@7p| zvvxg{udP)mW5BSx$^e#IC`cl60YArR*i>(rD{yErYoIvg?XpL6^?UqFD@r;?v5J~nl5AGtK-U=_(ld&lspAD&$%7BA4c_~ZJLsOid9cJna0;y##Z zcle~SfwbhTqd2yHlexjIJKC~OT)d>DgOS*HBX}obXA;lk1SEb$j&pE(t~bRp8o&2t z#0~ET(2dmecNSqIyl7Oq98;~U2v!^37U(K{QWTvc=`w2$(NWN~t2?Ri zJddMYmVWWxanwN7D+~n}J8wUHX2xJtu-YOj6(1T#oyqkggd;I>Mefm*boQb~YGg!A z58a>NCED-WIm?0rA#p*>;Ng;t!#uNWyV=!Rj)X0~$e%Y!F`Ak|f z^%i#4?c&T=^S37-?e5_7%EqLcsUP=qke)X!f2-}dcI#Gt#5-ZRmGE2EtM4tvRgA*- zyLSm#bJi+x&X*{;OVP%>soh~vpd|4eL(W`ieR3ql0SUGGF3$4o^wYq+3^WBgh{Tt& zus7Awh-)~;(ujeX-it1wkn;7AdhV-8A`W-%g+u6!Xsj!zqAt^H?p$`!+r*xAqj%$O z#?>jX-T2Y7uZ6QG47RK=#l6CjU%)U*MFR$n<^paKL;Q}L)!Ac@pEMP(G7gcaQK~)6 zESmq1d6CGVqrUe0$%?5ihoYmoFXR6yx(nOu4AO%aiV+)uclX8C9XrMN3+IW@ A_5c6? literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index e984e5abab..2aac833609 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -17,7 +17,7 @@ ms.date: 09/05/2018 We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections. -In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender AV is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender AV detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. +In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign?ocid=cx-docs-avreports). Windows Defender Antivirus is part of the [next generation](https://www.youtube.com/watch?v=Xy3MOxkX_o4) Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports)) security stack which addresses the latest and most sophisticated threats today. In many cases, customers might not even know they were protected. That's because Windows Defender Antivirus detects and stops malware at first sight by using [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering?ocid=cx-docs-avreports), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak?ocid=cx-docs-avreports), behavioral analysis, and other advanced technologies. > [!TIP] > Learn why [Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise?ocid=cx-docs-avreports). @@ -27,20 +27,19 @@ In the real world, millions of devices are protected from cyberattacks every day ## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test - The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware"). ### May-June 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I?ocid=cx-docs-avreports) **Latest** - Windows Defender AV achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender AV has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware"). + Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 5,790 malware samples. With the latest results, Windows Defender Antivirus has achieved 100% on 10 of the 12 most recent antivirus tests (combined "Real-World" and "Prevalent malware"). ### March-April 2018 AV-TEST Business User test: [Protection score 5.5/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) - Windows Defender AV achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate). + Windows Defender Antivirus achieved an overall Protection score of 5.5/6.0, missing 2 out of 5,680 malware samples (0.035% miss rate). ### January-February 2018 AV-TEST Business User test: [Protection score 6.0/6.0](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/february-2018/microsoft-windows-defender-antivirus-4.12-180674/) | [Analysis](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-docs-avreports) -Windows Defender AV achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested. +Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, with 5,105 malware samples tested. ||| |---|---| @@ -66,12 +65,23 @@ This test, as defined by AV-Comparatives, attempts to assess the effectiveness o This test, as defined by AV-Comparatives, attempts to assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. [Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/) +

+ +![SE Labs Logo](./images/se-labs2.png) + +## SE Labs: Total accuracy rating of AAA in the latest test + +SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances and cloud services. + +### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) + +In the report, Microsoft's product was called out for the extremely good results due to its ability to block malicious URLs, handle exploits, and classify legitimate applications and websites correctly. ## To what extent are tests representative of protection in the real world? -It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender AV encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. +It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender Antivirus encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. -The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender AV missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. +The capabilities within [Windows Defender ATP](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=cx-docs-avreports) also provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses?ocid=cx-docs-avreports) that are not factored into industry tests. These technologies address some of the latest and most sophisticated threats. Isolating AV from the rest of Windows Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Windows Defender ATP components [catch samples that Windows Defender Antivirus missed](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA?ocid=cx-docs-avreports) in these industry tests, which is more representative of how effectively our security suite protects customers in the real world. Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-docs-avreports), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection?ocid=cx-docs-avreports). From f68e8d10aa35477fc47e8ccba11b907e7500999e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 23 Oct 2018 14:10:24 -0700 Subject: [PATCH 02/32] Product testing update --- .../intelligence/top-scoring-industry-antivirus-tests.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 2aac833609..e192cad54c 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -77,6 +77,8 @@ SE Labs tests a range of solutions used by products and services to detect and/o In the report, Microsoft's product was called out for the extremely good results due to its ability to block malicious URLs, handle exploits, and classify legitimate applications and websites correctly. +Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus. + ## To what extent are tests representative of protection in the real world? It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the antivirus evaluations highlighted above. Windows Defender Antivirus encounters ~200 million samples every month, and the typical antivirus test consists of between 100-5,000 samples. The vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats. From f47f17af9b7daf596d02c620c10c1a61fe49e582 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 23 Oct 2018 14:52:04 -0700 Subject: [PATCH 03/32] More breaks --- .../intelligence/top-scoring-industry-antivirus-tests.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index e192cad54c..0363758dbd 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -66,6 +66,7 @@ This test, as defined by AV-Comparatives, attempts to assesses a security progra [Historical AV-Comparatives Microsoft tests](https://www.av-comparatives.org/vendors/microsoft/)

+

![SE Labs Logo](./images/se-labs2.png) From 29e2bc267e34b2d5a993f661d5d86b703d0deeb2 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 24 Oct 2018 10:32:23 -0700 Subject: [PATCH 04/32] Updated SE Labs --- .../intelligence/top-scoring-industry-antivirus-tests.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 0363758dbd..00adfed351 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -72,11 +72,11 @@ This test, as defined by AV-Comparatives, attempts to assesses a security progra ## SE Labs: Total accuracy rating of AAA in the latest test -SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances and cloud services. +SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services. -### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) +### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) **pdf** -In the report, Microsoft's product was called out for the extremely good results due to its ability to block malicious URLs, handle exploits, and classify legitimate applications and websites correctly. +Microsoft's next-generation protection was named as being one of the most effective, stopping all targeted attacks and the vast majority of public threats. Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus. From b04ea8ad8982cbba3411610ba2b5bd310b40b6a9 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 24 Oct 2018 11:27:25 -0700 Subject: [PATCH 05/32] SE Labs update --- .../intelligence/top-scoring-industry-antivirus-tests.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 00adfed351..c45c89dd4b 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -76,7 +76,7 @@ SE Labs tests a range of solutions used by products and services to detect and/o ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) **pdf** -Microsoft's next-generation protection was named as being one of the most effective, stopping all targeted attacks and the vast majority of public threats. +Microsoft's next-generation protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus. From b2528f5e1f47c6a124483199cd5f04397c4eb5e4 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 24 Oct 2018 16:23:33 -0700 Subject: [PATCH 06/32] Update SE Labs --- .../intelligence/top-scoring-industry-antivirus-tests.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index c45c89dd4b..3eb922192c 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -76,9 +76,7 @@ SE Labs tests a range of solutions used by products and services to detect and/o ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) **pdf** -Microsoft's next-generation protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. - -Note: The product tested was Microsoft System Center Endpoint Protection, which is the same product as Windows Defender Antivirus. +Windows Defender ATP next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. ## To what extent are tests representative of protection in the real world? From 7b96a237eb0948611ea6399f9e6fc2e5da0d5f96 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 25 Oct 2018 11:09:53 -0700 Subject: [PATCH 07/32] Update what-is-enterprise-mode.md --- .../ie11-deploy-guide/what-is-enterprise-mode.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md index bd859900d1..b78d920f14 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md @@ -8,7 +8,7 @@ ms.prod: ie11 ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros) ms.sitesec: library -ms.date: 12/04/2017 +ms.date: 10/25/2018 --- @@ -25,17 +25,15 @@ ms.date: 12/04/2017 Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal). ## Available dual-browser experiences -Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment: +If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. -- Use Microsoft Edge as your primary browser. +Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. -- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies. +>[!TIP] +> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly. -- Use Microsoft Edge as your primary browser and open all intranet sites in IE11. +For Windows 10 and Windows 10 Mobile, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. -- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies. - -For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog. ## What is Enterprise Mode? Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10, Windows 8.1, and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8. Running in this mode helps to avoid many of the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. From fb0245f849d9b16fa919bfb3922f6198922eb1d0 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 25 Oct 2018 11:30:13 -0700 Subject: [PATCH 08/32] Update microsoft-edge-kiosk-mode-deploy.md fixed typo --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index f626465766..a08e947705 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -12,17 +12,16 @@ ms.date: 10/15/2018 # Deploy Microsoft Edge kiosk mode ->Applies to: Microsoft Edge on Windows 10, version 1809 +>Applies to: Microsoft Edge on Windows 10, version 1809 -In the Windows 10 October 2018 Update, we added Microsoft Edge kiosk mode which works with assigned access, locking down a Windows 10 device to only run a single application or multiple applications. It also prevents access to the file system and running executables or other apps from Microsoft Edge. Assigned access lets IT administrators create a tailored browsing experience designed for kiosk devices. Learn more about [assigned access](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/assigned-access). +In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using [assigned access](https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/assigned-access) and added new policies to enhance the kiosk experience. With assigned access, IT admins can create a tailored browsing experience locking down a Windows 10 device to only run a single-app or multi-app kiosk device. It also prevents users from accessing the file system and running executables or other apps from Microsoft Edge. -Microsoft Edge kiosk mode supports four configurations types. For example, you can configure Microsoft Edge to load only a single URL in full-screen mode when you configure digital/interactive signage on a single-app kiosk device. +Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access. These configuration types can help you determine what configuration is best suited for your kiosk device. For example, you can configure Microsoft Edge to load only a single URL in full-screen mode when you configure digital/interactive signage on a single-app kiosk device. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc). In addition to digital/interactive signage, you can configure Microsoft Edge kiosk mode for public browsing either on a single or multi-app kiosk device. The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks. For example, the Microsoft Edge Settings are disabled, favorites, extensions, and books are unavailable to prevent users from customizing Microsoft Edge. In single-app public browsing, there is an “End session” button and reset after an idle timeout option. Both restart Microsoft Edge and clear the user’s session. The reset after the idle timer is set to 5 minutes by default, but you can choose a value of your own. -In this topic, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn how to set up your Microsoft Edge kiosk mode experience. Learn more about [Configuring kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/en-us/windows/configuration/kiosk-shared-pc). ## Microsoft Edge kiosk types @@ -297,4 +296,4 @@ In the following table, we show you the features available in both Microsoft Edg **\*Windows Defender Firewall**

To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide). ---- \ No newline at end of file +--- From b11be109464e8e473c04a6f073e89fe2ea940799 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 25 Oct 2018 12:03:19 -0700 Subject: [PATCH 09/32] Update index.yml --- browsers/edge/group-policies/index.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml index 4d51332890..702845c358 100644 --- a/browsers/edge/group-policies/index.yml +++ b/browsers/edge/group-policies/index.yml @@ -36,7 +36,7 @@ sections: - type: markdown - text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. + text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. - items: From fc717a791fe2675fa9b066dc5237b099be5b41ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Hompus?= Date: Thu, 25 Oct 2018 22:12:24 +0200 Subject: [PATCH 10/32] Fix smart quotes in code samples --- .../deploy-pinned-sites-using-mdt-2013.md | 2 +- ...-deployment-surface-hub-device-accounts.md | 2 +- devices/surface-hub/skype-hybrid-voice.md | 2 +- ...ion-manager-to-manage-devices-with-semm.md | 6 ++-- .../enable-s-mode-on-surface-go-devices.md | 32 +++++++++---------- education/windows/take-a-test-multiple-pcs.md | 2 +- ...ish-a-virtual-application-on-the-client.md | 4 +-- ...w-application-by-using-the-command-line.md | 2 +- ...lication-package-using-the-command-line.md | 2 +- ...lication-package-using-the-command-line.md | 2 +- ...l-application-by-using-the-command-line.md | 2 +- .../how-to-move-the-mbam-25-databases.md | 12 +++---- .../how-to-move-the-mbam-25-reports.md | 2 +- ...r-configuration-manager-2012-both-uevv2.md | 4 +-- ...-a-stand-alone-computer-with-powershell.md | 14 ++++---- ...-a-stand-alone-computer-with-powershell.md | 6 ++-- ...fy-client-configuration-with-powershell.md | 2 +- ...e-active-directory-integration-with-mdm.md | 4 +-- .../disconnecting-from-mdm-unenrollment.md | 4 +-- ...ation-user-model-id-of-an-installed-app.md | 4 +-- 20 files changed, 55 insertions(+), 55 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md index d6ea666402..c89dd26fab 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md @@ -78,7 +78,7 @@ After your operating system is installed on the target computer, you need to cop 4. Rename the newly created item to *Copy Files* and move it up to the top of the **Postinstall** folder. -5. In the **Command Line** box enter the following text, `xcopy “%DEPLOYROOT%\$OEM$\$1” “%OSDisk%\” /yqe`. +5. In the **Command Line** box enter the following text, `xcopy "%DEPLOYROOT%\$OEM$\$1" "%OSDisk%\" /yqe`. 6. Click the **Apply** button to save your changes. diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index c62abeb7fa..46877db4de 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -99,7 +99,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it: ```PowerShell - Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI “tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true + Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true ``` Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md index 4b3c12deab..5537a823c7 100644 --- a/devices/surface-hub/skype-hybrid-voice.md +++ b/devices/surface-hub/skype-hybrid-voice.md @@ -65,7 +65,7 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts. ``` - $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false + $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false ``` After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again). diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index 73c49f7dbc..381ba2d8e1 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -50,7 +50,7 @@ Deployment of Microsoft Surface UEFI Manager is a typical application deployment The command to install Microsoft Surface UEFI Manager is: -`msiexec /i “SurfaceUEFIManagerSetup.msi” /q` +`msiexec /i "SurfaceUEFIManagerSetup.msi" /q` The command to uninstall Microsoft Surface UEFI Manager is: @@ -334,11 +334,11 @@ After your scripts are prepared to configure and enable SEMM on the client devic The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is: -`Powershell.exe -file “.\ConfigureSEMM.ps1”` +`Powershell.exe -file ".\ConfigureSEMM.ps1"` The command to uninstall SEMM with ResetSEMM.ps1 is: -`Powershell.exe -file “.\ResetSEMM.ps1”` +`Powershell.exe -file ".\ResetSEMM.ps1"` To add the SEMM Configuration Manager scripts to Configuration Manager as an application, use the following process: diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md index de525d8e81..0ab31ad648 100644 --- a/education/windows/enable-s-mode-on-surface-go-devices.md +++ b/education/windows/enable-s-mode-on-surface-go-devices.md @@ -48,14 +48,14 @@ process](https://docs.microsoft.com/windows/deployment/windows-10-deployment-sce Copy ``` - - + + 1 @@ -94,14 +94,14 @@ Education customers who wish to avoid the additional overhead associated with Wi Copy ``` - - + + 1 diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md index 90429edde2..d2b40500d8 100644 --- a/education/windows/take-a-test-multiple-pcs.md +++ b/education/windows/take-a-test-multiple-pcs.md @@ -190,7 +190,7 @@ Set-AssignedAccess -AppUserModelId Microsoft.Windows.SecureAssessmentBrowser_cw5 12. Create a new **Action**. 13. Configure the action to **Start a program**. 14. In the **Program/script** field, enter **powershell**. -15. In the **Add arguments** field, enter **-file “”**. +15. In the **Add arguments** field, enter **-file ""**. 16. Click **OK**. 17. Navigate to the **Triggers** tab and create a new trigger. 18. Specify the trigger to be **On a schedule**. diff --git a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md index 127d601503..4cc324ceb2 100644 --- a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md +++ b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md @@ -24,7 +24,7 @@ When you deploy Application Virtualization by using an electronic software distr 3. Run the following command on the computer: - `Msiexec.exe /I “packagename.msi” /q` + `Msiexec.exe /I "packagename.msi" /q` **To publish a package using Windows Installer and the package manifest** @@ -32,7 +32,7 @@ When you deploy Application Virtualization by using an electronic software distr 2. Run the following command on each user’s computer: - `Msiexec.exe /I “\\pathtomsi\packagename.msi” MODE=STREAMING OVERRIDEURL=”\\\\server\\share\\package.sft” LOAD=TRUE /q` + `Msiexec.exe /I "\\pathtomsi\packagename.msi" MODE=STREAMING OVERRIDEURL="\\\\server\\share\\package.sft" LOAD=TRUE /q` **Important**   For OVERRIDEURL all backslash characters must be escaped using a preceding backslash, or the OVERRIDEURL path will not be parsed correctly. Also, properties and values must be entered as uppercase except where the value is a path to a file. diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md index d53dbdb068..14a90fff05 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md +++ b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md @@ -31,7 +31,7 @@ Use the following procedure to create a virtual application by using the command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /INSTALLPACKAGE:“pathtoMSI” /INSTALLPATH:“pathtopackageroot” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md). diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md index 41a93aebcf..1c45f57281 100644 --- a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md +++ b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md @@ -31,7 +31,7 @@ Use the following procedure to create a virtual application by using the command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /INSTALLPACKAGE:“pathtoMSI” /INSTALLPATH:“pathtopackageroot” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Application Virtualization Sequencer Command Line](application-virtualization-sequencer-command-line.md). diff --git a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md index 5e047bd025..ac16495e5e 100644 --- a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md +++ b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md @@ -24,7 +24,7 @@ Use the following procedure to upgrade a virtual application by using a command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /UPGRADE:“pathtosourceSPRJ” /INSTALLPACKAGE:“pathtoUpgradeInstaller” /DECODEPATH:”pathtodecodefolder” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Command-Line Parameters](command-line-parameters.md). diff --git a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md index f73fde87c2..a2983eaa8f 100644 --- a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md +++ b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md @@ -24,7 +24,7 @@ Use the following procedure to upgrade a virtual application by using a command 3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - `SFTSequencer /UPGRADE:“pathtosourceSPRJ” /INSTALLPACKAGE:“pathtoUpgradeInstaller” /DECODEPATH:”pathtodecodefolder” /OUTPUTFILE:“pathtodestinationSPRJ”` + `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"` **Note**   You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md). diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md index 518233e7db..32c8fb82f3 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md @@ -145,13 +145,13 @@ Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** fi To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: ```powershell -Copy-Item “Z:\MBAM Recovery Database Data.bak” +Copy-Item "Z:\MBAM Recovery Database Data.bak" \\$SERVERNAME$\$DESTINATIONSHARE$ -Copy-Item “Z:\SQLServerInstanceCertificateFile” +Copy-Item "Z:\SQLServerInstanceCertificateFile" \\$SERVERNAME$\$DESTINATIONSHARE$ -Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” +Copy-Item "Z:\SQLServerInstanceCertificateFilePrivateKey" \\$SERVERNAME$\$DESTINATIONSHARE$ ``` @@ -253,16 +253,16 @@ Use the information in the following table to replace the values in the code exa Set-WebConfigurationProperty 'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and - Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data + Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and - Hardware;Integrated Security=SSPI;” + Hardware;Integrated Security=SSPI;" Set-WebConfigurationProperty 'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery - and Hardware;Integrated Security=SSPI;” + and Hardware;Integrated Security=SSPI;" ``` >[!Note] diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md index 980c43f797..52af44d82d 100644 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md +++ b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md @@ -72,7 +72,7 @@ To run the example Windows PowerShell scripts in this topic, you must update the 7. To automate this procedure, you can use Windows PowerShell to run a command on the Administration and Monitoring Server that is similar to the following code example. ``` syntax - PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value “http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/” + PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value "http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/" ``` Using the descriptions in the following table, replace the values in the code example with values that match your environment. diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md index dfe7219fbe..112b193c14 100644 --- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md +++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md @@ -158,7 +158,7 @@ It might be necessary to change the PowerShell execution policy to allow these s 3. Run this command on a machine running the ConfigMgr Admin Console: ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath “C:\MyCabFiles\UevPolicyItem.cab” –ConfigurationFile “c:\AgentConfiguration.xml” + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" –ConfigurationFile "c:\AgentConfiguration.xml" ``` 4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem @@ -201,7 +201,7 @@ The result is a baseline CAB file that is ready for import into Configuration Ma 3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator: ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site “ABC” –TemplateFolder “C:\ProductionUevTemplates” –Register “MicrosoftNotepad.xml, MicrosoftCalculator.xml” –CabFilePath “C:\MyCabFiles\UevTemplateBaseline.cab” + C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site "ABC" –TemplateFolder "C:\ProductionUevTemplates" –Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" –CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab" ``` 4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager. diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md index dc187289aa..f4a20fb696 100644 --- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md @@ -21,7 +21,7 @@ Enter the **Get-AppvClientPackage** cmdlet to return a list of packages entitled For example: ```PowerShell -Get-AppvClientPackage –Name “ContosoApplication” -Version 2 +Get-AppvClientPackage –Name "ContosoApplication" -Version 2 ``` ## Add a package @@ -44,13 +44,13 @@ Use the **Publish-AppvClientPackage** cmdlet to publish a package that has been Enter the cmdlet with the application name to publish it to the user. ```PowerShell -Publish-AppvClientPackage “ContosoApplication” +Publish-AppvClientPackage "ContosoApplication" ``` To publish the application globally, just add the *-Global* parameter. ```Powershell -Publish-AppvClientPackage “ContosoApplication” -Global +Publish-AppvClientPackage "ContosoApplication" -Global ``` ## Publish a package to a specific user @@ -70,7 +70,7 @@ To use this parameter: For example: ```PowerShell -Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +Publish-AppvClientPackage "ContosoApplication" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 ``` ## Add and publish a package @@ -90,7 +90,7 @@ Use the **Unpublish-AppvClientPackage** cmdlet to unpublish a package which has For example: ```PowerShell -Unpublish-AppvClientPackage “ContosoApplication” +Unpublish-AppvClientPackage "ContosoApplication" ``` ## Unpublish a package for a specific user @@ -110,7 +110,7 @@ To use this parameter: For example: ```PowerShell -Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 +Unpublish-AppvClientPackage "ContosoApplication" -UserSID S-1-2-34-56789012-3456789012-345678901-2345 ``` ## Remove an existing package @@ -120,7 +120,7 @@ Use the **Remove-AppvClientPackage** cmdlet to remove a package from the compute For example: ```PowerShell -Remove-AppvClientPackage “ContosoApplication” +Remove-AppvClientPackage "ContosoApplication" ``` >[!NOTE] diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md index a82855cb2a..42df49b2c7 100644 --- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md +++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md @@ -45,7 +45,7 @@ This topic explains the following procedures: 2. Enable the connection group by typing the following command: - Enable-AppvClientConnectionGroup –name “Financial Applications” + Enable-AppvClientConnectionGroup –name "Financial Applications" When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group. @@ -81,11 +81,11 @@ This topic explains the following procedures:

Enable-AppVClientConnectionGroup

-

Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

+

Enable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345

Disable-AppVClientConnectionGroup

-

Disable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

+

Disable-AppVClientConnectionGroup "ConnectionGroupA" -UserSID S-1-2-34-56789012-3456789012-345678901-2345

diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md index febf5efcda..894c51e025 100644 --- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md +++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md @@ -25,7 +25,7 @@ Use the following procedure to configure the App-V client configuration. `Set-AppVClientConfiguration $config` - `Set-AppVClientConfiguration –Name1 MyConfig –Name2 “xyz”` + `Set-AppVClientConfiguration –Name1 MyConfig –Name2 "xyz"` ## Have a suggestion for App-V? diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index df7dcde18e..b1d8ac001f 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -693,8 +693,8 @@ PATCH https://graph.windows.net/contoso.com/devices/db7ab579-3759-4492-a03f-655c Authorization: Bearer eyJ0eXAiO……… Accept: application/json Content-Type: application/json -{ “isManaged”:true, - “isCompliant”:true +{ "isManaged":true, + "isCompliant":true } ``` diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index 4d3c1904a5..d794478a6f 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -71,8 +71,8 @@ The following sample shows an OMA DM first package that contains a generic alert 1226 - com.microsoft:mdm.unenrollment.userrequest - int + com.microsoft:mdm.unenrollment.userrequest + int 1 diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md index 9234ee8d90..e047635740 100644 --- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md +++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md @@ -88,8 +88,8 @@ The following Windows PowerShell commands demonstrate how you can call the listA listAumids # Get a list of AUMIDs for an account named “CustomerAccount”: -listAumids(“CustomerAccount”) +listAumids("CustomerAccount") # Get a list of AUMIDs for all accounts on the device: -listAumids(“allusers”) +listAumids("allusers") ``` From 203c1ad202a057167a74c8814fb2b38664a0ee55 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 25 Oct 2018 14:36:15 -0700 Subject: [PATCH 11/32] Update microsoft-edge-kiosk-mode-deploy.md removed the repeated content --- browsers/edge/microsoft-edge-kiosk-mode-deploy.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index a08e947705..2eadc380d3 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -7,7 +7,7 @@ ms.prod: edge ms.sitesec: library title: Deploy Microsoft Edge kiosk mode ms.localizationpriority: medium -ms.date: 10/15/2018 +ms.date: 10/25/2018 --- # Deploy Microsoft Edge kiosk mode @@ -159,16 +159,6 @@ With this method, you can use Microsoft Intune or other MDM services to configur --- -## Microsoft Edge kiosk mode policies - -We added new Microsoft Edge policies to configure the kiosk mode type as well as the idle timer. For these policies to work correctly, you must set up Microsoft Edge in assigned access. - -### Configure kiosk mode -[!INCLUDE [configure-microsoft-edge-kiosk-mode-include](includes/configure-microsoft-edge-kiosk-mode-include.md)] - -### Configure kiosk reset idle timeout -[!INCLUDE [configure-edge-kiosk-reset-idle-timeout-include](includes/configure-edge-kiosk-reset-idle-timeout-include.md)] - ## Supported policies for kiosk mode Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser). From d6a4cc16d64aedf9daa73241db85ecd1e85d64ef Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 25 Oct 2018 15:18:57 -0700 Subject: [PATCH 12/32] Update microsoft-edge-kiosk-mode-deploy.md updated the Windows Setting steps. --- .../edge/microsoft-edge-kiosk-mode-deploy.md | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md index 2eadc380d3..e03842611c 100644 --- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md +++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md @@ -71,7 +71,7 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed - **Microsoft Intune or other MDM service.** Use to set up several single-app and multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience by using the [supported or available] Microsoft Edge policies. For a list of supported policies see [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode). >[!NOTE] - >For other MDM service, check with your provider for instructions. + >For other MDM services, check with your provider for instructions. @@ -83,31 +83,32 @@ Before you can configure Microsoft Edge kiosk mode, you must set up Microsoft Ed ### Use Windows Settings - Windows Settings is the simplest and easiest way to set up one or a couple of devices because you perform these steps physically on each device. This method is ideal for small businesses. +>[!IMPORTANT] +>Windows Settings is only for setting up a single-app kiosk device. For a multi-app kiosk device, use Microsoft Intune or Windows PowerShell. You can also use Intune or PowerShell to configure a single-app device. + When you set up a single-app kiosk device using Windows Settings, you must first set up assigned access before configuring the device. With assigned access, you restrict a local standard user account so that it only has access to one Windows app, such as Microsoft Edge in kiosk mode. -1. In the search field of Windows Settings, type **kiosk** and then select **Set up a kiosk (assigned access)**. +1. Open Windows Settings, type **kiosk** in the search field and select **Set up a kiosk (assigned access)**. 2. On the **Set up a kiosk** page, click **Get started**. -3. Type a name to create a new account, or you can choose an existing account and click **Next**. +3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**. 4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**. 5. Select how Microsoft Edge displays when running in kiosk mode: - - **As a digital sign or interactive display**, the default URL shows in full screen, without browser controls. + - **As a digital sign or interactive display**, the default URL shows in full screen, without browser controls. Use digital signage for things like a rotating advertisement or menu, or use interactive signage for a building business directory or restaurant order/pay station. - - **As a public browser**, the default URL shows in a browser view with - limited browser controls. + - **As a public browser**, the default URL shows in a browser view with limited browser controls. Microsoft Edge is the only app available for public browsing. Users cannot minimize, close, or open windows or customize Microsoft Edge, but can click the **End session** button to clear their browsing data and restart with a new session. 6. Select **Next**. 7. Type the URL to load when the kiosk launches. - >[!NOTE] + >[!TIP] >The URL sets the Home button, Start page, and New Tab page. 8. Accept the default value of **5 minutes** for the idle time or provide a value of your own. @@ -121,9 +122,9 @@ When you set up a single-app kiosk device using Windows Settings, you must first 11. Once you've configured the policies, restart the kiosk device and sign in with the local kiosk account to validate the configuration. -**_Congratulations!_** You’ve just finished setting up Microsoft Edge in assigned access, a kiosk or digital sign, and configured Microsoft Edge kiosk mode. +**_Congratulations!_**

You’ve just finished setting up a single-app kiosk device. -**_Next steps._** +**_What's next?_** |If you want to... |Then... | |---|---| @@ -153,9 +154,9 @@ With this method, you can use Microsoft Intune or other MDM services to configur --- -**_Congratulations!_** You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service. +**_Congratulations!_**

You’ve just finished setting up a kiosk or digital signage and configuring group policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service. -**_Next steps._** Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app. +**_What's next?_**

Use your new kiosk. Sign in to the device using the user account that you selected to run the kiosk app. --- From 557eeb305fa38f1297593ac2ba81679a8222a689 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Oct 2018 16:15:55 -0700 Subject: [PATCH 13/32] edits --- .../account-lockout-threshold.md | 14 ++++++++------ .../reset-account-lockout-counter-after.md | 4 ++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 1023c1e03f..f881b9fedb 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 04/19/2017 +ms.date: 10/25/2018 --- # Account lockout threshold @@ -22,22 +22,22 @@ Describes the best practices, location, values, and security considerations for The **Account lockout threshold** policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the [Account lockout duration](account-lockout-duration.md) policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If **Account lockout threshold** is set to a number greater than zero, **Account lockout duration** must be greater than or equal to the value of [Reset account lockout counter after](reset-account-lockout-counter-after.md). -Failed password attempts on workstations or member servers that have been locked by using CTRL+ALT+DELETE or password-protected screen savers do not count as failed sign-in attempts unless [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) is set to **Enabled**. If Interactive logon: Require Domain Controller authentication to unlock workstation is enabled, repeated failed password attempts to unlock the workstation will count against the account lockout threshold. - Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of **Account lockout threshold**, the attacker could potentially lock every account. +Failed attempts to unlock a workstation can cause account lockout even if the [Interactive logon: Require Domain Controller authentication to unlock workstation](interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md) security option is disabled. Windows doesn’t need to contact a domain controller for an unlock if you enter the same password that you logged on with, but if you enter a different password, Windows has to contact a domain controller in case you had changed your password from another machine. + ### Possible values It is possible to configure the following values for the **Account lockout threshold** policy setting: - A user-defined number from 0 through 999 - Not defined -Because vulnerabilities can exist when this value is configured and when it is not, organizations should weigh their identified threats and the risks that they are trying to mitigate. For information these settings, see [Countermeasure](#bkmk-countermeasure) in this topic +Because vulnerabilities can exist when this value is configured and when it is not, organizations should weigh their identified threats and the risks that they are trying to mitigate. For information these settings, see [Countermeasure](#bkmk-countermeasure) in this topic. ### Best practices -The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, a setting above 4 and below 10 could be an acceptable starting point for your organization. +The threshold that you select is a balance between operational efficiency and security, and it depends on your organization's risk level. To allow for user error and to thwart brute force attacks, a value of 10 could be an acceptable starting point for your organization. > **Important:**  Implementation of this policy setting is dependent on your operational environment; threat vectors, deployed operating systems, and deployed apps. For more information, see [Implementation considerations](#bkmk-impleconsiderations) in this topic.   ### Location @@ -72,6 +72,8 @@ Implementation of this policy setting is dependent on your operational environme - When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases. - Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold. +For more information about Windows security baseline recommendatiosn for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). + ## Security considerations This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. @@ -91,7 +93,7 @@ Because vulnerabilities can exist when this value is configured and when it is n - A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment. - Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account. - A good recommendation for such a configuration is 50 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. We recommend this option if your organization cannot implement complex password requirements and an audit policy that alerts administrators to a series of failed sign-in attempts. + Windows security baselines recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems. ### Potential impact diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index e735885b8d..d836f95a6e 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 04/19/2017 +ms.date: 10/25/2018 --- # Reset account lockout counter after @@ -60,7 +60,7 @@ Users can accidentally lock themselves out of their accounts if they mistype the ### Countermeasure -Configure the **Reset account lockout counter after** policy setting to 30. +Configure the **Reset account lockout counter after** policy setting to 15. ### Potential impact From af48945a657a89daa2edc7b77ff680211a61911c Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 25 Oct 2018 16:37:43 -0700 Subject: [PATCH 14/32] eits --- .../security-policy-settings/account-lockout-threshold.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index f881b9fedb..8375b9b36f 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -72,7 +72,7 @@ Implementation of this policy setting is dependent on your operational environme - When negotiating encryption types between clients, servers, and domain controllers, the Kerberos protocol can automatically retry account sign-in attempts that count toward the threshold limits that you set in this policy setting. In environments where different versions of the operating system are deployed, encryption type negotiation increases. - Not all apps that are used in your environment effectively manage how many times a user can attempt to sign-in. For instance, if a connection drops repeatedly when a user is running the app, all subsequent failed sign-in attempts count toward the account lockout threshold. -For more information about Windows security baseline recommendatiosn for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). +For more information about Windows security baseline recommendations for account lockout, see [Configuring Account Lockout](https://blogs.technet.microsoft.com/secguide/2014/08/13/configuring-account-lockout/). ## Security considerations From c815acdb185efbec4a4fa68cad1fe2786d296b4f Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Fri, 26 Oct 2018 02:55:14 -0400 Subject: [PATCH 15/32] typo: supress -> suppress --- windows/configuration/wcd/wcd-calling.md | 2 +- windows/deployment/deploy-windows-to-go.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md index dd7a6057aa..cde8d098c0 100644 --- a/windows/configuration/wcd/wcd-calling.md +++ b/windows/configuration/wcd/wcd-calling.md @@ -86,7 +86,7 @@ ResetCallForwarding | When set to **True**, user is provided with an option to r ShowCallerIdNetworkDefaultSetting | Indicates whether the network default setting can be allowed for outgoing caller ID. ShowVideoCallingSwitch | Use to specify whether to show the video capability sharing switch on the mobile device's Settings screen. ShowVideoCapabilitySwitch | Configure the phone settings to show the video capability sharing switch. -SupressVideoCallingChargesDialog | Configure the phone settings CPL to supress the video calling charges dialog. +SupressVideoCallingChargesDialog | Configure the phone settings CPL to suppress the video calling charges dialog. UssdExclusionList | List used to exclude predefined USSD entries, allowing the number to be sent as standard DTMF tones instead. Set UssdExclusionList to the list of desired exclusions, separated by semicolons. For example, setting the value to 66;330 will override 66 and 330. Leading zeros are specified by using F. For example, to override code 079, set the value to F79. If you set UssdExclusionList, you must set IgnoreUssdExclusions as well. Otherwise, the list will be ignored. See [List of USSD codes](#list-of-ussd-codes) for values. WiFiCallingOperatorName | Enter the operator name to be shown when the phone is using WiFi calling. If you don't set a value for WiFiCallingOperatorName, the device will always display **SIMServiceProviderName Wi-Fi**, where *SIMServiceProviderName* is a string that corresponds to the SPN for the SIM on the device. If the service provider name in the SIM is not set, only **Wi-Fi** will be displayed. diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md index 2e2da9aa71..fbc54619d1 100644 --- a/windows/deployment/deploy-windows-to-go.md +++ b/windows/deployment/deploy-windows-to-go.md @@ -906,7 +906,7 @@ foreach ($disk in $Disks) <# If a domain name was provided to the script, we will create a random computer name - and perform an offline domain join for the device. With this command we also supress the + and perform an offline domain join for the device. With this command we also suppress the Add User OOBE screen. #> if ($DomainName) From 3cdc95b75808a33c56f967461c5190cbed2dcec6 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Fri, 26 Oct 2018 02:58:59 -0400 Subject: [PATCH 16/32] typo: Double word "the" --- education/windows/use-set-up-school-pcs-app.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index d9a63ba9d3..ad1e1eb9e2 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -23,7 +23,7 @@ Set up School PCs also: * Utilizes Windows Update and maintenance hours to keeps student PCs up-to-date, without interfering with class time. * Locks down the student PC to prevent activity that isn't beneficial to their education. -This article describes how to fill out your school's information in the the Set up School PCs app. To learn more about the app's functionality, start with the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md). +This article describes how to fill out your school's information in the Set up School PCs app. To learn more about the app's functionality, start with the [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md). ## Requirements Before you begin, make sure that you, your computer, and your school's network are configured with the following requirements. From e83daec3f392e53fd470da4ab58d213be0a8f84f Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Fri, 26 Oct 2018 03:01:26 -0400 Subject: [PATCH 17/32] fix: Remove space in markdown link --- .../manage-windows-10-in-your-organization-modern-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index ec81e086de..6b9b5bfd9d 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -49,7 +49,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can: -- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot] (https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune). +- Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune). - Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). From bda01df0455e8808f96623e2b1001ac4db63f58c Mon Sep 17 00:00:00 2001 From: Lorenzo Pini Date: Fri, 26 Oct 2018 09:53:48 +0200 Subject: [PATCH 18/32] https for download.microsoft.com --- .../windows-platform-common-criteria.md | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 1be7c7a0fb..8371aff1a9 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -18,14 +18,14 @@ Microsoft is committed to optimizing the security of its products and services. The Security Target describes security functionality and assurance measures used to evaluate Windows. - - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) - - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](http://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) - - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book](http://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) + - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf) + - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx) + - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx) - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) - [Windows 10 and Windows Server 2012 R2](http://www.commoncriteriaportal.org/files/epfiles/st_windows10.pdf) - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-st.pdf) @@ -54,29 +54,29 @@ These documents describe how to configure Windows to replicate the configuration **Windows 10, Windows 10 Mobile, Windows Server 2016, Windows Server 2012 R2** - - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) - - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](http://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) - - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](http://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) - - [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](http://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) - - [Windows 10 and Windows Server 2012 R2 Administrative Guide](http://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) - - [Windows 10 Common Criteria Operational Guidance](http://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) + - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/5/D/2/5D26F473-0FCE-4AC4-9065-6AEC0FE5B693/Windows%2010%201709%20GP%20OS%20Administrative%20Guide.pdf) + - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/e/9/7/e97f0c7f-e741-4657-8f79-2c0a7ca928e3/windows%2010%20cu%20gp%20os%20operational%20guidance%20\(jan%208%202017%20-%20public\).pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/4/c/1/4c1f4ea4-2d66-4232-a0f5-925b2bc763bc/windows%2010%20au%20operational%20guidance%20\(16%20mar%202017\)\(clean\).docx) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/b/5/2/b52e9081-05c6-4895-91a3-732bfa0eb4da/windows%2010%20au%20and%20server%202016%20gp%20os%20operational%20guidance%20\(final\).docx) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client Operational Guidance](https://download.microsoft.com/download/2/c/c/2cc8f929-233e-4a40-b673-57b449680984/windows%2010%20au%20and%20server%202016%20ipsec%20vpn%20client%20operational%20guidance%20\(21%20dec%202016\)%20\(public\).docx) + - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/3/3/f/33fa01dd-b380-46e1-833f-fd85854b4022/st_vid10746-agd.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book Administrative Guide](https://download.microsoft.com/download/3/2/c/32c6fa02-b194-478f-a0f6-0215b47d0f40/windows%2010%20mdf3%20mobile%20device%20pp%20operational%20guidance%20\(may%2027,%202016\)\(public\).docx) + - [Microsoft Windows 10 Mobile and Windows 10 Administrative Guide](https://download.microsoft.com/download/2/d/c/2dce3435-9328-48e2-9813-c2559a8d39fa/microsoft%20windows%2010%20and%20windows%2010%20mobile%20guidance.pdf) + - [Windows 10 and Windows Server 2012 R2 Administrative Guide](https://download.microsoft.com/download/0/f/d/0fd33c9a-98ac-499e-882f-274f80f3d4f0/microsoft%20windows%2010%20and%20server%202012%20r2%20gp%20os%20guidance.pdf) + - [Windows 10 Common Criteria Operational Guidance](https://download.microsoft.com/download/d/6/f/d6fb4cec-f0f2-4d00-ab2e-63bde3713f44/windows%2010%20mobile%20device%20operational%20guidance.pdf) **Windows 8.1 and Windows Phone 8.1** - - [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](http://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) - - [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](http://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) + - [Microsoft Surface Pro 3 Common Criteria Mobile Operational Guidance](https://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx) + - [Windows 8.1 and Windows Phone 8.1 CC Supplemental Admin Guide](https://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx) **Windows 8, Windows RT, and Windows Server 2012** - - [Windows 8 and Windows Server 2012](http://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) - - [Windows 8 and Windows RT](http://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) - - [Windows 8 and Windows Server 2012 BitLocker](http://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) - - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](http://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) + - [Windows 8 and Windows Server 2012](https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx) + - [Windows 8 and Windows RT](https://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx) + - [Windows 8 and Windows Server 2012 BitLocker](https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf) + - [Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client](https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx) **Windows 7 and Windows Server 2008 R2** @@ -130,14 +130,14 @@ These documents describe how to configure Windows to replicate the configuration An Evaluation Technical Report (ETR) is a report submitted to the Common Criteria certification authority for how Windows complies with the claims made in the Security Target. A Certification / Validation Report provides the results of the evaluation by the validation team. - - [Microsoft Windows 10 (Fall Creators Update)](http://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) - - [Microsoft Windows 10 (Creators Update)](http://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) - - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](http://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](http://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) - - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](http://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) - - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](http://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) - - [Microsoft Windows 10 IPsec VPN Client](http://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) - - [Microsoft Windows 10 November 2015 Update with Surface Book](http://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) + - [Microsoft Windows 10 (Fall Creators Update)](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf) + - [Microsoft Windows 10 (Creators Update)](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf) + - [Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, and Microsoft Windows 10 Hyper-V](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows 10 Mobile (Anniversary Update)](https://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf) + - [Microsoft Windows 10 (Anniversary Update) and Windows Server 2016](https://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf) + - [Windows 10 (Anniversary Update) and Windows Server 2016 IPsec VPN Client](https://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf) + - [Microsoft Windows 10 IPsec VPN Client](https://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf) + - [Microsoft Windows 10 November 2015 Update with Surface Book](https://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf) - [Microsoft Windows 10 Mobile with Lumia 950, 950 XL, 550, 635, and Windows 10 with Surface Pro 4](https://www.niap-ccevs.org/st/st_vid10694-vr.pdf) - [Windows 10 and Windows Server 2012 R2](https://www.commoncriteriaportal.org/files/epfiles/cr_windows10.pdf) - [Windows 10](https://www.niap-ccevs.org/st/st_vid10677-vr.pdf) @@ -165,5 +165,5 @@ An Evaluation Technical Report (ETR) is a report submitted to the Common Criteri ## Other Common Criteria Related Documents - - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](http://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc) + - [Identifying Windows XP and Windows Server 2003 Common Criteria Certified Requirements for the NIST Special Publication 800-53](https://download.microsoft.com/download/a/9/6/a96d1dfc-2bd4-408d-8d93-e0ede7529691/xpws03_ccto800-53.doc) From 6d02a3f42f1d4047422a35460508e2b29672f338 Mon Sep 17 00:00:00 2001 From: McCa11um <44292518+McCa11um@users.noreply.github.com> Date: Fri, 26 Oct 2018 13:20:14 +0100 Subject: [PATCH 19/32] Fixed typo - line 25 Changed; "regisration" to "registration" --- .../hello-for-business/hello-hybrid-key-trust-devreg.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index c4ddccad00..e17f824edc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -22,7 +22,7 @@ ms.date: 08/19/2018 You are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication. > [!NOTE] -> Before proceeding, you should familiarize yourself with device regisration concepts such as: +> Before proceeding, you should familiarize yourself with device registration concepts such as: > * Azure AD registered devices > * Azure AD joined devices > * Hybrid Azure AD joined devices @@ -48,4 +48,4 @@ Next, follow the guidance on the [How to configure hybrid Azure Active Directory 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. Configure Azure Device Registration (*You are here*) 6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md) -7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) \ No newline at end of file +7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) From 26edcbfcd4d20c134fbc3b0a6dbb31079fb56ba6 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 26 Oct 2018 10:06:10 -0700 Subject: [PATCH 20/32] Updated SE Labs --- .../intelligence/top-scoring-industry-antivirus-tests.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 3eb922192c..828ae2e268 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -74,6 +74,10 @@ This test, as defined by AV-Comparatives, attempts to assesses a security progra SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services. +### Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) **pdf** + +Windows Defender ATP next-gen protection was named as one of the most effective products, protecting against all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly. + ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) **pdf** Windows Defender ATP next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. From 4f0450f0477e4f17811057a84d7ee2fc0fbb79dd Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Fri, 26 Oct 2018 17:20:24 +0000 Subject: [PATCH 21/32] Updated index.md --- windows/eulas/index.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/windows/eulas/index.md b/windows/eulas/index.md index 7d6b50323c..2eb00343d3 100644 --- a/windows/eulas/index.md +++ b/windows/eulas/index.md @@ -1 +1,12 @@ -# Welcome to eula-vsts! \ No newline at end of file +--- +title: Windows 10 - Testing in live +description: What are Windows, UWP, and Win32 apps +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: mobile +ms.author: elizapo +author: lizap +ms.localizationpriority: medium +--- +# Testing non-editability From 2c232dafd05c93a592b8ca033e6bdeec8b78fb63 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Fri, 26 Oct 2018 10:21:16 -0700 Subject: [PATCH 22/32] Update change-history-for-microsoft-edge.md --- browsers/edge/change-history-for-microsoft-edge.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md index af0f42078e..3b39c63a9c 100644 --- a/browsers/edge/change-history-for-microsoft-edge.md +++ b/browsers/edge/change-history-for-microsoft-edge.md @@ -41,8 +41,8 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi | New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] | | New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] | | New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] | -| New | [Configure kiosk mode](microsoft-edge-kiosk-mode-deploy.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] | -| New | [Configure kiosk reset idle timeout](microsoft-edge-kiosk-mode-deploy.md#configure-kiosk-reset-idle-timeout) |[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] | +| New | [Configure kiosk mode](available-policies.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] | +| New | [Configure kiosk reset after idle timeout](available-policies.md#configure-kiosk-reset-after-idle-timeout) |[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] | | New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] | | New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] | | New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] | @@ -96,4 +96,4 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi |----------------------|-------------| |[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. | ---- \ No newline at end of file +--- From 6ad2b0deda15bff3a6c6849d800428c48b9fd017 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 26 Oct 2018 10:30:36 -0700 Subject: [PATCH 23/32] SE Labs update --- .../intelligence/top-scoring-industry-antivirus-tests.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md index 828ae2e268..5f2f3fbb28 100644 --- a/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md +++ b/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests.md @@ -76,11 +76,11 @@ SE Labs tests a range of solutions used by products and services to detect and/o ### Enterprise Endpoint Protection July - September 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/jul-sep-2018-enterprise.pdf) **pdf** -Windows Defender ATP next-gen protection was named as one of the most effective products, protecting against all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly. +Microsoft's next-gen protection was named as one of the most effective products, stopping all public and targeted attacks. It showcased its ability to block malicious URLs, deal with exploits, and classify legitimate apps and websites correctly. ### Enterprise Endpoint Protection April - June 2018: [AAA award](https://selabs.uk/download/enterprise/epp/2018/apr-jun-2018-enterprise.pdf) **pdf** -Windows Defender ATP next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. +Microsoft's next-gen protection was named as one of the most effective products, stopping all targeted attacks and the vast majority of public threats. ## To what extent are tests representative of protection in the real world? From cb7eda9f2a1d101da5bf58ca32be8c751d533d13 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 11:07:16 -0700 Subject: [PATCH 24/32] add note on alerts that are pulled --- ...g-rest-api-windows-defender-advanced-threat-protection.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 34c1292d77..ad62eb06f9 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 04/24/2018 +ms.date: 10/26/2018 --- # Pull Windows Defender ATP alerts using REST API @@ -41,6 +41,9 @@ The _Client credential flow_ uses client credentials to authenticate against the Use the following method in the Windows Defender ATP API to pull alerts in JSON format. +>[!NOTE] +>Only alerts with a status as "new" are pulled. Alerts with that are "in progress" or "resolved" will not be pulled. + ## Before you begin - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). From 03d679a2bbe8b71a45b5159cb77b7a1ba10b49a3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 11:08:18 -0700 Subject: [PATCH 25/32] typo --- ...sing-rest-api-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index ad62eb06f9..52d6e869ad 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -42,7 +42,7 @@ The _Client credential flow_ uses client credentials to authenticate against the Use the following method in the Windows Defender ATP API to pull alerts in JSON format. >[!NOTE] ->Only alerts with a status as "new" are pulled. Alerts with that are "in progress" or "resolved" will not be pulled. +>Only alerts with a status as "new" are pulled. Alerts that are "in progress" or "resolved" will not be pulled. ## Before you begin - Before calling the Windows Defender ATP endpoint to pull alerts, you'll need to enable the SIEM integration application in Azure Active Directory (AAD). For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md). From 8873df1656a0a0baafda35777f8936afc72283fc Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Fri, 26 Oct 2018 19:16:46 +0000 Subject: [PATCH 26/32] Merged PR 12399: Added link to SCCM doc on upgrade page Link added --- windows/deployment/upgrade/windows-10-edition-upgrades.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index 450da4c243..0ad3bfb8c0 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -8,7 +8,7 @@ ms.localizationpriority: medium ms.sitesec: library ms.pagetype: mobile author: greg-lindsay -ms.date: 07/06/2018 +ms.date: 10/25/2018 --- # Windows 10 edition upgrade @@ -24,6 +24,8 @@ For a list of operating systems that qualify for the Windows 10 Pro Upgrade or W The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. +Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/sccm/compliance/deploy-use/upgrade-windows-version) in System Center Configuratio Manager. + ![not supported](../images/x_blk.png) (X) = not supported
![supported, reboot required](../images/check_grn.png) (green checkmark) = supported, reboot required
![supported, no reboot](../images/check_blu.png) (blue checkmark) = supported, no reboot required
From 0be53eeed6b01dbfa839aef5eddda0b8bf2080af Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 26 Oct 2018 13:49:58 -0700 Subject: [PATCH 27/32] edits --- .../security-policy-settings/account-lockout-threshold.md | 4 ++-- .../reset-account-lockout-counter-after.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 8375b9b36f..681ff23ad9 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 10/25/2018 +ms.date: 10/26/2018 --- # Account lockout threshold @@ -93,7 +93,7 @@ Because vulnerabilities can exist when this value is configured and when it is n - A robust audit mechanism is in place to alert administrators when a series of failed sign-ins occur in the environment. - Configure the **Account lockout threshold** policy setting to a sufficiently high value to provide users with the ability to accidentally mistype their password several times before the account is locked, but ensure that a brute force password attack still locks the account. - Windows security baselines recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. + [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring a threshold of 10 invalid sign-in attempts, which prevents accidental account lockouts and reduces the number of Help Desk calls, but does not prevent a DoS attack. Using this type of policy must be accompanied by a process to unlock locked accounts. It must be possible to implement this policy whenever it is needed to help mitigate massive lockouts caused by an attack on your systems. ### Potential impact diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index d836f95a6e..8af58b7acd 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 10/25/2018 +ms.date: 10/26/2018 --- # Reset account lockout counter after @@ -60,7 +60,7 @@ Users can accidentally lock themselves out of their accounts if they mistype the ### Countermeasure -Configure the **Reset account lockout counter after** policy setting to 15. +[Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend configuring the **Reset account lockout counter after** policy setting to 15. ### Potential impact From 4a8a69f511a3f18ad9677417d08f182e6a595998 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 13:54:12 -0700 Subject: [PATCH 28/32] add link to ask overview page --- windows/security/threat-protection/index.md | 2 +- ...ows-defender-advanced-threat-protection.md | 48 ++++++++++++++++++- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 43e37f1269..69c6127970 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -18,7 +18,7 @@ Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified

Windows Defender ATP

- + diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index b4a4da13ba..d4de5ebbcc 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -22,10 +22,56 @@ ms.date: 09/03/2018 Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. -To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. +

Windows Defender ATP

+

Attack surface reduction

Attack surface reduction

Next generation protection

Endpoint detection and response

Automated investigation and remediation
+ + + + + + + + + + + + + + +
+ +

Attack surface reduction

Next generation protection

Endpoint detection and response

Automated investigation and remediation

Secure score

Advanced hunting
+
Management and APIs
Microsoft Threat Protection
+
+ + +Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: + +- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors + collect and process behavioral signals from the operating system + (for example, process, registry, file, and network communications) + and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP. + + +- **Cloud security analytics**: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, + enterprise cloud products (such as Office 365), and online assets + (such as Bing and SmartScreen URL reputation), behavioral signals + are translated into insights, detections, and recommended responses + to advanced threats. + +- **Threat intelligence**: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker + tools, techniques, and procedures, and generate alerts when these + are observed in collected sensor data. + + + + + The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network. +To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. + ## In this section Topic | Description From f753ae02fda19502b7e05f7249ef3cfd7dcbc769 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 14:04:44 -0700 Subject: [PATCH 29/32] add icons for table --- .../windows-defender-atp/images/AH_icon.png | Bin 0 -> 3707 bytes .../windows-defender-atp/images/AR_icon.png | Bin 0 -> 4124 bytes .../windows-defender-atp/images/ASR_icon.png | Bin 0 -> 4524 bytes .../windows-defender-atp/images/EDR_icon.png | Bin 0 -> 6095 bytes .../windows-defender-atp/images/NGP_icon.png | Bin 0 -> 3733 bytes .../windows-defender-atp/images/SS_icon.png | Bin 0 -> 2802 bytes 6 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-atp/images/AH_icon.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/AR_icon.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png create mode 100644 windows/security/threat-protection/windows-defender-atp/images/SS_icon.png diff --git a/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png b/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..ff9c97c86ec1babf25f5923ca116b48201216dfa GIT binary patch literal 3707 zcmV->4utWEP)002t}1^@s6I8J)%00004XF*Lt006O% z3;baP00009a7bBm000ic000ic0Tn1pfB*mh8FWQhbW?9;ba!ELWdLwtX>N2bZe?^J zG%heMGBNQWX_Wu~4fsh!K~#8N?OSXFzRFpAsRz-mmk}U8E5bA;Lw} z9FxZ}<8V5`DRCX<5n1U+(e3l;Q_`wudf{iM!p<=%g~>O0cFDjIxy`WIELFofs4cot zh0na)y6H;(C^8#?$z-#h*mMk?l)h}0u}81H8KQ#wQCRUn(plyX+#|~&r-DSesRk?CMT5bbtu- z3vmi1&k&|(KIurBvdJABOdr8;bs6emr6|I234WjW=pB@Kyw#7F_npNKPFNB?>C-6Rfi9S&0W||`^33Bn{n6kUQ9~J#-yYi-1kx*wjXapEA_1#B}1E1 zr*vICWzkv=i_KE1bjh?+^o`60+_AV2*CrKX=JEopJJN$1BCnTcgJ0F<7RD)^&D$N) z+T?R+r_QJw{AJ5IOrY6z9WB>K-z~+lwjQx}etIBieWhzC;PE2C6|$srODh$(SMGR4 zJ4o?k7)OfDTv3KK-b=VZwo2=SC`N4q+nsddlyWargGexrbv<}|<7teae;Cu3 z7vrO{PIPf~DmRC8X!>>uLncdAwnSumLCUZ_@izHz|4Rj!n3RWEn<`M=q69{Sm2G?Q zmQzZ>x=`Rl!Q{0P5APLR#I&V_h)?!l)qy6oF*iJ0tri;GgDYe)N#^eJ(kf{IzW;)U zjJF3%GV0MnO4v&-7*3UxtOG)paY{Al!Qh)Aej3Hut?)Em!JVlGFgYaM~CvUswqGJIoeNQ3)Vkxii)wenD#+7l*|4~a{&0G!Ey%}S@4B`b(a?HZc0&SIl< zp&g?^zO&SWxcOe1ZS6#&%HwS723)XNDj18-Gic6-C&@+?AbD4#+7YL`p|YE_Fz6Su z*k;+=9XVOxh!UhRt4L-nPTruk1Cm4aAz6P!FTh6(oRfF$iidq z9Y=k)imBTbQA;nXA)gdnE(-fm)CAo7LMG;JJ+8}^pQl{R)vPv-mIO{IDZC`Nl(yo= z)I$7x^zy-3{n+8_yYY;n?nsHXPGwezC38%(N zt@URs&sP~hOC>nZcHs7E7t3geaC1r~rZ3JGUoQM+T|FX_WrP?Q{HUeb@T0UG+(kyV ziapVw)}g&cN}DS;4lQRm^OQzDOxn)#$pdBSo-?wIT3g&HH1-G6Q-25}ONX{Yf8fXX zmhyI7pPYwhKCK3=MuM$Mcu&rBXjy;Yx;*Q`doXnIL@Mv_V@lE?{PLaSXd~NcPcBp2 zMp#a8aS)=A71l*m@DuNuEft7MIE20RmcZ5_2kB2c|GPakn|z}a0q@zVkm*H3XvqL!Rh5e< zV?6*U9x&jhJGydNQOgx_QVa3i&I<#uThd5l(x2%p7!kbem> zKNs_MT_oemFZOt|8(L5OFy1q&DE7HOn3{TMoRw#{pqrk!G9IP5e;&t#6P-TXzO(?3 zZK{#CuEFxyfj8#tvT&cg!%$`;OBPNR)#Jde&UEzR^^B8PxwkrM`0LhMeOb&JRaV~oz4eG+REQZX z%aOMCjL0B$MK)XhRT)*-QQj=F=nPcJA|ay9lD7vG%Wd-Ewz;2Ud_qptaBWgPu1P*3 zuY)Hf(B?TI*SdPhW^l-n_$|~=&IOteawk}{=t6}exTas0``^~{I4lFdOyn_gC4L=^ zIf2F;pO`0aUB8xe7}rtxM9yQmSSG6the`BcditZ2vSUDmjlL5R$YOEyXeMuSUri78 z)Y5W`5*B5VAx+N5zcRW4c^MpP>^hv@PyKLzMs+;~2W_b{tGuZ@&_9RW)|JQQ@JSVL z$FgGF^XdtFR^`X;YP+s8uxzEx4vC1cXoyIb6Gp&jVMitVSUE_`Y?W!ud5q9{Cf`kj z_it48qvo<7)1S}BuhvySRzKxwxn18G27-Rc>JQnpRHx4O;F)b_a`EwC2@f$Yk;GS@pfR zh3wWN@07|?RL@$=0v`4VfQRA_9sABgZr+?vYUOp2TM`VJECw&dKdd{9smYl*(5M2t zCgA`fH-|zC#UFkn5Algv`0|{YZ|=YqvUr=Y{X{n=CS>Ec>q>EnZ5QRqR~U|1FfqP{ z##t%eCbjhV(AG;zQry&W#zG-&c^o>}jr**k2b0N_d1!T^d>V6eW)FQCidKGHr1+mV z9>rw3qwgPX7sYiSpu*ZQJFdY#avOkeFU-Q6|L6~JO}WOx;VfZGbecAS4-iQ=req_V z1Tq^Kx8Mp{d@wPE7yY;+H48JB<{+oBM;_rpD$&I#$FPae7=JgMGH*X-rI!lX+OwmL z+!!lr1wQeWXY;e$s>xl*$Fn=?<-sGc>bn6KmLVy`gvlEK;Dhpuh)eR|r!N8+Ivna^aslprsQ~%si73l3$A~?C{zAmB zcn?`*{fWrp?|;OB7;knR8L z`pgQ2&I`XNfADNCp4@yEw=6BjxRe4+SyYUBSC`_+502ycoz+O*(;{y*?|btYUZFk9 zzdt>NU%y?3JJXKfn^b@Df+GBQ^--+xwxOPw94=C#VFbuBO6k&M_u^>t6|D6(>h%7T2dKZW>8av8p!Qi8aYJWO4bk7>(F@Uyp0B5_v}GAi3}fgCV3;(8-S zlCohZOJU|0#puK_wn6MTHW7QJ7cL{St_`b;`CDHe9(?y0cGq4)eq#r!+k4SY?3gbw z=Aoc8>3O6uB4nvbq^k8nK#5a-h;{ezUXTt?y&v%jht$Axb<>tBNew;}Vi&FWNMS^l zpT{^g&kDx_#jO><;)FhVxVK3h>Mtusn8h!l1m^q(_J17t~6 ztB%GAR+*hKG8iG76|S2zZQ{B0mY-#2mIIOM3qtA*Cq|5{NC+rxMRXZvip{crt!x!C ztc$=IA0dn?S)uTlnYFQ8euE%R<|vR74WmyMk->cM4DvMi5hwp|==kT%F|xwJWaTyZ zFe7C*{+?c-uEQv}2Yn$X$Wl^hpXc+VwyOt?SI8gZWyrIOuCanqCyS}jpdPxW?7Ub) z49qM;mpZ66K_-9H5fCC~Y*q|ICp=+{to|`Jv#thXWDNpiWDNpiWDNpiWDNpiWDOX= Z{{b literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..887498f7bcf8f4ade668464d437a8b9d7f1707f7 GIT binary patch literal 4124 zcmV+%5aaKOP)002t}1^@s6I8J)%00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9 za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V01u2wL_t(|UhP^3a2(YcKI0f-Ff9oTPAEUVC3&qA*2Gs6!cal!M zSnXu#Wa(5+r)qWS%m3cnce{JHDtD4CGr3RN-S^(U^1pBY|KI<;JrlwhHNs>CfiPJ? zAWT*e2$K~A!ej-3Fj+w$OjZyGlNAKQWCejRSwY|elQpPZ1qS(_rgTuG)Y3r=utOB%6$$}K}M^-ePCZ>h3IYQen&x;c>1!VV8zqd7gJ`a>j8FVG~@nFMKH~^VaA$V zJg~J8lNMNT{faa!_|S!%rhcWigvMlj{%$-md~d`1tN=$F8iZdGM4hLDncS0m$}oA6 z9ak?&$Da?nU_I9bXKOFkr_|${YqMdRlY*JC`PgFdz{MIVU=s01#{b0&VSFJ*FhURx zK3Jisz8~2+4SiT}yc*Z9bl|disrd2sG91irK|6C=8f3b=G3%%c*F=H^T^~<@%6R&h)b-8t4*3E)usB{sZ$di zFK)-Q8;)N z{MpmQB#A7~v_b7$O{Ld#;<+PLxMqo+Ov!@B-adm5O4`w3C8@{l}il_HE@!8o9jcF2m zeY2!?tg&H4vib)!11nbvEp6>&JqPld@uSxZh@=#JX?YqV$(iSSwceYxV8UztjNa@d zl$yM*sISt|L|yL9ZNbA^X)H3$n^xGdz7y-fc6&VrJ8Mj%TJ!rZYsIaOF^TQ63ga$!0Jk){`taDQAj{+Z>4 zPMKI;pR9~9>WlJ{`r)9~U^KCuIMlR&-Q9`59xTJu`N^c!iFj;BE>4uTlH39p$qbDL z>7v>GC$|yb-;~8kx{=J_rH@@GZPS~a5kzU=J?4+PsXS2QsIGL*jKaY)fyA?vC~fY>ed{P-q?qX`a+#*R^ImR7_9PdB~o9QbBzCW=}$+C)N&Kc3-d25s9$awjZm|IPjq z-1sUjYvz*)lasz|ZZbvnN%R27l;&D+tv*B&{TZZjH&t z6MJ2Vim%6Js~g+W+*p_5#;o`1@clQ6Y29cc;!<#LTt40*4Q$tTt9dYDvrw;fo2*`# z7TORUe-X(tLJ=n`3*TO!fwETp>skw~V?9>fhHp{KWtwHd9kkqu{-hQT3S8UC3;X*i z=9rl|y;tPLGY6cQLJRK87uzW)tww#9=#%v=$x=sAu|9<~Ye6bv;$2F~*fA_wMnW)* zjx5$%&~T`*9bbKgX;Ug`mJ{izolZo_t86v90NTI|yS}hahtVK$>2bG=< zo@W%V_@t4{(T->KRiLSdwK2v7kY$X~kk!&Vh$nWJbB7-NNsUsuI@?f~gBrDE?~Df9WB-Til5+QqcPN&Qdh8 z9YzC8fP**2NMtc3SbnmSLWLwOr-ind4x__pVk%+GsA7}cxSUA3W@#$k&hThjsEnu8 z_uw1!hP`Kf9`YKD*M1?Br4AE-3qlstgjq*i6n&eq&FT?_T#7-I($Zz)r)ObtwTof} z6oVq>Q_{wWBwQC|#h#pI<&FfkS0+-@+=mA?<>3}GaoaiLw_@mKD33r~FtVOMTFv*} zx7(XUp@LnsteHG39^a13MxwG(W=p>nC(mKhyky+GG7Sd{TX}gP#3V{7QhjK1K5l;1 z0ZaAgoGj+f7agx6Gfd`YB_ITFdb{!GgA{wsPQl%A1vpf6o*Z=@5o@NkVkV9jON}!Y zm?7KKi@Vlk;|`J`!)@#{KQ}&$VT-vMljkPmg~O$gHRSXgdImB7{j-?7$cm}UXc@CG zgVv3?IH3sz-1!0gbVn&^WjeMy+LY2jgzmG3 z#swpbwTw-4^DW*dcNL(yU-m_07_#nLvi<^huG7gC>BM~$h zqZvAgtf2)ir^!6DF$b4LSSW;OP)ZpBCDIt2ALI-Mk>A)uBo$!FVh6Tbn}%$`aLM>A zwo^KDO(xf@l3~bVIFQ$ZsgYJpe<>Zu&gjjJs~DfLAVbM;@SN@*kmzi~jmvGgA*Kk) zZnZ9h$f;%P&9va=WKHl+sn}M|!hM`9VTOUCixT#Aebs4-xn?Kf=IBi9&u!5xUt}w} zEu%s;RhAHkmpc37!AeY8U_%{AYKT<#V1h^`n6ZHa7#=UQfjpRQXQRPgN2c0nRqiS z@b=)2)tR{KwH%z${J2Wh4tAzAU8IJv?|N^hc`ze7gPeXcZi{hX_J5r?kmZ5d)rCA- z6%~1b^x8fgrA&Nr6W2-s(H}e54(T!$#70>0x5MZ7GRX&39TA)Ag=xMWuU^crJ4Pt+ zcH!>THvXyp*+WibH~7C1#l+az-@sC9yYTGcv$$ymwSO^zCS=2xR%YY&HMy9%E)UbA zb6|>0$E~kekx(T=18T1!BCn|z_fimhZB#nmFVp-ikiZ_@@sbuixTS#lHzVew3UOl` z5E5DE`v&ljv^soije~!Yo)MFQ4av2r@!Kv@r>9S|S3+7%2i8)XC*CQ=eXnH_Id)nX z+Hv=54&1qcCOX%Gr}q`3LkT&!mhxUiextdGYu7K|DMz!iA)nvajR;yXOp8pRrB)&y ze=8sMb3?~s!6Im~gjfQ3o^H%JR)J|tQpvQEC|E4Qd&SLst3`#>EWL(FuuVO8XD`l> zw&Zzwcsi%48xL&E!W9t-csE}z#HlU&kg90d+4g=svaJADP|&+M-HW#}8u=UA^xSED zJtiHS%r$7}Rvup9upuD?&7vvutzQ9VfFG5%;umihlSx@|Rip)fIb4M_THxyUqJ+f0 zlzKA6&h&arnw^XvZp$MASx=I32GR4rtQK5NYs9Hh*_brXimR8}@Zw=7avHQd5krp= zEJ89v@zWu_5cTAZx7!+U&-z@xqj2l$EHbk?xM+Ez1^+mz@jnbAr<|4FgR#Z-&v)c= zzqZ+2%gb05?bwaR?2`B1jq}A`AY1V}$Mn5wd3qm4GKnP6Ii>rcsPahV4Sc$K^ zO#WPHjk6uv z{@6V_M3r$vXqu&5hXOOrc;|UMwWkD^Ewo|^`ISGsTfu+y=KrjfX(=FG;6LyXCG0)- z9GR7g%yH@QDkUycTBwZ-Aa4#^DQJu%S#pZ%U1mzV9A3T!Y?@=nEvp=O`E&yd6p=kY9UJ4Fx_WXHl{mdA8ud9A zgh-Yuh)-Z&iq3T5DUs!1x|BeX`tSc;iK`Z;VM=5Me!I6E@fDps?$V-`-hOY`Jhb+t z0CkQ9cdpIF+QcT5(K3rcjxNU#Zj&Ya$x`JU4~&T{tsuI*OlT`8Xrln~UwLhK6&ae{6n@U~3$}E>w+k?LzuEsRdBGU^A6ei?gleH0U8GS45 zI8Vaf6zKcnb@=(hVGLyb{~=6P5cph>#SKhnf)^FOfiEetgwGj7-@pL6di&AZquDr~ zFs?31vQ##hBOjmzwbP^dLakgU0KVWY?6XG3rKnk#KEh-LfiPJ?AWT*e2$K~A!eosa a!2bXNd0Y~)RJf%80000002t}1^@s6I8J)%00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9 za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V01+HXL_t(|UhP{6bQIT>6#|Tnnb_EKaEyKC zB*g1Xn9Ss44zUyaB*t+jL*hy1%;b1H<0N)i1QPpVgTVrXj05(t2-yk(+hP$2ECxGl zHXtM|m!OpxUV#+|GI`RWbBJ-?k8f6Zbxl;bZ9ci=R1XYtNqcHGDs zKtCOx2QBF67dKiA2>CmOu5s0@zjVUJmn<5%I&^;_=;AtV7slCUi2-{;A7wZ748Ypi zk8(#pDm!k$*42-j9+d5NVVue0k*j3YcMsr-wFi4r+7J|9gO@+H;JJtb%=@2QJi9Ls zKaIM9-^P|>+m$AqD!hrJ_FG=49v_T|EY}W;J9Tz&LX~j66DW5K;3JbA{}Nq@2j9*> zz$!B)uQuR;O(uMETPB{`k%`B{GBA6y3HPiuNYAHjNXK{I&%x#|Z7|vTzrP48&Nt#< zW-GodbHG&Fg)CbaGU~c;y|M!*^4k!aXvcz2DlltvIs!rrcq}{{?q1rRi zvS?aPyJ2w7@bHZ+k2TAkke~GrvC`e7Ls!*}pwB8W{jCg4BBFkFxC}>f+fePeh|luc(5O{3rC%~!@BTdau33Xx9KIX%#L}hWb}Wf6 z!|c#31T0O(Q#m1w$7yDDO120AuVe+zMOj~2XfNvV3WR2hmKYVmh6>(TdHND)Br`x4&9XHfLE9z8RK@^%rW9)7Y!2 zPa#8-BTXftqncbgm`qg%Yi|zVLt``M?aRmH70H;oJOxj_my6$>w&0+_hBRvjtnGbh zy#>&}QGt(SsT0iJJAed>9jCHvIG$dQD19}pRu!Z@<@o35Qanz^`QFvZM9?+NSfj@e zBW_^lwHjm*NxgC%4229)uTr}^wE3K-sqW@yRgv8~lGTJ?A1fv8&A{Z4>zGF5JsO&c zXCg}Q??)@J_IxGwr&c4zT!#~xHk`}1(e!swZJ*!=S)!BY3LW^yRx@U-)nWRIBuooQ zAYu{`5S)k^>-BgdJPSWRl#j40mAG8q0kYE?C<7H&Q73B)UzKMJ_q6-HVjopaYo{Zd z=Jv7dW-R)=0uOF0Lcoe_>YE+`L5Y|el8AejC*s~Usd#W*3f{R`CJOq2Vaei7^$)1V z`;$xu0#;|@vE7Aau#524xf1M3ti!RaRwR(>7q<1mt{s~UNh1d3bB0p0LYk}Cpdyky z_lM-AI@NNFCc1q)wHfz?(ux~w#N6FE*m$W5p%=@s`b;sN`>2!_2P1wHTO^n89ljZO z>J$^kh{@_i;MxoXoo_(5lrt1~5Sl|BlM`AA*RudqqtMCV6jLRU%NKcCa_`Pt+A%*e zpB9oN%vfi@!nk5&Huh*r)6355!sJzHc;iH|oZ~xuBa0z-ipiR?){NjUY;Hqv1#6PX z<@4a@3KSWy5>D+AQ0rA;>FmRX3sso8ffkb`*YUmGS%}GOL5EXNEfJg3j;X8kcq4W! z$&wM1-9coTu#CuZac@QuVrYCOV(20r^v8}b`*Vs!CmnJ5?U=VG2LX$dF>}2UtIk&7 zhFvw@YFz@+WJV^fG>oxk$ryXG25Y29i9aPTtGN$L&s0!2lt$W=j2}}>d8VLUa$y8q z<=JF>QPPR$B8w$kwlJ<#%J&C%Bw1RhBndQ8qtO|yWVmxln{=4{wi#Q#tVJdHRNheB z)=$&477uJR(+Wwk=!$eKK4p=g`i?tt8oCpvKwsO7|2|ocNo$QXU>z15w&1eGp^cBJmXk}cQf~Vfg$NXbW2wY>vqLcq`rXl^Yp^{NY-um8@2FwX3Z3@z1&W>E{ zPHCiYN-_Mdwv3TODi{<`vFL^jOeGujA4kezwsqr3K{xJNorc%P%yrOUd^C$8c~VHI z=)lXLS`e_(h{>ys_|I4?4Arhqi*O|bIJ`Mzw&U-16-e6j_`CUtNNYl~96lV+YQvOO zIx_GjBEt{dv1CKXr$&Ye4D|5AFjBDi%ynKj=4N0bWRgV>Ct;lcj{u(8+ zR_gHk*m0PKM`g`gbhcjIMR1GHIORGd0gMyi$*aC&$6hI$h9(yJ>}a zD<5Tc?|YCeuUI41 zDhU`Hy73#b8B>-glMzqGuRbn7lC?vA%23;5@YIScXv4F6X_``?%*5_Us6}0u+P*}r zNIK!XmlOPLl3j*L!HM`J+dq;SejE5IGB7`iEWksX%}6ZM4A9N+GB`(@TTgRqUm7`= zVH9#KO2(7h)3H}?BX_`+PEkgjb6Rd8_*j>~N}3w*QDAm$L4yGt|6DQ;Rh1e@82!ws~JMBC-ti z{di=1E}qzV12>vI+by>J7m7RaQWS5Aq~U8DObGehO3tMwRN)S5w2A%B{rYA+#xWo{ zmveXJAllrFRu?4@Z-+~WZv@7&#J-xUTX|Zq(!#!2Vd4u!)o`y;ll@x>g;6NenS!YCSo`XV+ zUWA;jqL70^6*aIxIg_6Zr^Y8{cyVsQ0Qg@vL-EcCU%$v{YzQp3~kTWZ11)_?cCD zFQE9Ee^xfgFtcqxl-`WFJK1Yb!MC=hV-E$h z4Luq`PD+Q!(^jFTg^>2yaEQrl#a(L*_%^v9ypRyocjF45s`Zhq!F6%BmE1h?o#wum zj=*J!h#)(rz+B&r*N#&xMlm4AW3L=3L0YYLEfO_I3$2$o&bhJ_9iD8MXQbEn;OU(? z2qgFBXm+cd>lNNebb%k5rFNSkk);`6Y;Fs_wmKCLQIH!~(uu9itSKr_&rzjSO36fCs~++tvAys~ zqZEuDS#pmn+IsNPM|tEw>G12=N>mBM>I!*qd=W|Qc{qqt?!>agvh#YQv}OG07BkKk zDqAo@UP%c^d$rmPG@mePWNB?rUUM&Ah#2v-=n~aFbQUZGgqNU;67#^camf9V0&THwT7?H!ERLt97gv3f^ zvya~N0RL|ZRa&GxgXLI1SbK#63+ZY{AA-)1(@9hQ(Jdy54(u*QNU2w?+f&MSjJjsI zcZUPxSC5m^8k~kF!g6sm%dYu^rqDGsSVsF(O$L8y{sp@SOH#<;&BD17{#7Z1=@R~! zIHb~aC_VB7@nn!2kZgKp@&W5{5Z>a>?=K$!X_cl z*6&ol1K)WsN1Ea7k1i!9T8zzhTGo5&Q$TM9kW#$CfK~sMXp!o_3N^ zR*nB~10D?b65eYVSF(7R?(eUxy%+1wmE*p3$r5QljL1f0S`!w>mth+J{$XhnxgQ0% zT+!iS80w@|2kCvVo*~LgrI>h$e9stno25W>Nu1gATrRca=YK4~l#uI^Ch_r9cn0?C zY-r*wRxfZNUmmFU;SPq2ENkizY~7}5s18aySpGg3ZLncMR6f>zQI7m3w=HTH>A@K4 znKx+5u$EGe*Ee%pG)oLwIrGVxlF&jNxoi=NH!l5Y#H6ISRZ}hkBZK>%j|n%0RIQ|**nK84~&lh0000< KMNUMnLSTaIBAoyL literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..7e6df62bdf71f23e6027dfa925c8d50d6cbac772 GIT binary patch literal 6095 zcmV;=7cl6FP)002t}1^@s6I8J)%00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9 za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V02e<=L_t(|UhP{6cvVG~PJ$?6x8jJO%iz9@ z;7Wh)PWQC!(%t%v`OO8&E`4umKSTWGBnZ_VSXv z|Pg(Z0q2j}~8v~ufiRj2;?PjJ_0Z({gy$n{E$Jg{E$Jg z{E$Jg{E$Jg{E$Jg{E$Jg{E$Jg{E$Jg{E$Au>hb>7wPWRE_e|ma9^dCWSxu{H!}}=> z2;W$Wr&s3TKUcU}a`7K4SYMvYl7~O6%17*$O03ChMqXpP@wO>_^*gX~Mwpe>0KE3i zVf^%M4=#`QVA!-`44GPjz^TOuoKlQ{Ni36#5HO_#LA-w6v_f1x+k;=eUw}7uH-fmG z5jiPX-g)z>^cbhQt{Ed@-1DBxt#1C6qNTc{8*_J6;D%YL2nbC_KzKF+BC`+>#^Zzx z7G4i=V911I9;Kx4S{jc|KFjAKTs%54CO!pk>?lWRYnRcoC06gIMy8l&<`wIX)b)QS zmwuR`y#p=!%xvDeXPx_AZ(-T&X~L7svv5wNgWzN$AS#D|IdN8K0&a*)!DGujcxC-T zO#ZeK@w*OT`p!d$+){zxeN>3M<~cDUYCnM^fZ+s;?+=Yg!7tx);Zs)~8m#&7iq^oc zhk3<*Zi@MwzHh%{mwuR`)lhHg>q=Ee4>o4k<4>!zaq%RwB$O->kT}@D;6&U*5a#Zz zgrm9z4V`ulS|VPmsJRoLyX)|$wFS5|HW2~i$-r;{I|C!49e8R*Ce~#hLPh)WTCmIU z#-Y!xJI8xQOW$Dey%WFgE8_A2h zOZ8FIw35ygUzmK)?9!)$H*xPEaFaIX;@T+=Ts=JtqvA4g$rLC4;k7iJ8%gGbBvDyW zT%0jyTO4v2XI?3vjwhDoU~PI0&CODzjm1&birIAfPcF~LZEv`6CEFb}H3K)!a^e^7 zx)HVcAhs1YqUl&)j)H~`EZ$v)hu(JKqS!P9hRFg!;M8KlGTwne`nlmzDY$5o6PHhQ z;i?%fTr)EZ*G<}ozb2L#E%i_OWR@vMxw1XKnzQ#ZK@oo;B}|S4MLAu9M29VG3JOmn zh)&%5Ru;m)@L-F(0k!Q`Tf)|)iZ+BXzPfRGI)(((q&P5TR-ttM!V+mqz#q4te#(L0 ze^i7`c}-|M4rmpv-PoK{hv+Xoc<`NU{Npqi&WU1MVFDc47EBPO2!PUd75n#L zHNeAVszbf4MM&?cY(q4I%+a%`IGubz2*HUY6Qgqw7?Xvd=xo(?P;?doSpryB10kyR)lOS z$LN^^NkRZ&jwl@?MSyWBaO4<3z!XsGoFMXCz*H=z?;9E8z!S?0vBXi2oVpG*3C9z; zF8Um7>0{~zxcLoXE?46T`!Vl0V4Y0-0_&xkKI@D=%9la&Lxr45OlT97If3Q9guxN(#D|au-hD}W8ikgD^=Qyx7x!fDMdJ=gT4@{&N37gQepuk#??z3M|f|D0J__d=xe4 zrAeL$*-(yvSMhk}+jdk=Lh5?554|djm_0cJNe2Rzou8zC|8_WicyaQ?)iV@kd^8G(c(q zEW#Mg8eP0A9v!?mdhuNXmRcQ!l@hbbpk>9BdZYl$XQUkgRJCI+3}#;%M4eVSF>T91 z3oOQE_b6tut?$PSwRp`?QWq+5*TOs$*vv3yOAW76ktnUSEdP2iVq(1JJvRymY=WrH z4IdT|;ZyX65Ya2;w#W=%VCYL8-XO%EPfUaI>i@QPhVA2JyM-jG8V zVb%~%-kfcvUh7C>sy23x3D$s{p(WxZBfl(QN8;eKaMSEuxENrXGH-W1hDPw7G8Ic{ zv)IkgDtfRAJc+r+CE*3ea=!VXmW_Ewm~(QV5+fO)2N57CR$ErvvQIXYEPZEBrO^VA zP}PnxuNy0K@Bz%*V}WG?dNS!ZSR!#-IkS>~G55P-x(f*<)|TZmM(1FIZ|RC^*jO4@Plbh1i;HNa-r8|{VrYUl^VXUWcj6JO=j8+U*&bDMDK zB)vJ;dzQ_j*(GKu_iY1|YvU5};-~pgaW4I1M|U>^TkR8lQoQbd9jj9ci4emBv!fT>q5W%uDt3TZGi&-Bz5991eVU`;|Vl4AP zVwG_RNUUtZ&9gWlNvOR8u!_$4bY1+5x@PzudFS$}>137Of$Hq)MmviPAg{R_4=msS z$8nMfl*CuMeZzchz+3H0n;E#CxnOd+B$@0jh`)&N)_9FdfY&bmFXlVX~PRXF=%hQUb~zo85*O2;0wchX-GFafQF_1d;h z9B%JcrGcf5&uph@-T!tW8Ir+vWFqW+>2}YikDI^K3L893vVXo%CR$259$QfWU#ye@ zx_T;L^%mJL3g3{YC@!nbrEyuz81#>cCi(U=&Z2N*_6;b^9nNI90)2!+u zK(Yb~v&3(8k*#9pU}2Ig%q^+w30EuHxFyW(4@6qPoE zMm-o?C?P?lm?}+W!lp`Q2SO?`is3>h0TQ3p$|;M$p_ zvg{_1&QGpzqf$+g_HZ-4E@ybb{LvQsNU^};kpq)x{dW4ljGALZ&~~y*m?hzZ04B1( ztPS@qV4n&oX-7f`+XSdWAerV2nUJW`9CPt$r1}1S70ou(@K>{4NUt*bRY2LmItgz5 z2g_)rnv?wRAJS3E*J1)TioxlQB5T0km5}a+DXIWb4NMnZ*Q^q-ezT?$DOGK7RT~IIozJioM0Ad+5OdGIGo; zvR!ssxi~$w`XHJWSvkR8R+*rgENyfnGd4Pwm}b$0Ygc8JV~-E&=P(Ym}-cqxP1z;O@CJ9~Hezdt!1L z9L-i6P^?RE`}E3OFg&B^LC@Y*hjSzqqrVzX$G;%KW`bU^1Et^VE&hRJ%tA8l?ph8| z&y;+{$wZDBLr~Ud)#HMRNs4*eTm&dRAnn7Xa9}FtA!B6Y?xh6W|5iFYYRYv#drFVs z&e;S>zWm7ZDlE`ItM-(s%Qf~R_ZVzm5PkrkyQ~zatfdPNzsp5QQXKYoOMC_#WV6We zAvv-111zgaGwy2QtUbH7h(L*1WaFI3biA8jr9Ou{dhna&G{bRBf4uunx(K_xY~#CX z_2MAT3s1tzw8KUV1nOWT#?B<*61m6ZYSU9~Snq3xPM{@Tll=14MEvVgm-11jtjuh{ z`I58Bhu+XMJhzTvifMx0vGLdsECFbu8$-mDWUxF2yqd&BIR`byTE4TS5x31u9Ix`e(; zzD98}&yPvP^0X%JeL>4)m2t4j3B+%orJL5*s%UnPEf;oah0Y31#^h~Pde2*Hg5}9I z_z^RFWsU}`RMIQHhNg4b z)foaXDgL&^jJtXu`n~!Y0UdWh0jfTz(pO2)Iy5W=FMe5p&poa9$sC$9BX7kbVU-+x z05a;luG(N-_WR{0OfRh~)Cs*Y>H`&RxKX}*%MJze)RB|Y@QKS{l`)B@BBu>jGn3uF zaD@p77gM8eVv_y%`*|q!&LU9I+<`~mB@@IC83Pwzb=9mKgnrwIJLeN<0;NDvPG9>Z zuU}H&n5&=^nxFVCvhZOpES@GSBRs2K!KVlBQmL@~z%$NDKpbyrbzrdYdZtxQ1&6_#~APyK9flOL{1$hEdv6U$kOCGTqvQ0 zm?MM33mKHINHv2)t>#w+Eyk~B_?!SH8+eff*angcEfg@?S1A@sF`T{Jm-k1klGGzW%6L&BQfvDcF){?SYGI z$ZaNI^iT4;P%$OL#Pp7;Ugb>ikW{=Ue#_~D zrTUgX+Myq)Y{i}PIJ*KEqi@-y8#~*HoxK2)orFi;CR3RB21J;v*SUiP?DKj}36B$~dNNtgkre*Sc2z{D-EBz4yy>?6nS%9Rvm7Qr{5Exq6rk! zt}CY`;IkZaQITxJ0Be9`0Kl@VNf$|Sy#6LMW#BG%_vNpw$7 zm(t`13|4QrfG^y2xJkBJ$N>4>l?0j?Phl8gZ4qg(r2OE(GDXxfl$4syPi!w~!UGFvj&#B*T#!Ov zG5V#F++IEVS+6YuBHgj!(xxtEf%qdi!WQjcFO zCL7hiq!53`_sGs4M4Z;YWc#vtrAzs z_dD@76D5k56)zPdW76>K>U?ZwQk~5>c6CNQe!V0c!v$PfBov$Yd{`Q;XBP0*o@(ZM zwtmd2Rp})sy54^o5U{iw^4C;|N298*5-jy^4>fEX-Hmv3iAS?6Led@aW%NM|VlSQQ z!X5JqFd|yaR-0qe07;5BIBSv1q}<}q{{<9%%MS{y6Nxe@o4-3# zat6WrVX∋#Ktj1+&huc)h_OSbfVNvra_@!SX`}!SX`}!SX`}!SX`}!RogF{|ke5 Vj8@u(9&-Qy002ovPDHLkV1n`xl(hf= literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png b/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..df1b70e0419c0ff32e0f8a170dd8e7aa2709d0a5 GIT binary patch literal 3733 zcmV;G4r=j002t}1^@s6I8J)%00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9 za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V01gF7L_t(|UhP{6kW|GPo)y;O@IcWLC5JHv zlayr{HG*K7D8{G>NvcwnqD)L;P$_PfJp^G{5Cn1wiUFdC0xE)>d(R#-v-f=; z?7i&l>^XaU`TO;I^Lnn`d2e>9BsJgc|6ad--TnXl&EJ1_zc*_@06rr?mIegK(trS2 z8W12$0|I1eK!7X_2#}=#0kSk8K$Zps$kKoSSsD-^O9OP1H7K7soUb@|-k@|=?z1aO zdn!)oCTZ^J$JLHrwDu05pJ%&)x8mA}s7HWHmKW7Bs8uT9t&9$`SW~Xex##g5b{ue| zT+7tk2XUpg7kg7%uBbhF9E5 z{fsfU;?b>HFf2;M#Ly(n+L?vLpI2dDsugb~w&S*_T>NBPDgKq;j>B12gnxAvv-jlS zmM|i9VFDhbx*ug)(Jr^?3WWmI8qqG%!%3tI@xB62d47_m3z$>B};f%Uo;B09ZUO!QdJ0fX#(UAK2 z_FQ~qxrTO?BL`CIdvQ-x24?Imz*Wa^Q(>hT7h`J0LtAoSSP+LPQD%yD)wo#Rg9d?I z4%Ir&ief4IaI*NdGZdD5E}yzqW0wvx^( z6aA+p0yMGYHO+7Hxbi!C^!`UJ$KDM-A)1|BU+ozRyd{+r3 zlkq`I6EHqJ6_4*O#@m)tUOqAcX+6OWd=}m`Wm38J@&wGUCq249wbFh>)+Ua4N4IRUKj%*_2Nr z8_15Lshli}M3&-NPGI#Mo#SU#s=_vilX+HzeqD{HqKn8ov&g1YvWep3ieyX-OUA7$ z({MZ4J9B#`%#9QuB#>>Q0TSFY9MDYGzSMTyu)>7N>+&%BKr#OKVF~7+sKmyL^*EAY zg|XI-nl5+-%sb&xUOYjR-qajn|G>;17q(anqaGL|huq zmC`u%iV-9$I=utIVJ5tCvIz~;pEhcnt-QUf@EyL9r44MjGO4D+lhK8^IXng5mQi4J zz<0|vleJ$aYw4E_at?#DLcPR|23d+Vw!Q&88=XsJ8F9Y+dXZ)7z>VQ1EI!@nP{X2< zl-A3VjFBPBvk`2s`OIEUma}L14(&0^WJ55`Jc~{@DD#PQR4F6TFvEx#IkMdKxAykq zY1(gkCd)T_b&%D8u|(Fw)Aep-sb}AmyJ9qlAtx)3$V$ce>*ranWD&?7ee^iPAF{lE zMG9F1L>3!{Dc6~-Fn6*>0{?epMH5-UjI2`)vKex4_hPCRjLtCR@H`B)*{qMO@H8i~ zRPhg-EWX_tDY6u+7+KHkWn_t-rOj^5Wbt)Y8Wx=rhap$0_?XX7Y?Z4SiL9xzXQ_Kb zf597+={^_;JntV3oSElSfd|D>|c;$*Sry{YyDM_HkgMAllFEDz7K^g!|U zrk;Mx+Let-Z=~UJCEK8haJAfXPc)NtB)1b2C}zEMtP0(J^oNiLZ4T~# zrwGw$Z8)B7#gWW5pXDf%EG|mkF_KU7YvFP(E z7(y~Jab*T>j!47AuoOuqXb`2&M4HN_Yg+$|3pZoT8#ypUkSt9lF_NTclVwzInQ~3( zB`F9BNkdS0CW4ly;-FD^w8RPVOv?z7#c&|K9b+T1FyYN?JhnX>Pi&_djAX`kS|e@C zl;rW@WIL5(vW@DI%-WHO2j9&`@Tx3Kips_8=se7c$-#?Mry9kw?gRoOqy0r)eY=_8seI#F&bVw`rr}t!|UXFzdN$l(^VY$i-yvtY35?EnH#HS7_S-!zj zhxvQwjTdWSSQv{}J}HxaM&Jzj)tr1a9CVY#usg94hQ-MgT#M04Lz97jSH6Lj6U(wi z=@iMcG(2_isElW3xAf!3@8sZCT120dUs6ckD5V%&Ef^ZQ$WnegQPDAoCuwUkc1b)A zTAF#L2Ia1%@{P1b`mIBa?gcMzwVO^6U)NBqO2RA0D`Arr4aj7vlqu)op@S^`Vex_C zh@}-bh9uLppMe6af6H!V7(SuFv)sGNbIufZV)AMezOz09Nww-LUn#cnlqBx;y+cQU zXW)t$tmFWHK3WFDYgh2vXJzOTv^$9P5eiw%vqZAg7F4|=Ty>ODJbgO4fI@^38)BQi z{@l`2TSGx7SGGg>ijSvUNR?iiXZ_EAXZkn)7aP8YZ1?ltMSDJ&K5XDZ7XZ`!oOKe8MbJl#UehnJ5P!Z7a= zp52#?qBgz=iO&K)%C1Cx0OH-{gqJMGfO z)-dlfejk&MGN&0*@&!5Vj-kk6;EpV76I?2#z7r2^vB25e5 zK$psSR;3HN$r3$8TIflHu`8aRd##U#Vm@^u7PF&sg&4-lsdYsRO_qC|v!(5rMzb*U zsDB(QL0uPLBq*lv7Ch_H1D!F886X=Wos?^lLLl#&9dq8N7&bp1kG+?Lb7k(kGZDji zmZFpS>4&r!p1LL#h6S-$c%qa%O4clWaY{*cl=DXbIz7wP2-&mPSvoTC&Q{R2W!@*{ z($Bi5MwxKP+y-Hul+PTDtf_0wn7%_Ki+5f@Gez#T7p~$a+Q5%rmWcJ=R^ggmDL`jN zmh@ql>?lK#Pn**XM=rqUWH1z}&;qsr-xGcReZw>$QRB3a7)j3ztg zvfaYMINYV#-K5L?@e z-yABYPA6k(q#2v9G@(wO!Ay<(sl)VL1!$72^R)zdFl}Oe; zZ&}qbS{N0wqz*8m2H8s|PMEm*uI}ikxYK|;SJ6yHi^vxb6iWXY5!cj@@4c0YnR`o+ zX9JF9wd2wE$eR`=VcMn~?4zwro8vzZWQyp-<0aGQN*23z&C`!ji&?6X++g*{!F=N@ z8cNR{q}g&oJf=_#`rVOQ+_^3f_iic1oR2CnJ|YdlAx6CX?<%C!scSWfAUQ2GDJEsG z9PXhbfl(w&h0+OjcI{AY*8n!hHR8Svw6LV1X$Z}QAtYOR0y}+MEU7he;7ToBr9dJ`Ja3(K)7V_YW^2h6vxsrZG#1o7wS=>vg86*QS?(4{EiAw zW%S~@c$Ny)bVm#mdcz*<#8-5= zfUMyW@GLzDkfi|uvNRw-mIegK(trS2J_Gm<>jzLMsu{zi00000NkvXXu0mjfd3pnb literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png b/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..95908405ce803b04ac68da74e5b8471fdbf83514 GIT binary patch literal 2802 zcmV002t}1^@s6I8J)%00001b5ch_0Itp) z=>Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D02y>eSaefwW^{L9 za%BK;VQFr3E^cLXAT%y8E;2FkAZe8V019GBL_t(|UhSK0a8y?r$1~#xr|LKgBc!$z zXZ+xFS}0A>ep08cgBTF}qN5J9T6J_Zl0h zJ)4)^K;FP)H-SK!geK%=H*dRtpXZ))_MY9n*}XU2lqK$e=Gk-ZbI&!wKsF`Iu*eXP#L?JTmKwVh)6=!1_7E8M)w zMD-UWo6v0X9xydd9y^8j#HkJ7B65H8S zG_R3vI@^ht&iSzU?0@lgr4J)Pg-gvbJ~SK4&}>Mx;u{{v>ch?W^cEK~cX^QcN+X#E z_jBGjP7&Kh<6?WojfFJE`^grNKVw5BR{YL|-pMI3FZmgri&kP-R4-gTBpRvyU<40r zzl1f%+fjBsfbuRsN;~~1BP;c#s*R%hx*uoT{P^;3J$Uk9J$k36Xi6%Q!n2%K@%Joh zNCawRa8~z@V$se@yijsOdhQ+dj{(bHZ8Tu@5iC|Drs<(2+~5_Y2^m$a8iMuEu1fs! zuh*p~nX(>eJn&J+d<};xdlBGEAc0T((?Q`NcU?;z;x8CvC{pJ&Xl;E_`BBwXroU&M(75J4&&5XDRus zkg>56-+SAKVZLV|bq|M-O|YI$HY{D^Hes34&&a$*Vddh~$Xk?&r@EV?$lP9oH7DCp zGcb<&+heGujmh)j7>d2)SX^)gYfk8}f(ERlFGF3nVTH@-XE;x$x%ko%5q;8}s+M3a z%&nlYG)s@E=3(H`J#K>K#jv&vQwJ6)(WH X9Elp=xjXv2a@@es-$KxI5R?a65=c z3JKO*6j>3l8fniGw+>EZ1D2SLeOPv8Pi456Y%^R#>%*=XR_3+}{G4EoOP>8dF}WPH6>c3r5FLoIV=}1LxT0(X&shm zr{Q+Uh^)1|XX&u$)`4O5Cm)uO-N>r&4Pf0nEm(P^4LOHfk#nRK-yvIhlzd0qu;yqJ zPSoBszRZT1vn)d)68EO?+naMSOmT8(FWn;_=s7uEV(LSv8V+nbd17g1(({h2o?oxgsfqidsfnyp&HnPHo$nWPG9cB z{H^84{YM`vIZtw=IsAZ@IRzZ_~Fuxr0^4(ZL_h;WebOkH^(2SLbTd;&~Ju+Ub zMechk4a-`IV9noBj-qg6nI*!JMawXHVwF7sJeXIG9~b*DL|fbl&0~mcgsQ*WK8ATa z>IqitliB3%S!%4&vl2@Fp5>v)B3OkN<19l9SQR}KS$U=S$*F77W9py25#z!zyRcZ+ zkd#sm)-%P|V%mJaW0qk>d_SFDX;=m*t;aar?8DL;nM<(DryiW@7OQk*g{6av9)VCA zmIK*<6-#;U!J-~xrx~M!u&i!O=hmLZUiyfgW{eWR(okuQ&8^5%PeqhXFB`C88%Ql! z{8;&;z>+iM4`tJ6j_+CGr?9xNsIxeHB4h(rtmal^+1KpBiuZ_S8dwhyto3PFLgzaP z7EO9XNqf>@)!yPCS?3HavxEW5h^$yxRSYYCrjb=)2}}IQ+JH63y-_cQqzWwlb?4<$ zym~1%vdV5uAT!TpxeOT=?^(~Dj(tS)FZqaO>wDeOW6FS)TY+DkX_6jOR|W`H5y6W2 z`94Kp6}x-z*I_-BuQ^v!;{Br!LxWlM7ChKxq z(msaIZFgbwx!5-iU9=1rZm+^Kr(1D{>roxQ?60aH_)38rtB$o}C>0_rT7Pfp$D$oo zSX|JARmZO*=gkh}9P7YZS_)YQI*_rU!g|l5N%NjHZ>I-2w8yNb@;PsMv6}Kr-)P5u zTU{vp_bpl46u-f{{r;=5G;iQjwisoYvxqMaC(k#*zlN0#_x z-5w8N@A+by!+dOIC-+_PFsxQ8f-;>NMW<)NgXG^at?$BXw9-R8M6a z@EFxyO8F&xT;RgKW!S+ns@ z>2zXPi+5JwSAXe}gD?lr8lDW{>cBXf?@Xb^ut_6rC2Jd)KyQG)lNoi$WYy8B5IShB zvxu@U4Rlv<&4R&8B7yicyO6-V>0B0Fl?wJr(T%WSqv!$MZ!Smr>=S^Lpyk^!h{c2Gyx%1nd7*X;==F zhUGx_1T1l5>U29!n!+8Y6f7PUgP9Bl5tx|5opEg^zH6*f5|&AWza$5P^aZ)!FFkjY zmHKX$-m~l|6(cM4m4@X&X;==FhUGwMSPqniWm~}i0Go99Nb_s0y8r+H07*qoM6N<$ Eg2&coF#rGn literal 0 HcmV?d00001 From a19985ef33a97c395da9990ae8b81e2f188d3e4e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 14:19:13 -0700 Subject: [PATCH 30/32] beef up wdatp page --- windows/security/threat-protection/index.md | 4 +- ...ows-defender-advanced-threat-protection.md | 84 ++++++++++++++----- 2 files changed, 64 insertions(+), 24 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 69c6127970..090b0c62f7 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -18,7 +18,7 @@ Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified

Windows Defender ATP

- + @@ -113,7 +113,7 @@ Integrate Windows Defender Advanced Threat Protection into your existing workflo **[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)**
-Bring the power of Microsoft threat protection to your organization. Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. + Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization. - [Conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md) - [O365 ATP](windows-defender-atp/threat-protection-integration.md) - [Azure ATP](windows-defender-atp/threat-protection-integration.md) diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index d4de5ebbcc..4a485418f9 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender Advanced Threat Protection description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats. -keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence +keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, secure score, advanced hunting, microsoft threat protection search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 09/03/2018 +ms.date: 10/26/2018 --- # Windows Defender Advanced Threat Protection @@ -22,6 +22,29 @@ ms.date: 09/03/2018 Windows Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. +indows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: + +- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors + collect and process behavioral signals from the operating system + (for example, process, registry, file, and network communications) + and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP. + + +- **Cloud security analytics**: Leveraging big-data, machine-learning, and + unique Microsoft optics across the Windows ecosystem (such as the + [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx), + enterprise cloud products (such as Office 365), and online assets + (such as Bing and SmartScreen URL reputation), behavioral signals + are translated into insights, detections, and recommended responses + to advanced threats. + +- **Threat intelligence**: Generated by Microsoft hunters, security teams, + and augmented by threat intelligence provided by partners, threat + intelligence enables Windows Defender ATP to identify attacker + tools, techniques, and procedures, and generate alerts when these + are observed in collected sensor data. + +

Windows Defender ATP


Attack surface reduction

Attack surface reduction

Next generation protection

Endpoint detection and response

Automated investigation and remediation
@@ -45,34 +68,51 @@ Windows Defender Advanced Threat Protection is a platform designed to help enter
-Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: + -- **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors - collect and process behavioral signals from the operating system - (for example, process, registry, file, and network communications) - and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP. +**[Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)**
+The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. + + + +**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**
+To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats. + + + +**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**
+Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. + + + +**[Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)**
+In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. -- **Cloud security analytics**: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem, - enterprise cloud products (such as Office 365), and online assets - (such as Bing and SmartScreen URL reputation), behavioral signals - are translated into insights, detections, and recommended responses - to advanced threats. + -- **Threat intelligence**: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker - tools, techniques, and procedures, and generate alerts when these - are observed in collected sensor data. +**[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**
+Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization. + + + +**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**
+Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. + + + +**[Management and APIs](windows-defender-atp/management-apis.md)**
+Integrate Windows Defender Advanced Threat Protection into your existing workflows. + + + +**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)**
+ Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization. - - - -The Windows Defender ATP platform is where all the capabilities that are available across multiple products come together to give security operations teams the ability to effectively manage their organization's network. - -To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. - ## In this section +To help you maximize the effectiveness of the security platform, you can configure individual capabilities that surface in Windows Defender Security Center. Topic | Description :---|:--- From 6e0aa2d8df987cc8b17b25aa942f284ea3aeec86 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 14:20:28 -0700 Subject: [PATCH 31/32] edits --- .../windows-defender-advanced-threat-protection.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 4a485418f9..9e116899be 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -25,16 +25,12 @@ Windows Defender Advanced Threat Protection is a platform designed to help enter indows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: - **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors - collect and process behavioral signals from the operating system - (for example, process, registry, file, and network communications) - and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP. + collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Windows Defender ATP. - **Cloud security analytics**: Leveraging big-data, machine-learning, and - unique Microsoft optics across the Windows ecosystem (such as the - [Microsoft Malicious Software Removal Tool](https://www.microsoft.com/en-au/download/malicious-software-removal-tool-details.aspx), - enterprise cloud products (such as Office 365), and online assets - (such as Bing and SmartScreen URL reputation), behavioral signals + unique Microsoft optics across the Windows ecosystem, + enterprise cloud products (such as Office 365), and online assets, behavioral signals are translated into insights, detections, and recommended responses to advanced threats. From 7fadbbc86143e77f0ef385f393d544678a7e335a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 26 Oct 2018 14:40:09 -0700 Subject: [PATCH 32/32] fix links --- ...indows-defender-advanced-threat-protection.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 9e116899be..abe99e8194 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -66,43 +66,43 @@ indows Defender ATP uses the following combination of technology built into Wind -**[Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)**
+**[Attack surface reduction](overview-attack-surface-reduction.md)**
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations. -**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**
+**[Next generation protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)**
To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats. -**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**
+**[Endpoint protection and response](overview-endpoint-detection-response.md)**
Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. -**[Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)**
+**[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)**
In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. -**[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**
+**[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)**
Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization. -**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**
+**[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)**
Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. -**[Management and APIs](windows-defender-atp/management-apis.md)**
+**[Management and APIs](management-apis.md)**
Integrate Windows Defender Advanced Threat Protection into your existing workflows. -**[Microsoft Threat Protection](windows-defender-atp/threat-protection-integration.md)**
+**[Microsoft Threat Protection](threat-protection-integration.md)**
Windows Defender ATP is part of the Microsoft Threat Protection solution that helps implement end-to-end security across possible attack surfaces in the modern workplace. Bring the power of Microsoft threat protection to your organization.