mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-20 21:03:42 +00:00
Merge branch 'master' into whfb-policy-changes
This commit is contained in:
mapalko
Binary file not shown.
|
Before Width: | Height: | Size: 63 KiB After Width: | Height: | Size: 258 KiB |
@ -11,7 +11,7 @@ ms.custom:
|
||||
- CSSTroubleshooting
|
||||
ms.localizationpriority: medium
|
||||
audience: ITPro
|
||||
ms.date: 1/6/2020
|
||||
ms.date: 4/14/2020
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
appliesto:
|
||||
@ -64,7 +64,7 @@ Here's a quick summary of what's new:
|
||||
- Support for FIDO2 Security Keys to enable secure and easy authentication for shared devices
|
||||
- Seamlessly apply a provisioning package from a USB drive to your HoloLens
|
||||
- Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system
|
||||
- Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview.
|
||||
- Use Windows Autopilot to set up and pre-configure new devices, quickly getting them ready for productive use. To participate in the program you'll need to meet a few requirements. While the program is in preview mode you'll need to be using Microsoft Intune. You'll need to use a tenant that is flighted for HoloLens. Lastly you'll need to have installed an insider preview buildon your HoloLens 2. To praticipate in the preview of this new program send a note to hlappreview@microsoft.com to join the preview.
|
||||
- Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time.
|
||||
- Support for additional system voice commands
|
||||
- An updated Cortana app with a focus on productivity
|
||||
@ -120,6 +120,19 @@ Here are some of the in-box apps that support Dark mode!
|
||||
- 3D Viewer
|
||||
- Movies & TV
|
||||
|
||||
### Windows Autopilot for HoloLens 2
|
||||
|
||||
This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE).
|
||||
|
||||
When a user starts the Autopilot self-deploying process, the process completes the following steps:
|
||||
1. Join the device to Azure Active Directory (Azure AD).
|
||||
2. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service).
|
||||
3. Download the device-targeted policies, certificates, and networking profiles.
|
||||
4. Provision the device.
|
||||
5. Present the sign-in screen to the user.
|
||||
|
||||
For full information about Autopilot, see [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md).
|
||||
|
||||
### FFU download and flash directions
|
||||
To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu.
|
||||
1. On PC
|
||||
|
||||
@ -3,7 +3,7 @@ title: HoloLens 2 device care and cleaning FAQ
|
||||
description:
|
||||
author: Teresa-Motiv
|
||||
ms.author: v-tea
|
||||
ms.date: 3/26/2020
|
||||
ms.date: 4/14/2020
|
||||
ms.prod: hololens
|
||||
ms.topic: article
|
||||
ms.custom:
|
||||
@ -69,10 +69,10 @@ To clean the brow pad, wipe it by using a cloth that's moistened by using water
|
||||
|
||||
## Can I use ultraviolet (UV) light to sanitize the device?
|
||||
|
||||
UV germicidal irradiation has not been tested on HoloLens 2.
|
||||
UV-C germicidal irradiation has not been tested on HoloLens 2.
|
||||
|
||||
> [!CAUTION]
|
||||
> High levels of UV exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV radiation has the following effects, in order of the duration and intensity of exposure:
|
||||
> High levels of UV-A and UV-B exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV-A and UV-B radiation has the following effects, in order of the duration and intensity of exposure:
|
||||
>
|
||||
> 1. The brow pad and device closures become discolored.
|
||||
> 1. Defects appear in the anti-reflective (AR) coating on the visor and on the sensor windows.
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 126 KiB After Width: | Height: | Size: 107 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 41 KiB After Width: | Height: | Size: 35 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 144 KiB After Width: | Height: | Size: 124 KiB |
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Get product packages
|
||||
description: The Get product packages operation retrieves the information about applications in the Micosoft Store for Business.
|
||||
description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business.
|
||||
ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
@ -14,7 +14,7 @@ ms.date: 09/18/2017
|
||||
|
||||
# Get product packages
|
||||
|
||||
The **Get product packages** operation retrieves the information about applications in the Micosoft Store for Business.
|
||||
The **Get product packages** operation retrieves the information about applications in the Microsoft Store for Business.
|
||||
|
||||
## Request
|
||||
|
||||
|
||||
BIN
windows/deployment/images/configmgr-assets.PNG
Normal file
BIN
windows/deployment/images/configmgr-assets.PNG
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 136 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 141 KiB After Width: | Height: | Size: 136 KiB |
BIN
windows/deployment/images/fig16-contentstatus.png
Normal file
BIN
windows/deployment/images/fig16-contentstatus.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 129 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 767 KiB After Width: | Height: | Size: 130 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 98 KiB After Width: | Height: | Size: 118 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 155 KiB After Width: | Height: | Size: 94 KiB |
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
Before Width: | Height: | Size: 72 KiB After Width: | Height: | Size: 73 KiB |
@ -463,7 +463,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
|
||||
|
||||
11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
|
||||
|
||||
12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo.
|
||||
12. Click the **Task Sequence** tab. Under **State Restore** click **Tattoo** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo.
|
||||
|
||||
13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again.
|
||||
|
||||
@ -775,7 +775,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce
|
||||
|
||||
9. Close the Map Network Drive window, the Explorer window, and the command prompt.
|
||||
|
||||
10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequenc Wizard. Click **Next** to continue with the deployment.
|
||||
10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequence Wizard. Click **Next** to continue with the deployment.
|
||||
|
||||
11. The task sequence will require several minutes to complete. You can monitor progress of the task sequence using the MDT Deployment Workbench under Deployment Shares > MDTProduction > Monitoring. The task sequence will:
|
||||
- Install Windows 10
|
||||
@ -1027,7 +1027,7 @@ In the Configuration Manager console, in the Software Library workspace under Op
|
||||
|
||||
### Deploy the new computer
|
||||
|
||||
1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows Powershell prompt on the Hyper-V host:
|
||||
1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
|
||||
|
||||
```
|
||||
Start-VM PC4
|
||||
|
||||
@ -47,7 +47,8 @@ Windows Hello provides many benefits, including:
|
||||
## Where is Windows Hello data stored?
|
||||
The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.
|
||||
|
||||
Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.
|
||||
> [!NOTE]
|
||||
>Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.
|
||||
|
||||
## Has Microsoft set any device requirements for Windows Hello?
|
||||
We've been working with the device manufacturers to help ensure a high-level of performance and protection is met by each sensor and device, based on these requirements:
|
||||
|
||||
@ -18,16 +18,23 @@ ms.reviewer:
|
||||
# How Windows Hello for Business works
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices.
|
||||
Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices.
|
||||
|
||||
Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features.
|
||||
> [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8]
|
||||
|
||||
## Technical Deep Dive
|
||||
|
||||
Windows Hello for Business is a distributed system that uses several components to accomplish device registration, provisioning, and authentication. Use this section to gain a better understanding of each of the components and how they support Windows Hello for Business.
|
||||
|
||||
Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning and authentication work.
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s]
|
||||
> [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek]
|
||||
|
||||
- [Technology and Terminology](hello-how-it-works-technology.md)
|
||||
- [Device Registration](hello-how-it-works-device-registration.md)
|
||||
- [Provisioning](hello-how-it-works-provisioning.md)
|
||||
|
||||
@ -24,14 +24,33 @@ ms.reviewer:
|
||||
## Overview of Windows Hello for Business and Features
|
||||
|
||||
Watch Pieter Wigleven explain Windows Hello for Business, Multi-factor Unlock, and Dynamic Lock
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8]
|
||||
|
||||
## Why PIN is more secure than a password
|
||||
|
||||
Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password.
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA]
|
||||
|
||||
## Microsoft's passwordless strategy
|
||||
|
||||
Watch Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less**
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/mXJS615IGLM]
|
||||
|
||||
## Windows Hello for Business Provisioning
|
||||
|
||||
Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning works.
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s]
|
||||
|
||||
## Windows Hello for Business Authentication
|
||||
|
||||
Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works.
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek]
|
||||
|
||||
## Windows Hello for Business user enrollment experience
|
||||
|
||||
The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment.
|
||||
|
||||
@ -21,13 +21,18 @@ ms.date: 10/23/2017
|
||||
# Why a PIN is better than a password
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
|
||||
Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password?
|
||||
On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works.
|
||||
|
||||
Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password.
|
||||
|
||||
> [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA]
|
||||
|
||||
## PIN is tied to the device
|
||||
|
||||
One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!
|
||||
|
||||
Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device.
|
||||
@ -44,7 +49,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
|
||||
|
||||
The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.
|
||||
|
||||
User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
|
||||
User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can't be stolen in cases where the identity provider or websites the user accesses have been compromised.
|
||||
|
||||
The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.
|
||||
|
||||
@ -54,10 +59,11 @@ The Windows Hello for Business PIN is subject to the same set of IT management p
|
||||
|
||||
## What if someone steals the laptop or phone?
|
||||
|
||||
To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
|
||||
To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user's biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
|
||||
You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins.
|
||||
|
||||
**Configure BitLocker without TPM**
|
||||
|
||||
1. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy:
|
||||
|
||||
**Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup**
|
||||
@ -72,7 +78,8 @@ You can provide additional protection for laptops that don't have TPM by enablin
|
||||
2. Set the number of invalid logon attempts to allow, and then click OK.
|
||||
|
||||
## Why do you need a PIN to use biometrics?
|
||||
Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can’t use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.
|
||||
|
||||
Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can't use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.
|
||||
|
||||
If you only had a biometric sign-in configured and, for any reason, were unable to use that method to sign in, you would have to sign in using your account and password, which doesn't provide you the same level of protection as Hello.
|
||||
|
||||
|
||||
@ -77,7 +77,6 @@ Not currently available.
|
||||
|
||||
## Integrations
|
||||
Integrations with the following Microsoft products are not currently available:
|
||||
- Azure Security Center
|
||||
- Azure Advanced Threat Protection
|
||||
- Azure Information Protection
|
||||
- Office 365 Advanced Threat Protection
|
||||
|
||||
@ -23,7 +23,8 @@ ms.date: 04/24/2018
|
||||
**Applies to:**
|
||||
- Virtual desktop infrastructure (VDI) machines
|
||||
|
||||
|
||||
>[!WARNING]
|
||||
> Micrsosoft Defender ATP currently does not support Windows Virtual Desktop multi-user session.
|
||||
|
||||
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
|
||||
|
||||
@ -95,11 +96,43 @@ The following steps will guide you through onboarding VDI machines and will high
|
||||
|
||||
8. Use the search function by entering the machine name and select **Machine** as search type.
|
||||
|
||||
## Updating non-persistent virtual desktop infrastructure (VDI) images
|
||||
As a best practice, we recommend using offline servicing tools to patch golden/master images.<br>
|
||||
For example, you can use the below commands to install an update while the image remains offline:
|
||||
|
||||
```
|
||||
DISM /Mount-image /ImageFile:"D:\Win10-1909.vhdx" /index:1 /MountDir:"C:\Temp\OfflineServicing"
|
||||
DISM /Image:"C:\Temp\OfflineServicing" /Add-Package /Packagepath:"C:\temp\patch\windows10.0-kb4541338-x64.msu"
|
||||
DISM /Unmount-Image /MountDir:"C:\Temp\OfflineServicing" /commit
|
||||
```
|
||||
|
||||
For more information on DISM commands and offline servicing, please refer to the articles below:
|
||||
- [Modify a Windows image using DISM](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism)
|
||||
- [DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14)
|
||||
- [Reduce the Size of the Component Store in an Offline Windows Image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reduce-the-size-of-the-component-store-in-an-offline-windows-image)
|
||||
|
||||
- If offline servicing is not a viable option for your non-persistent VDI environment, then the following steps should be taken to ensure consistency and sensor health:
|
||||
|
||||
1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
|
||||
|
||||
2. Ensure the sensor is off by running 'sc query sense'.
|
||||
|
||||
3. Service the image as needed.
|
||||
|
||||
4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
|
||||
|
||||
```
|
||||
PsExec.exe -s cmd.exe
|
||||
cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
|
||||
del *.* /f /s /q
|
||||
exit
|
||||
```
|
||||
|
||||
5. Re-seal the golden/master image as you normally would.
|
||||
|
||||
## Related topics
|
||||
- [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md)
|
||||
- [Onboard Windows 10 machines using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
|
||||
- [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md)
|
||||
- [Onboard Windows 10 machines using a local script](configure-endpoints-script.md)
|
||||
- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
|
||||
|
||||
|
||||
|
||||
@ -175,7 +175,7 @@ The following capabilities are included in this integration:
|
||||
- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
|
||||
|
||||
> [!NOTE]
|
||||
> Automated onboarding is only applicable for Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016.
|
||||
> Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
|
||||
|
||||
- Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
|
||||
- Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 52 KiB After Width: | Height: | Size: 55 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 56 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 48 KiB After Width: | Height: | Size: 53 KiB |
@ -21,6 +21,9 @@ ms.topic: conceptual
|
||||
|
||||
## 100.90.70
|
||||
|
||||
> [!WARNING]
|
||||
> When upgrading the installed package from a product version earlier than 100.90.70, the update may fail on Red Hat-based and SLES distributions. This is because of a major change in a file path. A temporary solution is to remove the older package, and then install the newer one. This issue does not exist in newer versions.
|
||||
|
||||
- Antivirus [exclusions now support wildcards](linux-exclusions.md#supported-exclusion-types)
|
||||
- Added the ability to [troubleshoot performance issues](linux-support-perf.md) through the `mdatp` command-line tool
|
||||
- Improvements to make the package installation more robust
|
||||
|
||||
@ -59,6 +59,9 @@ You'll need to enable the live response capability in the [Advanced features set
|
||||
|
||||
>[!NOTE]
|
||||
>Only users with manage security or global admin roles can edit these settings.
|
||||
|
||||
- **Ensure that the machine has an Automation Remediation level assigned to it**<br>
|
||||
You'll need to enable, at least, the minimum Remdiation Level for a given Machine Group. Otherwise you won't be able to establish a Live Response session to a member of that group.
|
||||
|
||||
- **Enable live response unsigned script execution** (optional) <br>
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
---
|
||||
---
|
||||
title: Manage indicators
|
||||
ms.reviewer:
|
||||
description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
|
||||
|
||||
@ -66,7 +66,7 @@ Threat & Vulnerability Management helps customers prioritize and focus on those
|
||||
|
||||
Microsoft Defender ATP's Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues.
|
||||
|
||||
- Remediation requests to IT. Through Microsoft Defender ATP's integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
|
||||
- Remediation requests to IT. Through Microsoft Defender ATP's integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms.
|
||||
- Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities.
|
||||
- Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization.
|
||||
|
||||
@ -84,10 +84,10 @@ Ensure that your machines:
|
||||
|
||||
> Release | Security update KB number and link
|
||||
> :---|:---
|
||||
> RS3 customers | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) and [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
|
||||
> RS4 customers| [KB4493464](https://support.microsoft.com/help/4493464) and [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
|
||||
> RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
|
||||
> 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
|
||||
> Windows 10 Version 1709 | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) and [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
|
||||
> Windows 10 Version 1803 | [KB4493464](https://support.microsoft.com/help/4493464) and [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
|
||||
> Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
|
||||
> Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
|
||||
|
||||
- Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager. If you are using Configuration Manager, update your console to the latest version.
|
||||
- Have at least one security recommendation that can be viewed in the machine page
|
||||
|
||||
@ -123,7 +123,7 @@ Manager and deploy that policy to Windows 10 devices.
|
||||
|
||||
|
||||
|
||||
3. Select **Download package**.
|
||||
3. Select **Download package**.
|
||||
|
||||
|
||||
|
||||
@ -184,11 +184,11 @@ Before the systems can be onboarded into the workspace, the deployment scripts n
|
||||
Edit the InstallMMA.cmd with a text editor, such as notepad and update the
|
||||
following lines and save the file:
|
||||
|
||||
|
||||
|
||||
|
||||
Edit the ConfiguerOMSAgent.vbs with a text editor, such as notepad, and update the following lines and save the file:
|
||||
|
||||
|
||||
|
||||
|
||||
Microsoft Monitoring Agent (MMA) is currently (as of January 2019) supported on the following Windows Operating
|
||||
Systems:
|
||||
|
||||
@ -170,12 +170,12 @@ how the endpoint security suite should be enabled.
|
||||
|
||||
| Component | Description | Adoption Order Rank |
|
||||
|-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
|
||||
| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 |
|
||||
| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes: | 2 |
|
||||
| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 3 |
|
||||
| Threat & Vulnerability Management (TVM) | Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: | 4 |
|
||||
| Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable |
|
||||
| Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable |
|
||||
| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. <br> [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 |
|
||||
|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: <br> - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities <br> - Invaluable machine vulnerability context during incident investigations <br> - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager <br> [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 |
|
||||
| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes: <br> -Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus. <br> - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection"). <br> - Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research. <br> [Learn more](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). |3 |
|
||||
| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. <br> [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 |
|
||||
| Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. <br>[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable |
|
||||
| Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. <br>[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable |
|
||||
|
||||
## Next step
|
||||
|||
|
||||
|
||||
@ -57,7 +57,7 @@ In this deployment scenario, you'll be guided through the steps on:
|
||||
|
||||
|
||||
>[!NOTE]
|
||||
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
|
||||
>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md).
|
||||
|
||||
## Check license state
|
||||
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 151 KiB |
@ -56,6 +56,14 @@ Windows Defender SmartScreen provide an early warning system against websites th
|
||||
> [!IMPORTANT]
|
||||
> SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
|
||||
|
||||
## Submit files to Windows Defender SmartScreen for review
|
||||
|
||||
If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more info, see [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide).
|
||||
|
||||
When submitting Microsoft Defender Smartscreen products, make sure to select **Microsoft Defender SmartScreen** from the product menu.
|
||||
|
||||
|
||||
|
||||
## Viewing Windows Defender SmartScreen anti-phishing events
|
||||
|
||||
When Windows Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
|
||||
|
||||
Reference in New Issue
Block a user