diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 6568445c8a..47d3a0ac90 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -851,21 +851,11 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/check-sensor-status-windows-defender-advanced-threat-protection", "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -981,16 +971,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1001,171 +981,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1196,21 +1011,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1281,11 +1081,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1301,16 +1096,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1331,16 +1116,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/supported-response-apis-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -1376,21 +1151,6 @@ "redirect_document_id": true }, { -"source_path": "windows/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ -"source_path": "windows/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", -"redirect_url": "/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection", -"redirect_document_id": true -}, -{ "source_path": "windows/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md", "redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection", "redirect_document_id": true @@ -13909,6 +13669,245 @@ "source_path": "windows/privacy/manage-windows-endpoints.md", "redirect_url": "/windows/privacy/manage-windows-1809-endpoints", "redirect_document_id": true -} +}, +{ +"source_path":"windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +},{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, +{ +"source_path": "windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md", +"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis", +"redirect_document_id": false +}, ] } diff --git a/browsers/edge/edge-technical-demos.md b/browsers/edge/edge-technical-demos.md new file mode 100644 index 0000000000..b401556fed --- /dev/null +++ b/browsers/edge/edge-technical-demos.md @@ -0,0 +1,36 @@ +--- +title: Microsoft Edge training and demonstrations +ms.prod: browser-edge +layout: article +ms.topic: article +ms.manager: elizapo +author: lizap +ms.author: elizapo +ms.localizationpriority: high +--- + +# Microsoft Edge training and demonstrations + +Explore security and compatibility features of Microsoft Edge, and get tips to increase manageability, productivity, and support for legacy apps. + +## Virtual labs + +Microsoft Hands-On Labs let you experience a software product or technology using a cloud-based private virtual machine environment. Get free access to one or more virtual machines, with no additional software or setup required. + +Check out the **Use Internet Explorer Enterprise Mode to fix compatibility issues (WS00137)" on the [self-paced labs site](https://www.microsoft.com/handsonlabs/SelfPacedLabs/?storyGuid=e4155067-2c7e-4b46-8496-eca38bedca02). + +## Features and functionality + +Find out more about new and improved features of Microsoft Edge, and how you can leverage them to bring increased productivity, security, manageability, and support for legacy apps to your secure, modern desktop. + +### Building a faster browser: Behind the scenes improvements in Microsoft Edge + +Get a behind the scenes look at Microsoft Edge and the improvements we've made to make it faster and more efficient. + +![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es14] + +### Building a safer browser: Four guards to keep users safe + +Learn about our security strategy and how we use the Four Guards to keep your users safe while they browse the Internet. + +![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es03] \ No newline at end of file diff --git a/browsers/edge/images/compat1.png b/browsers/edge/images/compat1.png new file mode 100644 index 0000000000..35634d70b5 Binary files /dev/null and b/browsers/edge/images/compat1.png differ diff --git a/browsers/edge/images/compat2.png b/browsers/edge/images/compat2.png new file mode 100644 index 0000000000..e52f7d6c2d Binary files /dev/null and b/browsers/edge/images/compat2.png differ diff --git a/browsers/edge/images/compat3.png b/browsers/edge/images/compat3.png new file mode 100644 index 0000000000..f67fad2e8f Binary files /dev/null and b/browsers/edge/images/compat3.png differ diff --git a/browsers/edge/images/deploy-enduser.png b/browsers/edge/images/deploy-enduser.png new file mode 100644 index 0000000000..2a313013a9 Binary files /dev/null and b/browsers/edge/images/deploy-enduser.png differ diff --git a/browsers/edge/images/deploy-land.png b/browsers/edge/images/deploy-land.png new file mode 100644 index 0000000000..c8fd9a1ba9 Binary files /dev/null and b/browsers/edge/images/deploy-land.png differ diff --git a/browsers/edge/images/edgeblog.png b/browsers/edge/images/edgeblog.png new file mode 100644 index 0000000000..544ad83db6 Binary files /dev/null and b/browsers/edge/images/edgeblog.png differ diff --git a/browsers/edge/images/enduser-land.png b/browsers/edge/images/enduser-land.png new file mode 100644 index 0000000000..61958be866 Binary files /dev/null and b/browsers/edge/images/enduser-land.png differ diff --git a/browsers/edge/images/land-compat.png b/browsers/edge/images/land-compat.png new file mode 100644 index 0000000000..f709974ced Binary files /dev/null and b/browsers/edge/images/land-compat.png differ diff --git a/browsers/edge/images/land-security.png b/browsers/edge/images/land-security.png new file mode 100644 index 0000000000..468354869f Binary files /dev/null and b/browsers/edge/images/land-security.png differ diff --git a/browsers/edge/images/land1.png b/browsers/edge/images/land1.png new file mode 100644 index 0000000000..b47bbd5b30 Binary files /dev/null and b/browsers/edge/images/land1.png differ diff --git a/browsers/edge/images/new1.png b/browsers/edge/images/new1.png new file mode 100644 index 0000000000..bfa51b83f4 Binary files /dev/null and b/browsers/edge/images/new1.png differ diff --git a/browsers/edge/images/new2.png b/browsers/edge/images/new2.png new file mode 100644 index 0000000000..dee2d7eb15 Binary files /dev/null and b/browsers/edge/images/new2.png differ diff --git a/browsers/edge/images/new3.png b/browsers/edge/images/new3.png new file mode 100644 index 0000000000..59f83920fb Binary files /dev/null and b/browsers/edge/images/new3.png differ diff --git a/browsers/edge/images/new4.png b/browsers/edge/images/new4.png new file mode 100644 index 0000000000..070a4f9a11 Binary files /dev/null and b/browsers/edge/images/new4.png differ diff --git a/browsers/edge/images/security1.png b/browsers/edge/images/security1.png new file mode 100644 index 0000000000..f4d8b0421e Binary files /dev/null and b/browsers/edge/images/security1.png differ diff --git a/browsers/edge/images/security2.png b/browsers/edge/images/security2.png new file mode 100644 index 0000000000..23ae998b39 Binary files /dev/null and b/browsers/edge/images/security2.png differ diff --git a/browsers/edge/images/security3.png b/browsers/edge/images/security3.png new file mode 100644 index 0000000000..3ee5d56354 Binary files /dev/null and b/browsers/edge/images/security3.png differ diff --git a/browsers/edge/images/twitter.png b/browsers/edge/images/twitter.png new file mode 100644 index 0000000000..3b30a9a1cc Binary files /dev/null and b/browsers/edge/images/twitter.png differ diff --git a/browsers/edge/images/wipinsider.png b/browsers/edge/images/wipinsider.png new file mode 100644 index 0000000000..a1f1f0b0fe Binary files /dev/null and b/browsers/edge/images/wipinsider.png differ diff --git a/browsers/edge/microsoft-edge-forrester.md b/browsers/edge/microsoft-edge-forrester.md new file mode 100644 index 0000000000..af5edc25e9 --- /dev/null +++ b/browsers/edge/microsoft-edge-forrester.md @@ -0,0 +1,37 @@ +--- +title: Microsoft Edge - Forrester Total Economic Impact +description: Review the results of the Microsoft Edge study carried out by Forrester Research +ms.prod: browser-edge +layout: article +ms.topic: article +ms.manager: elizapo +author: lizap +ms.author: elizapo +ms.localizationpriority: high +--- + +# Measuring the impact of Microsoft Edge - Total Economic Impact (TEI) of Microsoft Edge + +Forrester Research measures the return on investment (ROI) of Microsoft Edge in its latest TEI report and survey. Browse and download these free resources to learn about the impact Microsoft Edge can have in your organization, including significant cost savings in reduced browser help desk tickets and improved browser security, to increased speed, performance, and user productivity. + +## Forrester report video summary +View a brief overview of the Forrester TEI case study that Microsoft commissioned to examine the value your organization can achieve by utilizing Microsoft Edge: + +>![VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE26zQm] + +## Forrester Study report + +Forrester interviewed several customers with more than six months of experience using Microsoft Edge – all customers reported improvements in browser security, increased user productivity, and efficiencies gained in supporting the software. + +[Download the full report](https://www.microsoft.com/download/details.aspx?id=55847) + +## Forrester Study report infographic +Get a graphical summary of the TEI of Microsoft Edge Forrester Study report and highlights of the three-year financial impact of Microsoft Edge. + +[Download the report infographic](https://www.microsoft.com/download/details.aspx?id=55956) + +## Forrester survey infographic + +Forrester surveyed 168 customers using Microsoft Edge form the US, Germany, UK, and Japan, ranging in size from 500 to over 100,000 employees. This document is an abridged version of this survey commissioned by Microsoft and delivery by Forrester consulting. + +[Download the survey infographic](https://www.microsoft.com/download/details.aspx?id=53892) \ No newline at end of file diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml new file mode 100644 index 0000000000..c1c094727a --- /dev/null +++ b/browsers/edge/microsoft-edge.yml @@ -0,0 +1,61 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Microsoft Edge +metadata: + document_id: + title: Microsoft Edge + description: Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. + keywords: Microsoft Edge, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find the tools and resources you need to help deploy and use Microsoft Edge in your organization. + " +- title: What's new +- items: + - type: markdown + text: " + Find out the latest and greatest news on Microsoft Edge.
+ +

**The latest in Microsoft Edge**
See what's new for users and developers in the next update to Microsoft Edge - now available with the Windows 10 April 2018 update!
Find out more
**Evaluate the impact**
Review the latest Forrester Total Economic Impact (TEI) report to learn about the impact Microsoft Edge can have in your organization.
Download the reports

**Microsoft Edge for iOS and Android**
Microsoft Edge brings familiar features across your PC and phone, which allows browsing to go with you, no matter what device you use.
Learn more
**Application Guard**
Microsoft Edge with Windows Defender Application Guard is the most secure browser on Windows 10 Enterprise.
Learn more
+ " +- title: Compatibility +- items: + - type: markdown + text: " + Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
+ +

**Test your site on Microsoft Edge**
Test your site on Microsoft Edge for free instantly, with remote browser testing powered by BrowserStack. You can also use the linting tool sonarwhal to assess your site's accessibility, speed, security, and more.
Test your site on Microsoft Edge for free on BrowserStack
Use sonarwhal to improve your website.
**Improve compatibility with Enterprise Mode**
With Enterprise Mode you can use Microsoft Edge as your default browser, while ensuring apps continue working on IE11.
Use Enterprse mode to improve compatibility
Turn on Enterprise Mode and use a site list
Enterprise Site List Portal
Ultimate browser strategy on Windows 10
**Web Application Compatibility Lab Kit**
The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge.
Find out more
+ " +- title: Security +- items: + - type: markdown + text: " + Microsoft Edge uses Windows Hello and SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
+ +

**NSS Labs web browser security reports**
See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks.
Download the reports
**Microsoft Edge sandbox**
See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege.
Find out more
**Windows Defender SmartScreen**
Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely.
Read the docs
+ " +- title: Deployment and end user readiness +- items: + - type: markdown + text: " + Find resources and learn about features to help you deploy Microsoft Edge in your organization to get your users up and running quickly.
+ +

**Deployment**
Find resources, learn about features, and get answers to commonly asked questions to help you deploy Microsoft Edge in your organization.
Microsoft Edge deployment guide
Microsoft Edge FAQ
System requirements and language support
Group Policy and MDM settings in Microsoft Edge
Download the Web Application Compatibility Lab Kit
Microsoft Edge training and demonstrations
**End user readiness**
Help your users get started on Microsoft Edge quickly and learn about features like tab management, instant access to Office files, and more.
Quick Start: Microsoft Edge (PDF, .98 MB)
Find it faster with Microsoft Edge (PDF, 605 KB)
Use Microsoft Edge to collaborate (PDF, 468 KB)
Import bookmarks
Password management
Microsoft Edge tips and tricks (video, 20:26)
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Sign up for the Windows IT Pro Insider**
Get the latest tools, tips, and expert guidance on deployment, management, security, and more.
Learn more
**Microsoft Edge Dev blog**
Keep up with the latest browser trends, security tips, and news for IT professionals.
Read the blog
**Microsoft Edge Dev on Twitter**
Get the latest news and updates from the Microsoft Web Platform team.
Visit Twitter
+ " diff --git a/browsers/edge/web-app-compat-toolkit.md b/browsers/edge/web-app-compat-toolkit.md new file mode 100644 index 0000000000..03ce172837 --- /dev/null +++ b/browsers/edge/web-app-compat-toolkit.md @@ -0,0 +1,55 @@ +--- +title: Web Application Compatibility lab kit +ms.prod: browser-edge +layout: article +ms.topic: article +ms.manager: elizapo +author: lizap +ms.author: elizapo +ms.localizationpriority: high +--- + +# Web Application Compatibility lab kit + +>Updated: October, 2017 + +Upgrading web applications to modern standards is the best long-term solution to ensure compatibility with today’s web browsers, but using backward compatibility can save time and money. Internet Explorer 11 has features that can ease your browser and operating system upgrades, reducing web application testing and remediation costs. On Windows 10, you can standardize on Microsoft Edge for faster, safer browsing and fall back to Internet Explorer 11 just for sites that need backward compatibility. + +The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. It walks you through how to configure and set up Enterprise Mode, leverage Enterprise Site Discovery, test web apps using the F12 developer tools, and manage the Enterprise Mode Site List. + +The Web Application Compatibility Lab Kit includes: + +- A pre-configured Windows 7 and Windows 10 virtual lab environment with: + - Windows 7 Enterprise Evaluation + - Windows 10 Enterprise Evaluation (version 1607) + - Enterprise Mode Site List Manager + - Enterprise Site Discovery Toolkit +- A "lite" lab option to run the lab on your own Windows 7 or Windows 10 operating system +- A step-by-step lab guide +- A web application compatibility overview video +- A white paper and IT Showcase studies + +Depending on your environment, your web apps may "just work” using the methods described below. Visit [Microsoft Edge Dev](https://developer.microsoft.com/microsoft-edge/) for tools and guidance for web developers. + +There are two versions of the lab kit available: + +- Full version (8 GB) - includes a complete virtual lab environment +- Lite version (400 MB) - includes guidance for running the Lab Kit on your own Windows 7 or Windows 10 operating system + +The Web Application Compatibility Lab Kit is also available in the following languages: + +- Chinese (Simplified) +- Chinese (Traditional) +- French +- German +- Italian +- Japanese +- Korean +- Portuguese (Brazil) +- Russian +- Spanish + +[DOWNLOAD THE LAB KIT](https://www.microsoft.com/evalcenter/evaluate-windows-10-web-application-compatibility-lab) + +>[!TIP] +>Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space. \ No newline at end of file diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 5d6a571e4a..424b01e58e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -20,8 +20,8 @@ ms.date: 07/27/2017 Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. ->**Upgrade Analytics and Windows upgrades**
->You can use Upgrade Analytics to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Analytics to review several site discovery reports. Check out Upgrade Analytics from [here](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-get-started). +>**Upgrade Readiness and Windows upgrades**
+>You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/en-us/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness). ## Before you begin diff --git a/browsers/internet-explorer/images/deploy1.png b/browsers/internet-explorer/images/deploy1.png new file mode 100644 index 0000000000..1e16c46e03 Binary files /dev/null and b/browsers/internet-explorer/images/deploy1.png differ diff --git a/browsers/internet-explorer/images/deploy2.png b/browsers/internet-explorer/images/deploy2.png new file mode 100644 index 0000000000..44b4aad41c Binary files /dev/null and b/browsers/internet-explorer/images/deploy2.png differ diff --git a/browsers/internet-explorer/images/explore1.png b/browsers/internet-explorer/images/explore1.png new file mode 100644 index 0000000000..3a956dc394 Binary files /dev/null and b/browsers/internet-explorer/images/explore1.png differ diff --git a/browsers/internet-explorer/images/explore2.png b/browsers/internet-explorer/images/explore2.png new file mode 100644 index 0000000000..c07bbd197b Binary files /dev/null and b/browsers/internet-explorer/images/explore2.png differ diff --git a/browsers/internet-explorer/images/explore3.png b/browsers/internet-explorer/images/explore3.png new file mode 100644 index 0000000000..4ea3adee19 Binary files /dev/null and b/browsers/internet-explorer/images/explore3.png differ diff --git a/browsers/internet-explorer/images/ie-deploy.png b/browsers/internet-explorer/images/ie-deploy.png new file mode 100644 index 0000000000..622d9e250b Binary files /dev/null and b/browsers/internet-explorer/images/ie-deploy.png differ diff --git a/browsers/internet-explorer/images/ie-explore.png b/browsers/internet-explorer/images/ie-explore.png new file mode 100644 index 0000000000..184cfdf381 Binary files /dev/null and b/browsers/internet-explorer/images/ie-explore.png differ diff --git a/browsers/internet-explorer/images/ie-manage.png b/browsers/internet-explorer/images/ie-manage.png new file mode 100644 index 0000000000..51c9cc4aa9 Binary files /dev/null and b/browsers/internet-explorer/images/ie-manage.png differ diff --git a/browsers/internet-explorer/images/ie-plan.png b/browsers/internet-explorer/images/ie-plan.png new file mode 100644 index 0000000000..9b158a815f Binary files /dev/null and b/browsers/internet-explorer/images/ie-plan.png differ diff --git a/browsers/internet-explorer/images/ie-support.png b/browsers/internet-explorer/images/ie-support.png new file mode 100644 index 0000000000..4152163abc Binary files /dev/null and b/browsers/internet-explorer/images/ie-support.png differ diff --git a/browsers/internet-explorer/images/informed1.png b/browsers/internet-explorer/images/informed1.png new file mode 100644 index 0000000000..a1f1f0b0fe Binary files /dev/null and b/browsers/internet-explorer/images/informed1.png differ diff --git a/browsers/internet-explorer/images/informed2.png b/browsers/internet-explorer/images/informed2.png new file mode 100644 index 0000000000..544ad83db6 Binary files /dev/null and b/browsers/internet-explorer/images/informed2.png differ diff --git a/browsers/internet-explorer/images/manage1.png b/browsers/internet-explorer/images/manage1.png new file mode 100644 index 0000000000..df84f05983 Binary files /dev/null and b/browsers/internet-explorer/images/manage1.png differ diff --git a/browsers/internet-explorer/images/manage2.png b/browsers/internet-explorer/images/manage2.png new file mode 100644 index 0000000000..94d111e32c Binary files /dev/null and b/browsers/internet-explorer/images/manage2.png differ diff --git a/browsers/internet-explorer/images/manage3.png b/browsers/internet-explorer/images/manage3.png new file mode 100644 index 0000000000..c0043c5a8e Binary files /dev/null and b/browsers/internet-explorer/images/manage3.png differ diff --git a/browsers/internet-explorer/images/manage4.png b/browsers/internet-explorer/images/manage4.png new file mode 100644 index 0000000000..20af91d5a5 Binary files /dev/null and b/browsers/internet-explorer/images/manage4.png differ diff --git a/browsers/internet-explorer/images/plan1.png b/browsers/internet-explorer/images/plan1.png new file mode 100644 index 0000000000..1bf8e4264e Binary files /dev/null and b/browsers/internet-explorer/images/plan1.png differ diff --git a/browsers/internet-explorer/images/plan2.png b/browsers/internet-explorer/images/plan2.png new file mode 100644 index 0000000000..95103ecc5b Binary files /dev/null and b/browsers/internet-explorer/images/plan2.png differ diff --git a/browsers/internet-explorer/images/support1.png b/browsers/internet-explorer/images/support1.png new file mode 100644 index 0000000000..e771ed999a Binary files /dev/null and b/browsers/internet-explorer/images/support1.png differ diff --git a/browsers/internet-explorer/images/support2.png b/browsers/internet-explorer/images/support2.png new file mode 100644 index 0000000000..9841cf1962 Binary files /dev/null and b/browsers/internet-explorer/images/support2.png differ diff --git a/browsers/internet-explorer/images/support3.png b/browsers/internet-explorer/images/support3.png new file mode 100644 index 0000000000..a3a0425c73 Binary files /dev/null and b/browsers/internet-explorer/images/support3.png differ diff --git a/browsers/internet-explorer/images/twitter.png b/browsers/internet-explorer/images/twitter.png new file mode 100644 index 0000000000..3b30a9a1cc Binary files /dev/null and b/browsers/internet-explorer/images/twitter.png differ diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml new file mode 100644 index 0000000000..c9b14b03a2 --- /dev/null +++ b/browsers/internet-explorer/internet-explorer.yml @@ -0,0 +1,69 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Internet Explorer 11 +metadata: + document_id: + title: Internet Explorer 11 + description: Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. + keywords: Internet Explorer 11. IE11 + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Consistent, reliable web browsing on Windows 7, Windows 8.1, and Windows 10, with the security, performance, backward compatibility, and modern standards support that large organizations need. + " +- title: Explore +- items: + - type: markdown + text: " + Find tools, step-by-step guides, updates, and other resources to help you get started.
+ +

**Get started**
Get information om tools, frequently asked questions, requirements, and guidelines.
IE11 features and tools
System requirements and language support
Frequently asked questions
Internet Explorer 11 deployment guide
Use Enterprise Mode to improve compatibility
Lifecycle FAQ - Internet Explorer
**Downloads and tools**
Find tools and resources to help you address compatibility and get up to date.
Download IE11 with Windows 10
Enterprise Mode Site List Manager (schema, v.2)
Web Application Compatibility Lab Kit
Cumulative security updates for Internet Explorer 11
**Find training**
Find online training and hands-on labs for common configuration and management tasks.
Getting started with Windows 10 for IT professionals
Windows 10: Top Features for IT Pros
Manage and modernize Internet Explorer with Enterprise Mode
Virtual Lab: Enterprise Mode
+ " +- title: Plan +- items: + - type: markdown + text: " + Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.
+ +

**Get started with compatibility**
Find out how to extend your company's investment in older web apps through higher compatibility with older rendering engines while moving forward to a more modern browser like Internet Explorer 11.
What is Enterprise Mode?
Tips and tricks to manage Internet Explorer compatibility
Download the Enterprise Site Discovery Toolkit
Collect data using Enterprise Site Discovery
Manage Windows upgrades with Upgrade Readiness
Demo: Plan and manage Windows 10 upgrades and feature updates with Upgrade Readiness
**Using Enterprise Mode**
Learn how to avoid the commom compatibility problems associated with web apps written and tested on older versions of Internet Explorer by using Enterprise Mode.
Turn on Enterprise Mode and use a site list
Add sites to the Enterprise Mode site list
Edit the Enterprise Mode site list
Turn on local control and logging for Enterprise Mode
+ " +- title: Deploy +- items: + - type: markdown + text: " + Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
+ +

**Customize Internet Explorer 11**
The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after deployment.
Download IEAK 11
IEAK 11 user's guide
Frequently asked questions about IEAK 11
Customization and distribution guidelines
**Install Internet Explorer 11**
Explore the different options for installation.
Through Automatic Updates (recommended)
As part of an operating system deployment
Over the network
With System Center 2012 R2 Configuration Manager
With Windows Server Update Services (WSUS)
With Microsoft Intune
With third-party tools
+ " +- title: Manage +- items: + - type: markdown + text: " + Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
+ +

**Enforce settings with Group Policy**
Learn how to use Group Policy to enforce settings on the computers in your organization.
Group Policy for beginners
New Group Policy settings for IE11
Administrative templates for IE11
**Standardize with Group Policy preferences**
Group Policy preferences simplify deployment and standardize configurations, but unlike Group Policy, they can later be changed by users.
Group Policy preferences for IE11
Configure Group Policy preferences

**Blocked out-of-date ActiveX controls**
Find out more about the out-of-date ActiveX control blocking security feature available in Internet Explorer.
Blocked out-of-date ActiveX controls
Out-of-date ActiveX control blocking
Update to block out-of-date ActiveX controls in Internet Explorer
**Scripts for IT professionals**
Find scripts to help you save time and automate common tasks.
Batch loop: Check is a process running, if yes, wait in loop
Script to join user to AD with automatic Local user Profile Migration
Find-IE Citrix receiver Version
See all scripts
+ " +- title: Support +- items: + - type: markdown + text: " + Get help from product specialists and community experts, and find solutions to commonly encountered issues.
+ +

**Troubleshoot common issues**
Find solutions to common issues and get tips from Microsoft product teams and community experts.
Change or reset Internet Explorer settings
Troubleshoot custom package and IEAK 11 problems
Troubleshoot problems with setup, installation, auto configuration, and more
Disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone
**Find answers and community support**
Find FAQs or visit the forums to ask a question or find answers.
Lifecycle FAQ - Internet Explorer
Frequently asked questions about IEAK 11
Microsoft Edge FAQ
Internet Explorer 8, 9, 10, 11 forum
Internet Explorer development forums
Windows 8.1 forums
Windows 10: General (includes Microsoft Edge)
**Contact Microsoft for additional help**
Explore the support options that are available from Microsoft.
Contact a Microsoft support professional
Support options for Microsoft Partners
Microsoft Services Premier Support
Microsoft Small Business Support Center
General support
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Sign up for the Windows IT Pro Insider**
Get the latest tools, tips, and expert guidance on deployment, management, security, and more.
Learn more
**Microsoft Edge Dev blog**
Keep up with the latest browser trends, security tips, and news for IT professionals.
Read the blog
**Microsoft Edge Dev on Twitter**
Get the latest news and updates from the Microsoft Web Platform team.
Visit Twitter
+ " diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md index 6fcee63f5d..346d0c8d8a 100644 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ b/devices/surface-hub/first-run-program-surface-hub.md @@ -335,9 +335,11 @@ This is what happens when you choose an option. - **Use Microsoft Azure Active Directory** - Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. After joining, admins from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization. + Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins security group from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization. >[!IMPORTANT] + >Administrators added to the Azure Global Admins group after you join the device to Azure AD will be unable to use the Settings app. + > >If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually. - **Use Active Directory Domain Services** diff --git a/devices/surface-hub/images/deploy1.png b/devices/surface-hub/images/deploy1.png new file mode 100644 index 0000000000..1c5c119303 Binary files /dev/null and b/devices/surface-hub/images/deploy1.png differ diff --git a/devices/surface-hub/images/deploy2.png b/devices/surface-hub/images/deploy2.png new file mode 100644 index 0000000000..2b035e979f Binary files /dev/null and b/devices/surface-hub/images/deploy2.png differ diff --git a/devices/surface-hub/images/deploy3.png b/devices/surface-hub/images/deploy3.png new file mode 100644 index 0000000000..56621a24dc Binary files /dev/null and b/devices/surface-hub/images/deploy3.png differ diff --git a/devices/surface-hub/images/getstarted.png b/devices/surface-hub/images/getstarted.png new file mode 100644 index 0000000000..e5b85dd8ae Binary files /dev/null and b/devices/surface-hub/images/getstarted.png differ diff --git a/devices/surface-hub/images/manage1.png b/devices/surface-hub/images/manage1.png new file mode 100644 index 0000000000..4caf53b809 Binary files /dev/null and b/devices/surface-hub/images/manage1.png differ diff --git a/devices/surface-hub/images/manage2.png b/devices/surface-hub/images/manage2.png new file mode 100644 index 0000000000..cb232cffa6 Binary files /dev/null and b/devices/surface-hub/images/manage2.png differ diff --git a/devices/surface-hub/images/manage3.png b/devices/surface-hub/images/manage3.png new file mode 100644 index 0000000000..9da88b808e Binary files /dev/null and b/devices/surface-hub/images/manage3.png differ diff --git a/devices/surface-hub/images/manage4.png b/devices/surface-hub/images/manage4.png new file mode 100644 index 0000000000..5c9553718e Binary files /dev/null and b/devices/surface-hub/images/manage4.png differ diff --git a/devices/surface-hub/images/plan1.png b/devices/surface-hub/images/plan1.png new file mode 100644 index 0000000000..891e1e43a6 Binary files /dev/null and b/devices/surface-hub/images/plan1.png differ diff --git a/devices/surface-hub/images/plan2.png b/devices/surface-hub/images/plan2.png new file mode 100644 index 0000000000..3ad1f2b9fc Binary files /dev/null and b/devices/surface-hub/images/plan2.png differ diff --git a/devices/surface-hub/images/plan3.png b/devices/surface-hub/images/plan3.png new file mode 100644 index 0000000000..1891d1d2b5 Binary files /dev/null and b/devices/surface-hub/images/plan3.png differ diff --git a/devices/surface-hub/images/surfaceblog.png b/devices/surface-hub/images/surfaceblog.png new file mode 100644 index 0000000000..ae996a918c Binary files /dev/null and b/devices/surface-hub/images/surfaceblog.png differ diff --git a/devices/surface-hub/images/surfacemechanics.png b/devices/surface-hub/images/surfacemechanics.png new file mode 100644 index 0000000000..ad674466fa Binary files /dev/null and b/devices/surface-hub/images/surfacemechanics.png differ diff --git a/devices/surface-hub/images/twitter.png b/devices/surface-hub/images/twitter.png new file mode 100644 index 0000000000..25143adcf6 Binary files /dev/null and b/devices/surface-hub/images/twitter.png differ diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 0ae8b338d8..6f1deba6b9 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -37,8 +37,8 @@ Additionally, note that Surface Hub requires the following open ports: If you are using Surface Hub with Skype for Business, you will need to open additional ports. Please follow the guidance below: - If you use Skype for Business Online, see [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). -- If you use Skype for Business Server, see [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). -- If you use a hybrid of Skype for Business Online and Skype for Business Server, you need to open all documented ports from [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) and [Skype for Business Server: Ports and protocols for internal servers](https://technet.microsoft.com/library/gg398833.aspx). +- If you use Skype for Business Server, see [Skype for Business Server: Ports and protocols for internal servers](https://docs.microsoft.com/SkypeForBusiness/plan-your-deployment/network-requirements/ports-and-protocols). +- If you use a hybrid of Skype for Business Online and Skype for Business Server, you need to open all documented ports from [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) and [Skype for Business Server: Ports and protocols for internal servers](https://docs.microsoft.com/SkypeForBusiness/plan-your-deployment/network-requirements/ports-and-protocols?toc=/SkypeForBusiness/toc.json&bc=/SkypeForBusiness/breadcrumb/toc.json). Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list: - Diagnostic data client endpoint: `https://vortex.data.microsoft.com/` diff --git a/devices/surface-hub/surface-hub.yml b/devices/surface-hub/surface-hub.yml new file mode 100644 index 0000000000..0a9e948ca5 --- /dev/null +++ b/devices/surface-hub/surface-hub.yml @@ -0,0 +1,62 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Surface Hub +metadata: + document_id: + title: Surface Hub + description: Find tools and resources to help you install, set up, and manage a Surface Hub in your organization. + keywords: Surface Hub, Windows 10 + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools and resources to help you install, set up, and manage a Surface Hub in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Discover how this all-in-one productivity device enables teams to better brainstorm, collaborate, and share ideas.
+
+ +
Explore the key features and product specifications of Surface Hub.
Get real-world examples of how you can increase productivity and improve collaboration.		Differences between Surface Hub and Windows 10 Enterprise
Surface Hub FAQ'
+ " +- title: Plan +- items: + - type: markdown + text: " + Prepare to deploy Surface Hub in your organization. Explore site readiness, assembly, configuration, and Exchange and ActiveSync policies.
+ +

**Get ready for Surface Hub**
Explore the steps you'll need to take to set up Surface Hub.
Surface Hub Site Readiness Guide (PDF, 1.48 MB)
Unpacking guides
**Assembly for Surface Hub**
Learn how to assemble your Surface Hub.
Surface Hub Setup Guide (PDF, 1.43 MB)
Mounting and assembling guides
**Prepare your environment**
Learn about setup dependencies and account requirements.
Prepare your environment
Create and test a device account
+ " +- title: Deploy +- items: + - type: markdown + text: " + Get information for setup, app management and installation, and network management of your Surface Hub.
+ +

**Set up your Surface Hub**
Review info needed to prepare for using the out-of-box experience to set up your Surface Hub.
Setup worksheet
First-run program
PowerShell scripts
**Install apps**
Options for installing and managing apps on your Surface Hub.
Install apps
Whiteboard to Whiteboard collaboration
Create provisioning packages
**Network your Surface Hub**
Network scenarios for your Surface Hub.
Wireless network management
Using a room control system
Connect other devices with Surface Hub.
+ " +- title: Manage +- items: + - type: markdown + text: " + Learn how to manage Surface Hub updates and maintain the security and integrity of corporate devices.
+ +

**Manage the device**
Monitoring for Surface Hub is performed through Microsoft Operations Management Suite (OMS).
Monitor your Surface Hub
Accessibility and Surface Hub
**Manage account**
Learn about options for managing accounts used with Surface Hub.
Change the Surface Hub device account
Admin account management
**Stay secure and up to date**
Learn how Surface Hub stays current.
Manage Windows updates
Surface Hub update history
Save your BitLocker key
**Training for your employees**
Find resources to help employees be productive with Surface Hub.
Surface Hub User Guide (PDF, 1.69 MB)
How-to videos
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Surface IT Pro Blog**
Get insight into new Surface products plus tips and tricks for IT professionals.
Learn more
**Surface on Microsoft Mechanics**
View technical demos and walkthroughs of Surface devices, features, and functionality.
Get started
**Follow us on Twitter**
Keep up with the latest news and see the latest product demonstrations.
Visit Twitter
+ " diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md index dce83705cc..b1a34e4f19 100644 --- a/devices/surface/battery-limit.md +++ b/devices/surface/battery-limit.md @@ -19,7 +19,7 @@ Battery Limit option is a UEFI setting that changes how the Surface device batte Setting the device on Battery Limit changes the protocol for charging the device battery. When Battery Limit is enabled, the battery charge will be limited to 50% of its maximum capacity. The charge level reported in Windows will reflect this limit. Therefore, it will show that the battery is charged up to 50% and will not charge beyond this limit. If you enable Battery Limit while the device is above 50% charge, the Battery icon will show that the device is plugged in but discharging until the device reaches 50% of its maximum charge capacity. -Adding the Battery Limit option to Surface UEFI will require a [Surface UEFI firmware update](update.md), which will be made available through Windows Update or via the MSI driver and firmware packages on the Microsoft Download Center. Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each device and supported devices. Currently, Battery Limit is only supported on Surface Pro 4 and Surface Pro 3. However, the setting will be available in the future on other Surface device models. +Adding the Battery Limit option to Surface UEFI requires a [Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the Microsoft Download Center. Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device. Currently, Battery Limit is supported on a subset of Surface devices and will be available in the future on other Surface device models. ## Enabling Battery Limit in Surface UEFI (Surface Pro 4 and later) diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md index 1d736b1ece..7f519a64e2 100644 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md @@ -18,7 +18,7 @@ ms.topic: article This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device. -As easy as it is to keep Surface device drivers and firmware up to date automatically with Windows Update, it is sometimes necessary to download and install updates manually, such as during a Windows deployment. For any situation where you need to install drivers and firmware separately from Windows Update, you can find the files available for download at the Microsoft Download Center. +Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. If you need to install drivers and firmware separately from Windows Update, you can find the requisite files on the Microsoft Download Center. On the Microsoft Download Center page for your device, you will find several files available. These files allow you to deploy drivers and firmware in various ways. You can read more about the different deployment methods for Surface drivers and firmware in [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md). @@ -27,31 +27,29 @@ Driver and firmware updates for Surface devices are **cumulative updates** which Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices and are detailed here in this article. >[!NOTE] ->To simplify the process of locating drivers for your device, downloads for Surface devices have been reorganized to separate pages for each model. Bookmark the Microsoft Download Center page for your device from the links provided on this page. Many of the filenames contain a placeholder denoted with *xxxxxx*, which identifies the current version number or date of the file. -  - -Recent additions to the downloads for Surface devices provide you with options to install Windows 10 on your Surface devices and update LTE devices with the latest Windows 10 drivers and firmware. - - - ->[!NOTE] ->A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information. +>Many of the filenames contain a placeholder denoted with *xxxxxx*, representing the latest version number listed in the Microsoft Download Center. A battery charge of 40 percent or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information. ## Surface Laptop 2 Download the following updates for [Surface Laptop 2 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57515). -* SurfaceLaptop2_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10 +* SurfaceLaptop2_Win10_xxxxx_xxxxxxx_x.msi – Cumulative firmware and driver update package for Windows 10 ## Surface Pro 6 Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57514). -* SurfacePro6_Win10_XXXXX_XXXXXXX_X.msi – Cumulative firmware and driver update package for Windows 10 +* SurfacePro6_Win10_xxxxx_xxxxxxx_x.msi – Cumulative firmware and driver update package for Windows 10 -## Surface GO +## Surface Go -Download the following updates for [Surface GO from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57439). -* SurfaceGO_Win10_17134_1802010_6.msi - Cumulative firmware and driver update package for Windows 10 +Download the following updates for [Surface Go from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57439). +* SurfaceGO_Win10_xxxxx_xxxxxxx_x.msi - Cumulative firmware and driver update package for Windows 10 + +## Surface Go with LTE Advanced + +Download the following updates for [Surface Go with LTE Advanced from the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=57601). + +* SurfaceGo_Win10_xxxxx_xxxxxxx_LTE_1.msi - Cumulative firmware and driver update package for Windows 10 including optional WinTab drivers. ## Surface Book 2 @@ -79,7 +77,7 @@ Download the following updates for [Surface Pro with LTE Advanced from the Micro Download the following updates for [Surface Pro 6 from the Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57514). -* SurfacePro6_Win10_17134_xxxxx_xxxxxx.msi +* SurfacePro6_Win10_xxxxx_xxxxxxx_x.msi ## Surface Studio diff --git a/devices/surface/images/discovertools.png b/devices/surface/images/discovertools.png new file mode 100644 index 0000000000..2568398824 Binary files /dev/null and b/devices/surface/images/discovertools.png differ diff --git a/devices/surface/images/managefirmware.png b/devices/surface/images/managefirmware.png new file mode 100644 index 0000000000..392bcc601c Binary files /dev/null and b/devices/surface/images/managefirmware.png differ diff --git a/devices/surface/images/managesettings.png b/devices/surface/images/managesettings.png new file mode 100644 index 0000000000..0f0567f97c Binary files /dev/null and b/devices/surface/images/managesettings.png differ diff --git a/devices/surface/images/mdt.png b/devices/surface/images/mdt.png new file mode 100644 index 0000000000..e185c8c501 Binary files /dev/null and b/devices/surface/images/mdt.png differ diff --git a/devices/surface/images/preparewindowsdeployment.png b/devices/surface/images/preparewindowsdeployment.png new file mode 100644 index 0000000000..d7c04abc9e Binary files /dev/null and b/devices/surface/images/preparewindowsdeployment.png differ diff --git a/devices/surface/images/sccm.png b/devices/surface/images/sccm.png new file mode 100644 index 0000000000..754f2ef89f Binary files /dev/null and b/devices/surface/images/sccm.png differ diff --git a/devices/surface/images/sda.png b/devices/surface/images/sda.png new file mode 100644 index 0000000000..b9433dcd4a Binary files /dev/null and b/devices/surface/images/sda.png differ diff --git a/devices/surface/images/surfaceblog.png b/devices/surface/images/surfaceblog.png new file mode 100644 index 0000000000..d5bef3dc3d Binary files /dev/null and b/devices/surface/images/surfaceblog.png differ diff --git a/devices/surface/images/surfacebook.png b/devices/surface/images/surfacebook.png new file mode 100644 index 0000000000..d27cf05820 Binary files /dev/null and b/devices/surface/images/surfacebook.png differ diff --git a/devices/surface/images/surfacemechanics.png b/devices/surface/images/surfacemechanics.png new file mode 100644 index 0000000000..3d42daaed2 Binary files /dev/null and b/devices/surface/images/surfacemechanics.png differ diff --git a/devices/surface/images/surfacepro.png b/devices/surface/images/surfacepro.png new file mode 100644 index 0000000000..c036b2ad3a Binary files /dev/null and b/devices/surface/images/surfacepro.png differ diff --git a/devices/surface/images/surfacestudio.png b/devices/surface/images/surfacestudio.png new file mode 100644 index 0000000000..c41bbbf0f7 Binary files /dev/null and b/devices/surface/images/surfacestudio.png differ diff --git a/devices/surface/images/twitter.png b/devices/surface/images/twitter.png new file mode 100644 index 0000000000..c61827284e Binary files /dev/null and b/devices/surface/images/twitter.png differ diff --git a/devices/surface/images/windows10.png b/devices/surface/images/windows10.png new file mode 100644 index 0000000000..e48690853c Binary files /dev/null and b/devices/surface/images/windows10.png differ diff --git a/devices/surface/images/windows10upgradepath.png b/devices/surface/images/windows10upgradepath.png new file mode 100644 index 0000000000..c008e446ea Binary files /dev/null and b/devices/surface/images/windows10upgradepath.png differ diff --git a/devices/surface/surface.yml b/devices/surface/surface.yml new file mode 100644 index 0000000000..8287763c1e --- /dev/null +++ b/devices/surface/surface.yml @@ -0,0 +1,61 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Surface devices +metadata: + document_id: + title: Surface devices + description: Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. + keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Evaluate the Surface device portfolio, review the tools and technologies for management of your Surface devices, and learn about Surface technologies and devices with engineering walkthroughs.
+ +

**Surface Pro**
Light enough to take anywhere. Powerful enough to use as a full desktop workstation.
See spec
**Surface Book**
Built for extreme performance. Lightning fast access to apps. Up to 16 hours of battery life.
See spec
**Surface Studio**
Professional-grade power and performance. Use it upright or draw on it like a drafting table.
See spec
+ " +- title: Plan +- items: + - type: markdown + text: " + Explore essential concepts for the deployment of Windows 10 to Surface devices.
+ +

**Try Windows 10 Enterprise free for 90 days**
Try the latest features. Test your apps, hardware, and deployment strategies.
Get started
**Windows 10 upgrade paths**
Upgrade to Windows 10 from a previous version, or from one edition to another.
Explore paths
**Prepare for Windows 10 deployment**
Get familiar with current deployment options and best practices.
Review options
+ " +- title: Deploy +- items: + - type: markdown + text: " + Download deployment tools and get step-by-step guidance on how to upgrade a Surface device or deploy a new image.
+ +

**Microsoft Deployment Toolkit (MDT)**
Automate Windows 10 deployment, and more easily manage security and configurations.
Download the toolkit
**System Center Configuration Manager**
Use in tandem with MDT to deploy Windows 10 and manage PCs and devices moving forward.
Download an eval
**Surface Deployment Accelerator**
Automate the creation and configuration of Windows images for Surface devices.
Download the accelerator
+ " +- title: Manage +- items: + - type: markdown + text: " + Learn how to more easily manage and secure Surface devices in your organization.
+ +

**Manage Surface firmware and driver updates**
Download the latest firmware and drivers for Surface devices.
Manage Surface Dock Updater.
Surface update history
**Discover Surface tools for IT**
Surface Diagnostic Toolkit
Surface Data Eraser
Surface Enterprise Management Mode
Surface Pro 3 Asset Tag CLI Utility
**Manage settings and devices**
Manage Windows corporate devices
Manage Surface UEFI Settings
Bitlocker PIN on Surface Pro 3 and other tablets
Enroll and configure Surface devices with SEMM
+ " +- title: Stay informed +- items: + - type: markdown + text: " + +

**Surface IT Pro Blog**
Get insight into new Surface products plus tips and tricks for IT professionals.
Learn more
**Surface on Microsoft Mechanics**
View technical demos and walkthroughs of Surface devices, features, and functionality.
Get started
**Follow us on Twitter**
Keep up with the latest news and see the latest product demonstrations.
Visit Twitter
+ " diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md index c584cc40bb..907ab49ce6 100644 --- a/devices/surface/wake-on-lan-for-surface-devices.md +++ b/devices/surface/wake-on-lan-for-surface-devices.md @@ -23,17 +23,22 @@ Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anni The following devices are supported for WOL: -* Surface Book 2 -* Surface Pro with LTE Advanced (Model 1807) -* Surface Pro (Model 1796) -* Surface Laptop -* Surface Book -* Surface Pro 4 -* Surface 3 -* Surface Pro 3 * Surface Ethernet adapter +* Surface USB-C to Ethernet and USB Adapter * Surface Dock * Surface Docking Station for Surface Pro 3 +* Surface 3 +* Surface Pro 3 +* Surface Pro 4 +* Surface Pro (5th Gen) +* Surface Pro (5th Gen) with LTE Advanced +* Surface Book +* Surface Laptop (1st Gen) +* Surface Pro 6 +* Surface Book 2 +* Surface Laptop 2 +* Surface Go +* Surface Go with LTE Advanced ## WOL driver diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md index ecfbf5b1fc..98cc4a6b9c 100644 --- a/education/windows/set-up-school-pcs-azure-ad-join.md +++ b/education/windows/set-up-school-pcs-azure-ad-join.md @@ -1,5 +1,5 @@ --- -title: Azure AD Join with Setup School PCs app +title: Azure AD Join with Set up School PCs app description: Describes how Azure AD Join is configured in the Set up School PCs app. keywords: shared cart, shared PC, school, set up school pcs ms.prod: w10 diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md index 3cb0a94237..a3969a0d7f 100644 --- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md +++ b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md @@ -34,7 +34,13 @@ You must configure the package converter to always save the package ingredients 1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md). -2. +2. Import the required Powershell Module + +```powershell +Import-Module AppVPkgConverter +``` + +3. The following cmdlets are available: diff --git a/store-for-business/TOC.md b/store-for-business/TOC.md index d383fa3117..e42cdb492c 100644 --- a/store-for-business/TOC.md +++ b/store-for-business/TOC.md @@ -8,16 +8,16 @@ ### [Settings reference: Microsoft Store for Business and Education](settings-reference-microsoft-store-for-business.md) ## [Find and acquire apps](find-and-acquire-apps-overview.md) ### [Apps in the Microsoft Store for Business and Education](apps-in-microsoft-store-for-business.md) -### [Acquire apps in the Microsoft Store for Business and Education](acquire-apps-microsoft-store-for-business.md) +### [Acquire apps](acquire-apps-microsoft-store-for-business.md) ### [Working with line-of-business apps](working-with-line-of-business-apps.md) -## [Distribute apps to your employees from the Microsoft Store for Business and Education](distribute-apps-to-your-employees-microsoft-store-for-business.md) +## [Distribute apps](distribute-apps-to-your-employees-microsoft-store-for-business.md) ### [Distribute apps using your private store](distribute-apps-from-your-private-store.md) ### [Assign apps to employees](assign-apps-to-employees.md) ### [Distribute apps with a management tool](distribute-apps-with-management-tool.md) ### [Distribute offline apps](distribute-offline-apps.md) ## [Manage products and services](manage-apps-microsoft-store-for-business-overview.md) -### [App inventory managemement for Microsoft Store for Business and Education](app-inventory-management-microsoft-store-for-business.md) -### [Manage app orders in Microsoft Store for Business and Education](manage-orders-microsoft-store-for-business.md) +### [App inventory managemement](app-inventory-management-microsoft-store-for-business.md) +### [Manage orders](manage-orders-microsoft-store-for-business.md) ### [Manage access to private store](manage-access-to-private-store.md) ### [Manage private store settings](manage-private-store-settings.md) ### [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md) @@ -25,13 +25,17 @@ ### [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) ### [Manage software purchased with Microsoft Products and Services agreement in Microsoft Store for Business](manage-mpsa-software-microsoft-store-for-business.md) ### [Working with solution providers in Microsoft Store for Business](work-with-partner-microsoft-store-business.md) +## [Billing and payments](billing-payments-overview.md) +### [Understand your invoice](billing-understand-your-invoice-msfb.md) +### [Payment methods](payment-methods.md) +### [Understand billing profiles](billing-profile.md) +## [Manage settings in the Microsoft Store for Business and Education](manage-settings-microsoft-store-for-business.md) +### [Update account settings](update-microsoft-store-for-business-account-settings.md) +### [Manage user accounts ](manage-users-and-groups-microsoft-store-for-business.md) ## [Device Guard signing portal](device-guard-signing-portal.md) ### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md) ### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md) -## [Manage settings in the Microsoft Store for Business and Education](manage-settings-microsoft-store-for-business.md) -### [Update Microsoft Store for Business and Microsoft Store for Education account settings](update-microsoft-store-for-business-account-settings.md) -### [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md) -## [Troubleshoot Microsoft Store for Business](troubleshoot-microsoft-store-for-business.md) -## [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) -## [Change history for Microsoft Store for Business and Education](sfb-change-history.md) +## [Troubleshoot](troubleshoot-microsoft-store-for-business.md) +## [Notifications](notifications-microsoft-store-business.md) +## [Change history](sfb-change-history.md) diff --git a/store-for-business/billing-payments-overview.md b/store-for-business/billing-payments-overview.md new file mode 100644 index 0000000000..e3c23bf86e --- /dev/null +++ b/store-for-business/billing-payments-overview.md @@ -0,0 +1,26 @@ +--- +title: Billing and payments overview +description: Find topics about billing and payment support in Microsoft Store for Business. +keywords: billing, payment methods, invoices, credit card, debit card +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: store +author: TrudyHa +ms.author: TrudyHa +ms.topic: conceptual +ms.localizationpriority: medium +ms.date: 03/01/2019 +--- + +# Billing and payments + +Access invoices and managed your payment methods. + +## In this section + +| Topic | Description | +| ----- | ----------- | +| [Understand your invoice](billing-understand-your-invoice-msfb.md) | Information about invoices provided by Microsoft Store for Business. | +| [Understand billing profiles](billing-profile.md) | Information about billing profiles and how they relate to invoices. | +| [Payment methods](payment-methods.md) | Information about managing payment methods. | \ No newline at end of file diff --git a/store-for-business/billing-profile.md b/store-for-business/billing-profile.md new file mode 100644 index 0000000000..56a0be9b64 --- /dev/null +++ b/store-for-business/billing-profile.md @@ -0,0 +1,43 @@ +--- +title: Understand billing profiles +description: Learn how billing profiles support invoices +keywords: billing profile, invoices, charges, managed charges +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: store +author: trudyha +ms.author: TrudyHa +ms.topic: conceptual +ms.localizationpriority: medium +ms.date: 03/01/2019 +--- + +# Understand billing profiles +For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customeize what products are included on your invoice, and how you pay your invoices. + +Billing profiles include: +- **Payment methods** – Credit cards or check/wire transfer +- **Contact info** - Billing address and a contact name +- **Permissions** – Permissions that allow you to change the billing profile, pay bills, or use the payment method on the billing profile to make purchases + +Use billing profiles to control your purchases and customize your invoice. A monthly invoice is generated for the products bought using the billing profile. You can customize the invoice such as update the purchase order number and email invoice preference. + +A billing profile is automatically created for your billing account during your first purchase. You can create new billing profiles to set up additional invoices when you make a purchase. For example, you use different billing profiles when you make purchases for each department in your organization. On your next billing date, you'll receive an invoice for each billing profile. + +Roles on the billing profiles have permissions to control purchases, and view and manage invoices. Assign these roles to users who track, organize, and pay invoices like members of the procurement team in your organization. + +## View billing profile +**To view billing profiles** +1. Sign in to [Microsoft Store for Business]( https://businessstore.microsoft.com/), or M365 admin center. +2. Select **Manage**, and then select **Billing and payments**. +3. Select **Billing profiles**, and then select a billing profile from the list to see details. + - On **Overview**, you can edit billing profile details, and turn on or off sending an invoice by email. + - On **Permissions**, you can assign roles to users to pay invoices. + - On **Azure credit balance**, Azure customers can see transaction balance history for the azure credits used by that billing profile. + - On **Azure credits**, Azure customers can see a list of Azure credits associated with that billing profile, and their expiration dates. + +## Need help? Contact us. +If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest). + +If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com). diff --git a/store-for-business/billing-understand-your-invoice-msfb.md b/store-for-business/billing-understand-your-invoice-msfb.md new file mode 100644 index 0000000000..baa42e23a6 --- /dev/null +++ b/store-for-business/billing-understand-your-invoice-msfb.md @@ -0,0 +1,118 @@ +--- +title: Understand your Microsoft Customer Agreement invoice +description: Learn how to read and understand your MCA bill +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: store +author: trudyha +ms.author: TrudyHa +ms.topic: conceptual +ms.localizationpriority: medium +ms.date: 03/01/2019 +--- + +# Understand your Microsoft Customer Agreement invoice + +The invoice provides a summary of your charges and provides instructions for payment. It’s available for +download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements). + +## General invoice information +Invoices are your bill from Microsoft. A few things to note: + +- **Invoice schedule** - You’re invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**. +- **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md) +- **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace. +- **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill. +- **International customers** - Charges on invoices for international customers are converted to their local currencies. Exchange rate information is listed at the bottom of the invoice. + +## Online invoice +For Store for Business customers, invoices are also available online. A few things to note: +- **Link to online invoice** - Available from your PDF invoice, and from an email notification. +- **Invoice details** - Expandable view of the charges on your invoice, so you can see more details for each item. +- **Pricing details** - Additional information including discounting and pricing details. +- **Pay online** - Option to make a payment online from the invoice. +- **Azure cost management** - For Azure customers, online invoices include a link to Azure cost management. + +**To view your online invoice** +1. Sign in to [Microsoft Store for Business]( https://businessstore.microsoft.com/). +2. Select **Manage**, and then select **Billing and payments**. +3. Select an invoice from the list to view your online invoice. + +## Detailed terms and descriptions of your invoice +The following sections list the important terms that you see on your +invoice and descriptions for each term. + +### Understand the invoice summary + +The **Invoice Summary** is on the top of the first page and shows information about your billing profile and how you pay. + +![Invoice summary section](images/invoicesummary.png) + + +| Term | Description | +| --- | --- | +| Sold to |Address of your legal entity, found in billing account properties| +| Bill to |Billing address of the billing profile receiving the invoice, found in billing profile properties| +| Billing Profile |The name of the billing profile receiving the invoice | +| P.O. number |An optional purchase order number, assigned by you for tracking | +| Invoice number |A unique, Microsoft-generated invoice number used for tracking purposes | +| Invoice date |Date that the invoice is generated, typically five to 12 days after end of the Billing cycle. You can check your invoice date in billing profile properties.| +| Payment terms |How you pay for your Microsoft bill. *Net 30 days* means you pay by check or wire transfer within 30 days of the invoice date. | + +### Understand the billing summary +The **Billing Summary** shows the charges against the billing profile since the previous billing period, any credits that were applied, tax, and the total amount due. + + +![Billing summary section](images/billingsummary.png) + +| Term | Description | +| --- | --- | +| Charges|Total number of Microsoft charges for this billing profile since the last billing period | +| Credits |Credits you received from returns | +| Azure credits applied |Your Azure credits that are automatically applied to Azure charges each billing period | +| Subtotal |The pre-tax amount due | +| Tax |The type and amount of tax that you pay, depending on the country of your billing profile. If you don't have to pay tax, then you won't see tax on your invoice. | +| Estimated total savings |The estimated total amount you saved from effective discounts. If applicable, effective discount rates are listed beneath the purchase line items in Details by Invoice Section. | + +### Understand your charges +You'll see the charges, tax, and the total amount due. Azure customers will also see the amount of Azure credits applied. + +`Total = Charges - Azure Credit + Tax` + +The details show the cost broken down by product order name. For Azure customers, this might be organized by invoice section. For more information about how invoice sections are used with Azure products, see [Understand invoice sections](https://docs.microsoft.com/azure/billing/billing-mca-overview#understand-invoice-sections). +Within each product order, cost is broken down by service family. + +The total amount due for each service family is calculated by subtracting Azure credits from credits/charges and adding tax: + +`Total = Charges/Credits - Azure Credit + Tax` + +![Details by invoice section](images/invoicesectiondetails.png) + +| Term |Description | +| --- | --- | +| Unit price | The effective unit price of the service (in pricing currency) that is used to the rate the usage. This is unique for a product, service family, meter, and offer. | +| Qty | Quantity purchased or consumed during the billing period | +| Charges/Credits | Net amount of charges after credits/refunds are applied | +| Azure Credit | The amount of Azure credits applied to the Charges/Credits| +| Tax rate | Tax rate(s) depending on country | +| Tax amount | Amount of tax applied to purchase based on tax rate | +| Total | The total amount due for the purchase | + +### How to pay +At the bottom of the invoice, there are instructions for paying your bill. You can pay by check, wire, or online. If you pay online, you can use a credit/debit card or Azure credits, if applicable. + +### Publisher information +If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice. + +### Exchange rate +If prices were converted to your local currency, the exchange rates are listed in this section at the bottom of the invoice. All Azure charges are priced in USD and third-party services are priced in the seller's currency. + +## Next steps +If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](https://docs.microsoft.com/en-us/azure/billing/billing-understand-your-invoice-mca). + +## Need help? Contact us. + +If you have questions or need help with your Azure charges, [create a support request with Azure support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/newsupportrequest). + +If you have questions or need help with your invoice in Microsoft Store for Business, [create a support request with Store for Business support](https://businessstore.microsoft.com/manage/support/summary). diff --git a/store-for-business/images/billing-acct-roles.png b/store-for-business/images/billing-acct-roles.png new file mode 100644 index 0000000000..6977bef250 Binary files /dev/null and b/store-for-business/images/billing-acct-roles.png differ diff --git a/store-for-business/images/billingsummary.png b/store-for-business/images/billingsummary.png new file mode 100644 index 0000000000..9f45179ead Binary files /dev/null and b/store-for-business/images/billingsummary.png differ diff --git a/store-for-business/images/invoicesectiondetails.png b/store-for-business/images/invoicesectiondetails.png new file mode 100644 index 0000000000..cdaac8423e Binary files /dev/null and b/store-for-business/images/invoicesectiondetails.png differ diff --git a/store-for-business/images/invoicesummary.png b/store-for-business/images/invoicesummary.png new file mode 100644 index 0000000000..c17e7f0713 Binary files /dev/null and b/store-for-business/images/invoicesummary.png differ diff --git a/store-for-business/images/purchasing-roles.png b/store-for-business/images/purchasing-roles.png new file mode 100644 index 0000000000..e45d9294f5 Binary files /dev/null and b/store-for-business/images/purchasing-roles.png differ diff --git a/store-for-business/manage-settings-microsoft-store-for-business.md b/store-for-business/manage-settings-microsoft-store-for-business.md index 995d597ff5..77cce4033a 100644 --- a/store-for-business/manage-settings-microsoft-store-for-business.md +++ b/store-for-business/manage-settings-microsoft-store-for-business.md @@ -10,7 +10,7 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 10/17/2017 +ms.date: 2/19/2018 --- # Manage settings for Microsoft Store for Business and Education @@ -28,5 +28,6 @@ You can add users and groups, as well as update some of the settings associated | ----- | ----------- | | [Update Microsoft Store for Business and Education account settings](update-microsoft-store-for-business-account-settings.md) | **Billing - Account profile** in Microsoft Store for Business shows information about your organization that you can update. Payment options can be managed on **Billing - Payment methods**, and offline license settings can be managed on **Settings - Shop**. | | [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md) | Microsoft Store for Business manages permissions with a set of roles. You can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md) and to groups.| +| [Understand your invoice](billing-understand-your-invoice-msfb.md) | Information on invoices for products and services bought under the Microsoft Customer Agreement.| diff --git a/store-for-business/payment-methods.md b/store-for-business/payment-methods.md new file mode 100644 index 0000000000..e67c02d7b6 --- /dev/null +++ b/store-for-business/payment-methods.md @@ -0,0 +1,51 @@ +--- +title: Payment methods for commercial customers +description: Learn what payment methods are available in Store for Business and M365 admin center +keywords: payment method, credit card, debit card, add credit card, update payment method +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: store +author: trudyha +ms.author: TrudyHa +ms.topic: conceptual +ms.localizationpriority: medium +ms.date: 03/01/2019 +--- + +# Payment methods +You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards: +- VISA +- MasterCard +- Discover +- American Express +- Japan Commercial Bureau (JCB) + +> [!NOTE] +> Not all cards available in all countries. When you add a payment option, Microsoft Store for Business shows which cards are available in your region. + +## Add a payment method +**To add a new payment option** + +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +2. Select **Manage**, select **Billing & payments**, and then select **Payments methods**. +3. Select **Add a payment options**, and then select the type of credit card that you want to add. +4. Add information to required fields, and then select **Add**. + +Once you select **Add**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any issues. + +> [!NOTE] +> When adding credit or debit cards, you may be prompted to enter a CVV. The CVV is only used for verification purposes and is not stored in our systems after validation. + +## Edit payment method +**To update a payment option** + +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, click **Billing & payments**, and then click **Payments methods**. +3. Select the payment option that you want to update, select the ellipses, and then choose **Edit payment method**. +4. Enter any updated information in the appropriate fields, and then se;ect**Save**. + +Once you click **Update**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. + +> [!NOTE] +> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance. \ No newline at end of file diff --git a/store-for-business/roles-and-permissions-microsoft-store-for-business.md b/store-for-business/roles-and-permissions-microsoft-store-for-business.md index 22e03ceda8..2b6e890314 100644 --- a/store-for-business/roles-and-permissions-microsoft-store-for-business.md +++ b/store-for-business/roles-and-permissions-microsoft-store-for-business.md @@ -1,6 +1,7 @@ --- title: Roles and permissions in Microsoft Store for Business and Education (Windows 10) description: The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. +keywords: roles, permissions ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE ms.prod: w10 ms.mktglfcycl: manage @@ -10,17 +11,10 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 8/7/2018 +ms.date: 03/01/2019 --- # Roles and permissions in Microsoft Store for Business and Education - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - The first person to sign in to Microsoft Store for Business or Microsoft Store for Education must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees. Microsoft Store for Business and Education has a set of roles that help admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access the Store. Global Administrators and global user accounts that are used with other Microsoft services, such as Azure, or Office 365 can sign in to Microsoft Store. Global user accounts have some permissions in Microsoft Store, and Microsoft Store has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. @@ -33,69 +27,60 @@ This table lists the global user accounts and the permissions they have in Micro | ------------------------------ | --------------------- | --------------------- | | Sign up for Microsoft Store for Business and Education | X | | Modify company profile settings | X | | -| Acquire apps | X | X | +| Purchase apps | X | X | | Distribute apps | X | X | | Purchase subscription-based software | X | X |   -- **Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store. +**Global Administrator** - IT Pros with this account have full access to Microsoft Store. They can do everything allowed in the Microsoft Store Admin role, plus they can sign up for Microsoft Store. -- **Billing Administrator** - IT Pros with this account have the same permissions as Microsoft Store Purchaser role. +**Billing Administrator** - IT Pros with this account have the same permissions as Microsoft Store Purchaser role. -## Microsoft Store roles and permissions - -Microsoft Store for Business has a set of roles that help IT admins and employees manage access to apps and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store. +## Billing account roles and permissions +There are a set of roles, managed at your billing account level, that help IT admins and employees manage access to and tasks for Microsoft Store. Employees with these roles will need to use their Azure AD account to access Microsoft Store for Business. This table lists the roles and their permissions. -| | Admin | Purchaser | Device Guard signer | -| ------------------------------ | ------ | -------- | ------------------- | -| Assign roles | X | | | -| Manage Microsoft Store for Business and Education settings | X | | | -| Acquire apps | X | X | | -| Distribute apps | X | X | | -| Sign policies and catalogs | X | | | -| Sign Device Guard changes | X | | X | - +| Role | Buy from

Microsoft Store | Assign

roles | Edit

account | Sign

agreements | View

account | +| ------------------------| ------ | -------- | ------ | -------| -------- | +| Billing account owner | X | X | X | X | X | +| Billing account contributor | | | X | X | X | +| Billing account reader | | | | | X | +| Signatory | | | | X | X | + +## Purchasing roles and permissions +There are also a set of roles for purchasing and managing items bought. +This table lists the roles and their permissions. + +| Role | Buy from

Microsoft Store | Manage all items | Manage items

I buy | +| ------------| ------ | -------- | ------ | +| Purchaser | X | X | | +| Basic purchaser | X | | X | + +## Assign roles **To assign roles to people** -1. Sign in to Microsoft Store for Business or Microsoft Store for Education. +1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com). >[!Note] - >You need to be a Global Administrator, or have the Microsoft Store Admin role to access the **Permissions** page.  + >You need to be a Global Administrator, or have the Billing account owner role to access **Permissions**.  - To assign roles, you need to be a Global Administrator or a Store Administrator. - -2. Click **Settings**, and then choose **Permissions**. - - OR - - Click **Manage**, and then click **Permissions** on the left-hand menu. - - - -3. Click **Add people**, type a name, choose the role you want to assign, and click **Save** . - - - -4. If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-microsoft-store-for-business.md). - +2. Select **Manage**, and then select **Permissions**. +3. On **Roles**, or **Purchasing roles**, select **Assing roles**. +4. Enter a name, choose the role you want to assign, and select **Save**. + If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts](manage-users-and-groups-microsoft-store-for-business.md). \ No newline at end of file diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md index 04db2ea942..fa03ac4ff7 100644 --- a/store-for-business/settings-reference-microsoft-store-for-business.md +++ b/store-for-business/settings-reference-microsoft-store-for-business.md @@ -10,23 +10,17 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 11/01/2017 +ms.date: 03/01/2019 --- # Settings reference: Microsoft Store for Business and Education - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - The Microsoft Store for Business and Education has a group of settings that admins use to manage the store. | Setting | Description | Location under **Manage** | | ------- | ----------- | ------------------------------ | -| Account information | Manage organization information. For more information, see [Manage settings for the Microsoft Store for Business and Education](update-microsoft-store-for-business-account-settings.md).| **Billing - Account profile** | -| Payment options | Manage payment options. For more information, see [Manage settings for the Microsoft Store for Business and Education](update-microsoft-store-for-business-account-settings.md#payment-options).| **Billing - Payment methods** | +| Billing account information | Manage organization information. For more information, see [Manage settings for the Microsoft Store for Business and Education](update-microsoft-store-for-business-account-settings.md).| **Billing accounts** | +| Payment options | Manage payment options. For more information, see [Manage settings for the Microsoft Store for Business and Education](payment-methods.md).| **Billing & payments - Payment methods** | | Private store | Update the name for your private store. The new name will be displayed on a tab in the Store. For more information, see [Manage private store settings](manage-private-store-settings.md). | **Settings - Distribute** | | Offline licensing | Configure whether or not to make offline-licensed apps available in the Microsoft Store for Business and Education. For more information, see [Distribute offline apps](distribute-offline-apps.md). | **Settings - Shop** | | Allow users to shop | Configure whether or not people in your organization or school can see and use the shop function in Store for Business or Store for Education. For more information, see [Allow users to shop](acquire-apps-microsoft-store-for-business.md#allow-users-to-shop). | **Settings - Shop** | @@ -34,5 +28,5 @@ The Microsoft Store for Business and Education has a group of settings that admi | App request | Configure whether or not people in your organization can request apps for admins to purchase. For more information, see [Distribute offline apps](acquire-apps-microsoft-store-for-business.md). | **Settings - Distribute** | | Management tools | Management tools that are synced with Azure AD are listed on this page. You can choose one to use for managing app updates and distribution. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md). | **Settings - Distribute** | | Device Guard signing | Use the Device Guard signing portal to add unsigned apps to a code integrity policy, or to sign code integrity policies. For more information, see [Device Guard signing portal](device-guard-signing-portal.md). | **Settings - Devices** | -| Permissions | Manage permissions for your employees. For more information, see [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md). | **Permissions - Roles** and **Permissions - Blocked basic purchasers** | +| Permissions | Manage permissions for your employees. For more information, see [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md). | **Permissions - Roles**, **Permissions - Purchasing roles**, and **Permissions - Blocked basic purchasers** | | Line-of-business (LOB) publishers | Invite devs to become LOB publishers for your organization. Existing LOB publishers are listed on the page, and you can deactivate or invite them again. For more information, see [Work with line-of-business apps](working-with-line-of-business-apps.md). | **Permissions - Line-of-business apps** | diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md index 3ac104dedf..46dd73d807 100644 --- a/store-for-business/update-microsoft-store-for-business-account-settings.md +++ b/store-for-business/update-microsoft-store-for-business-account-settings.md @@ -1,6 +1,7 @@ --- -title: Update Microsoft Store for Business and Microsoft Store for Education account settings (Windows 10) -description: The Account information page in Microsoft Store for Business and Microsoft Store for Education shows information about your organization that you can update, including country or region, organization name, default domain, and language preference. +title: Update Microsoft Store for Business and Microsoft Store for Education billing account settings (Windows 10) +description: The billing account page in Microsoft Store for Business and Microsoft Store for Education shows information about your organization that you can update, including country or region, organization contact info, agreements with Microsoft and admin approvals. +keywords: billing accounts, organization info ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -9,17 +10,16 @@ author: TrudyHa ms.author: TrudyHa ms.topic: conceptual ms.localizationpriority: medium -ms.date: 10/17/2017 +ms.date: 03/01/2019 --- # Update Microsoft Store for Business and Microsoft Store for Education account settings +A billing account contains defining information about your organization. -**Applies to** +>[!NOTE] +>Billing accounts are available in Microsoft Store for Business, and M365 admin center preview. For more infomation, see [aka.ms/aboutM365preview](https://aka.ms/aboutM365preview). -- Windows 10 -- Windows 10 Mobile - -The **Payments & billing** page in Microsoft Store for Business allows you to manage organization information, billing information, and payment options. The organization information and payment options are required before you can acquire apps that have a price. +The **Billing account** page allows you to manage organization information, purchasing agreements that you have with Microsoft, and admin approvals. The organization information and payment options are required before you can shop for products that have a price. ## Organization information @@ -27,17 +27,19 @@ We need your business address, email contact, and tax-exemption certificates tha ### Business address and email contact -Before purchasing apps that have a fee, you need to add or update your organization's business address, and contact email address. +Before purchasing apps that have a fee, you need to add or update your organization's business address, contact email address, and contact name. We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase. We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store. -**To update Organization information** +**To update billing account information** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) -2. Click **Manage**, click **Billing**, **Account profile**, and then click **Edit**. +2. Select **Manage**, and then select **Billing accounts**. +3. On **Overview**, select **Edit billing account information**. +4. Make your updates, and then select **Save**. -## Organization tax information +### Organization tax information Taxes for Microsoft Store for Business purchases are determined by your business address. Businesses in these countries can provide their VAT number or local equivalent: - Austria - Belgium @@ -72,7 +74,7 @@ Taxes for Microsoft Store for Business purchases are determined by your business - Switzerland - United Kingdom -These countries can provide their VAT number or local equivalent in **Payments & billing**. +These countries can provide their VAT number or local equivalent on their **Billing account** information. |Market| Tax identifier | |------|----------------| @@ -90,7 +92,7 @@ If you qualify for tax-exempt status in your market, start a service request to **To start a service request** 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com). -2. Click **Manage**, click **Support**, and then under **Store settings & configuration** click **Create technical support ticket**. +2. Select **Manage**, click **Support**, and then under **Store settings & configuration** select **Create technical support ticket**. You’ll need this documentation: @@ -101,7 +103,6 @@ You’ll need this documentation: | Ireland | 13B/56A Tax Exemption Certificate| | International organizations that hold tax exaemption | Certification / letter confirmation from local tax authorities | - ### Calculating tax Sales taxes are calculated against the unit price, and then aggregated. @@ -113,41 +114,15 @@ For example:
($1.29 X .095) X 100 = $12.25 -## Payment options -You can purchase apps from Microsoft Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: -1. VISA -2. MasterCard -3. Discover -4. American Express -5. Japan Commercial Bureau (JCB) +## Agreements +Each billing account inculdes access to the purchasing agreements your organization has signed with Microsoft. This could include: +- Microsoft Enterprise Agreement +- Select agreements +- Open agreements +- Microsoft customer agreement -> [!NOTE] -> Not all cards available in all countries. When you add a payment option, Microsoft Store for Business shows which cards are available in your region. - -**To add a new payment option** - -1. Sign in to the [Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, click **Billing**, and then click **Payments methods**. -3. Click **Add a payment options**, and then select the type of credit card that you want to add. -4. Add information to required fields, and then click **Next**. - -Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. - -> [!NOTE] -> When adding credit or debit cards, you may be prompted to enter a CVV. The CVV is only used for verification purposes and is not stored in our systems after validation. - -**To update a payment option** - -1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). -2. Click **Manage**, click **Billing**, and then click **Payments methods**. -3. Select the payment option that you want to update, and then click **Update**. -4. Enter any updated information in the appropriate fields, and then click **Next**. -Once you click **Next**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. - -> [!NOTE] -> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance. - -## Offline licensing +If you there is an updated version of the Microsoft customer agreement for you to sign, you'll be prompted to on **Agreements**, or during a purchase. + \ No newline at end of file diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index dfd6b9d464..9faccd5f60 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -2672,6 +2672,7 @@ The following list shows the configuration service providers supported in Window | Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition | |--------|--------|------------| | [AccountManagement CSP](accountmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | +| [Accounts CSP](accounts-csp) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [AssignedAccess CSP](assignedaccess-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)| diff --git a/windows/client-management/mdm/images/custom-profile-prevent-device-ids.png b/windows/client-management/mdm/images/custom-profile-prevent-device-ids.png index d949232d44..ef6c3f78cb 100644 Binary files a/windows/client-management/mdm/images/custom-profile-prevent-device-ids.png and b/windows/client-management/mdm/images/custom-profile-prevent-device-ids.png differ diff --git a/windows/client-management/mdm/images/custom-profile-prevent-other-devices.png b/windows/client-management/mdm/images/custom-profile-prevent-other-devices.png new file mode 100644 index 0000000000..1c92a17f8c Binary files /dev/null and b/windows/client-management/mdm/images/custom-profile-prevent-other-devices.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 52c8272547..b7d977b310 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -49,6 +49,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [Requirements to note for VPN certificates also used for Kerberos Authentication](#a-href%22%22-id%22kerberos%22arequirements-to-note-for-vpn-certificates-also-used-for-kerberos-authentication) - [Device management agent for the push-button reset is not working](#a-href%22%22-id%22pushbuttonreset%22adevice-management-agent-for-the-push-button-reset-is-not-working) - [Change history in MDM documentation](#change-history-in-mdm-documentation) + - [February 2019](#february-2019) - [January 2019](#january-2019) - [December 2018](#december-2018) - [September 2018](#september-2018) @@ -1778,6 +1779,12 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware ## Change history in MDM documentation +### February 2019 + +|New or updated topic | Description| +|--- | ---| +|[Policy CSP](policy-configuration-service-provider.md)|Updated supported policies for Holographic.| + ### January 2019 |New or updated topic | Description| diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md index c0369b83bb..29344603d2 100644 --- a/windows/client-management/mdm/oma-dm-protocol-support.md +++ b/windows/client-management/mdm/oma-dm-protocol-support.md @@ -13,7 +13,7 @@ ms.date: 06/26/2017 # OMA DM protocol support -The OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. This topic describes the OMA DM functionality that the DM client supports in general. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526). +The OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload. This topic describes the OMA DM functionality that the DM client supports in general. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf). ## In this topic @@ -62,7 +62,7 @@ The following table shows the OMA DM standards that Windows uses.

DM protocol commands

-

The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).

+

The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).

+
  • Windows 10 update servicing cadence - August 1, 2018
    • +
  • Windows 10 quality updates explained and the end of delta updates - July 11, 2018
    • +
  • AI Powers Windows 10 April 2018 Update Rollout - June 14, 2018
    • +
  • Windows Server 2008 SP2 Servicing Changes - June 12, 2018
    • +
  • Windows Update for Business - Enhancements, diagnostics, configuration - June 7, 2018
    • +
  • Windows 10 and the “disappearing” SAC-T - May 31, 2018
    • + [See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog). diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 638a2ff2e1..c4202da9c9 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -103,10 +103,10 @@ If downloads through a proxy server fail with a 0x80d05001 DO_E_HTTP_BLOCKSIZE_M You may choose to apply a rule to permit HTTP RANGE requests for the following URLs: *.download.windowsupdate.com -*.au.windowsupdate.com -*.tlu.dl.delivery.mp.microsoft.com +*.dl.delivery.mp.microsoft.com +*.emdl.ws.microsoft.com -If you cannot permit RANGE requests, you can configure a Group Policy or MDM Policy setting that will bypass Delivery Optimization and use BITS instead. +If you cannot permit RANGE requests, keep in mind that this means you are downloading more content than needed in updates (as delta patching will not work). ## The update is not applicable to your computer diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index af94500571..89b0ca53fe 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -22,7 +22,7 @@ You can use Upgrade Readiness to plan and manage your upgrade project end-to-end Before you begin, consider reviewing the following helpful information:
    - [Upgrade Readiness requirements](upgrade-readiness-requirements.md): Provides detailed requirements to use Upgrade Readiness.
    - - [Upgrade Readiness blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness. + - [Upgrade Readiness blog](https://aka.ms/blog/WindowsAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Readiness. >If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Readiness with Configuration Manager: [Integrate Upgrade Readiness with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics). diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md index fc3d890534..469b80ff01 100644 --- a/windows/deployment/upgrade/windows-10-edition-upgrades.md +++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md @@ -23,7 +23,7 @@ For a list of operating systems that qualify for the Windows 10 Pro Upgrade or W The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. -Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/sccm/compliance/deploy-use/upgrade-windows-version) in System Center Configuratio Manager. +Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/sccm/compliance/deploy-use/upgrade-windows-version) in System Center Configuration Manager. ![not supported](../images/x_blk.png) (X) = not supported
    ![supported, reboot required](../images/check_grn.png) (green checkmark) = supported, reboot required
    diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index 91d6394973..a1a57c4f21 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -42,7 +42,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar Windows 10 Pro Education Windows 10 Education Windows 10 Enterprise - Windows 10 Enterprise LTSC Windows 10 Mobile Windows 10 Mobile Enterprise @@ -264,17 +263,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar - - Enterprise LTSC - - - - - ✔ - ✔ - - - Mobile diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md index 950c8553a1..2838a773e0 100644 --- a/windows/deployment/windows-10-enterprise-e3-overview.md +++ b/windows/deployment/windows-10-enterprise-e3-overview.md @@ -15,7 +15,7 @@ author: greg-lindsay Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following: -- Windows 10 Pro, version 1607 (also known as Windows 10 Anniversary Update) or later installed on the devices to be upgraded +- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded - Azure Active Directory (Azure AD) available for identity management Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro. @@ -249,5 +249,5 @@ The Managed User Experience feature is a set of Windows 10 Enterprise edition f [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md)
    [Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/) -
    [Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare) -
    [Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx) +
    [Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare) +
    [Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx) diff --git a/windows/deployment/windows-autopilot/rip-and-replace.md b/windows/deployment/windows-autopilot/rip-and-replace.md index b75fced878..92c1d57447 100644 --- a/windows/deployment/windows-autopilot/rip-and-replace.md +++ b/windows/deployment/windows-autopilot/rip-and-replace.md @@ -1,19 +1,19 @@ ---- -title: Rip and Replace -description: Listing of Autopilot scenarios -keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: high -ms.sitesec: library -ms.pagetype: deploy -author: coreyp-at-msft -ms.author: coreyp -ms.date: 06/01/2018 ---- - -# Rip and replace - -**Applies to: Windows 10** - +--- +title: Rip and Replace +description: Listing of Autopilot scenarios +keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: high +ms.sitesec: library +ms.pagetype: deploy +author: coreyp-at-msft +ms.author: coreyp +ms.date: 06/01/2018 +--- + +# Rip and replace + +**Applies to: Windows 10** + DO NOT PUBLISH. Just a placeholder for now, coming with 1809. \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md index ff491c2f9d..260b773472 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md @@ -41,11 +41,11 @@ In environments that have more restrictive internet access, or for those that re - NOTE:  If Windows Update is inaccessible, the AutoPilot process will still continue. -- **Delivery Optimization.**  When downloading Windows Updates and Microsoft Store apps and app updates (with additional content types expected in the future), the Delivery Optimization service is contacted to enable peer-to-peer sharing of content, so that all devices don’t need to download it from the internet. +- **Delivery Optimization.**  When downloading Windows Updates, Microsoft Store apps and app updates, Office Updates and Intune Win32 Apps, the Delivery Optimization service is contacted to enable peer-to-peer sharing of content so that only a few devices need to download it from the internet. - - - NOTE: If Delivery Optimization is inaccessible, the AutoPilot process will still continue. + - NOTE: If Delivery Optimization Service is inaccessible, the AutoPilot process will still continue with Delivery Optimization downloads from the cloud (without peer-to-peer). - **Network Time Protocol (NTP) Sync.**  When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. @@ -79,4 +79,4 @@ In environments that have more restrictive internet access, or for those that re - (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above) -- **Certificate revocation lists (CRLs).**  Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented in the Office documentation at and . \ No newline at end of file +- **Certificate revocation lists (CRLs).**  Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented in the Office documentation at and . diff --git a/windows/hub/breadcrumb/toc.yml b/windows/hub/breadcrumb/toc.yml index dd69dd086f..4539d3b751 100644 --- a/windows/hub/breadcrumb/toc.yml +++ b/windows/hub/breadcrumb/toc.yml @@ -25,6 +25,9 @@ - name: Mobile Device Management tocHref: /windows/client-management/mdm/ topicHref: /windows/client-management/mdm/index + - name: Known issues + tocHref: /windows/known-issues/ + topicHref: /windows/known-issues/index - name: Privacy tocHref: /windows/privacy/ topicHref: /windows/privacy/index diff --git a/windows/hub/images/deploy1.png b/windows/hub/images/deploy1.png new file mode 100644 index 0000000000..1390683f78 Binary files /dev/null and b/windows/hub/images/deploy1.png differ diff --git a/windows/hub/images/deploy2.png b/windows/hub/images/deploy2.png new file mode 100644 index 0000000000..c26b6d87b2 Binary files /dev/null and b/windows/hub/images/deploy2.png differ diff --git a/windows/hub/images/deploy3.png b/windows/hub/images/deploy3.png new file mode 100644 index 0000000000..0705adb036 Binary files /dev/null and b/windows/hub/images/deploy3.png differ diff --git a/windows/hub/images/deploy4.png b/windows/hub/images/deploy4.png new file mode 100644 index 0000000000..10cbd54516 Binary files /dev/null and b/windows/hub/images/deploy4.png differ diff --git a/windows/hub/images/explore1.png b/windows/hub/images/explore1.png new file mode 100644 index 0000000000..60d8a8a5b4 Binary files /dev/null and b/windows/hub/images/explore1.png differ diff --git a/windows/hub/images/explore2.png b/windows/hub/images/explore2.png new file mode 100644 index 0000000000..a31096c8a4 Binary files /dev/null and b/windows/hub/images/explore2.png differ diff --git a/windows/hub/images/explore3.png b/windows/hub/images/explore3.png new file mode 100644 index 0000000000..2206e69d30 Binary files /dev/null and b/windows/hub/images/explore3.png differ diff --git a/windows/hub/images/faq.png b/windows/hub/images/faq.png new file mode 100644 index 0000000000..d5d90dee9e Binary files /dev/null and b/windows/hub/images/faq.png differ diff --git a/windows/hub/images/insider.png b/windows/hub/images/insider.png new file mode 100644 index 0000000000..ac22d5062d Binary files /dev/null and b/windows/hub/images/insider.png differ diff --git a/windows/hub/images/land-deploy.png b/windows/hub/images/land-deploy.png new file mode 100644 index 0000000000..10cbd54516 Binary files /dev/null and b/windows/hub/images/land-deploy.png differ diff --git a/windows/hub/images/land-explore.png b/windows/hub/images/land-explore.png new file mode 100644 index 0000000000..b23fb8d8c1 Binary files /dev/null and b/windows/hub/images/land-explore.png differ diff --git a/windows/hub/images/land-faq.png b/windows/hub/images/land-faq.png new file mode 100644 index 0000000000..d5d90dee9e Binary files /dev/null and b/windows/hub/images/land-faq.png differ diff --git a/windows/hub/images/land-informed.png b/windows/hub/images/land-informed.png new file mode 100644 index 0000000000..6c9f645da0 Binary files /dev/null and b/windows/hub/images/land-informed.png differ diff --git a/windows/hub/images/land-manage.png b/windows/hub/images/land-manage.png new file mode 100644 index 0000000000..37aa9c59c5 Binary files /dev/null and b/windows/hub/images/land-manage.png differ diff --git a/windows/hub/images/land-new.png b/windows/hub/images/land-new.png new file mode 100644 index 0000000000..884d953a7e Binary files /dev/null and b/windows/hub/images/land-new.png differ diff --git a/windows/hub/images/manage1.png b/windows/hub/images/manage1.png new file mode 100644 index 0000000000..37aa9c59c5 Binary files /dev/null and b/windows/hub/images/manage1.png differ diff --git a/windows/hub/images/manage2.png b/windows/hub/images/manage2.png new file mode 100644 index 0000000000..b52cbfd956 Binary files /dev/null and b/windows/hub/images/manage2.png differ diff --git a/windows/hub/images/plan1.png b/windows/hub/images/plan1.png new file mode 100644 index 0000000000..b52d775ed5 Binary files /dev/null and b/windows/hub/images/plan1.png differ diff --git a/windows/hub/images/plan2.png b/windows/hub/images/plan2.png new file mode 100644 index 0000000000..5bcfed0568 Binary files /dev/null and b/windows/hub/images/plan2.png differ diff --git a/windows/hub/images/plan3.png b/windows/hub/images/plan3.png new file mode 100644 index 0000000000..04c077b748 Binary files /dev/null and b/windows/hub/images/plan3.png differ diff --git a/windows/hub/images/twitter.png b/windows/hub/images/twitter.png new file mode 100644 index 0000000000..7cc7088229 Binary files /dev/null and b/windows/hub/images/twitter.png differ diff --git a/windows/hub/images/wip4biz.png b/windows/hub/images/wip4biz.png new file mode 100644 index 0000000000..6c9f645da0 Binary files /dev/null and b/windows/hub/images/wip4biz.png differ diff --git a/windows/hub/windows-10-landing.yml b/windows/hub/windows-10-landing.yml new file mode 100644 index 0000000000..03923fa63f --- /dev/null +++ b/windows/hub/windows-10-landing.yml @@ -0,0 +1,77 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Windows 10 +metadata: + document_id: + title: Windows 10 + description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.
    + +

    **Download a free 90-day evaluation**
    Try the latest features. Test your apps, hardware, and deployment strategies.
    Start evaluation
    **Get started with virtual labs**
    Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.
    See Windows 10 labs
    **Conduct a proof of concept**
    Download a lab environment with MDT, Configuration Manager, Windows 10, and more.
    Get deployment kit
    + " +- title: What's new +- items: + - type: markdown + text: " + Learn about the latest releases and servicing options.
    + +
    What's new in Windows 10, version 1809
    What's new in Windows 10, version 1803
    What's new in Windows 10, version 1709
    Windows 10 release information
    Windows 10 update history
    Windows 10 roadmap
    + " +- title: Frequently asked questions +- items: + - type: markdown + text: " + Get answers to commom questions, or get help with a specific problem.
    + +
    Windows 10 FAQ for IT Pros
    Windows 10 forums
    Windows 10 TechCommunity
    Which edition is right for your organization?
    Infrastructure requirements
    What's Windows as a service?
    Windows 10 Mobile deployment and management guide
    + " +- title: Plan +- items: + - type: markdown + text: " + Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options.
    + +

    **Application compatibility**
    Get best practices and tools to help you address compatibility issues prior to deployment.
    Find apps that are ready for Windows 10.
    Identify and prioritize apps with Upgrade Readiness
    Test, validate, and implement with the Web Application Compatibility Lab Kit
    **Upgrade options**
    Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.
    Manage Windows upgrades with Upgrade Readiness
    Windows 10 upgrade paths
    Windows 10 edition upgrades
    **Windows as a service**
    Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.
    Explore
    + " +- title: Deploy +- items: + - type: markdown + text: " + Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
    + +

    **In-place upgrade**
    The simplest way to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
    Upgrade to Windows 10 with Configuration Manager
    Upgrade to Windows 10 with MDT
    **Traditional deployment**
    Some organizations may still need to opt for an image-based deployment of Windows 10.
    Deploy Windows 10 with Configuration Manager
    Deploy Windows 10 with MDT

    **Dynamic provisioning**
    With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
    Provisioning packages for Windows 10
    Build and apply a provisioning package
    Customize Windows 10 start and the taskbar
    **Other deployment scenarios**
    Get guidance on how to deploy Windows 10 for students, faculty, and guest users - and how to deploy line-of-business apps.
    Windows deployment for education environments
    Set up a shared or guest PC with Windows 10
    Sideload apps in Windows 10
    + " +- title: Management and security +- items: + - type: markdown + text: " + Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.
    + +

    **Manage Windows 10 updates**
    Get best practices and tools to help you manage clients and apps.
    Manage clients in Windows 10
    Manage apps and features in Windows 10
    **Security**
    Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.
    Windows 10 enterprise security
    Threat protection
    Identity protection
    Information protection
    + " +- title: Stay informed +- items: + - type: markdown + text: " + +

    **Sign up for the Windows IT Pro Insider**
    Find out about new resources and get expert tips and tricks on deployment, management, security, and more.
    Learn more
    **Follow us on Twitter**
    Keep up with the latest desktop and device trends, Windows news, and events for IT pros.
    Visit Twitter
    **Join the Windows Insider Program for Business**
    Get early access to new builds and provide feedback on the latest features and functionalities.
    Get started
    + " diff --git a/windows/hub/windows-10.yml b/windows/hub/windows-10.yml new file mode 100644 index 0000000000..a981edf38a --- /dev/null +++ b/windows/hub/windows-10.yml @@ -0,0 +1,77 @@ +### YamlMime:YamlDocument + +documentType: LandingData +title: Windows 10 +metadata: + document_id: + title: Windows 10 + description: Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories + ms.localizationpriority: medium + author: lizap + ms.author: elizapo + manager: dougkim + ms.topic: article + ms.devlang: na + +sections: +- items: + - type: markdown + text: " + Find tools, step-by-step guides, and other resources to help you deploy and support Windows 10 in your organization. + " +- title: Explore +- items: + - type: markdown + text: " + Get started with Windows 10. Evaluate free for 90 days, and set up virtual labs to test a proof of concept.
    + +

    **Download a free 90-day evaluation**
    Try the latest features. Test your apps, hardware, and deployment strategies.
    Start evaluation
    **Get started with virtual labs**
    Try setup, deployment, and management scenarios in a virtual environment, with no additional software or setup required.
    See Windows 10 labs
    **Conduct a proof of concept**
    Download a lab environment with MDT, Configuration Manager, Windows 10, and more.
    Get deployment kit
    + " +- title: What's new +- items: + - type: markdown + text: " + Learn about the latest releases and servicing options.
    + +
    What's new in Windows 10, version 1809
    What's new in Windows 10, version 1803
    What's new in Windows 10, version 1709
    Windows 10 release information
    Windows 10 update history
    Windows 10 roadmap
    + " +- title: Frequently asked questions +- items: + - type: markdown + text: " + Get answers to commom questions, or get help with a specific problem.
    + +
    Windows 10 FAQ for IT Pros
    Windows 10 forums
    Windows 10 TechCommunity
    Which edition is right for your organization?
    Infrastructure requirements
    What's Windows as a service?
    Windows 10 Mobile deployment and management guide
    + " +- title: Plan +- items: + - type: markdown + text: " + Prepare to deploy Windows 10 in your organization. Explore deployment methods, compatibility tools, and servicing options.
    + +

    **Application compatibility**
    Get best practices and tools to help you address compatibility issues prior to deployment.
    Find apps that are ready for Windows 10.
    Identify and prioritize apps with Upgrade Readiness
    Test, validate, and implement with the Web Application Compatibility Lab Kit
    **Upgrade options**
    Learn about the options available for upgrading Windows 7, Windows 8, or Windows 8.1 PCs and devices to Windows 10.
    Manage Windows upgrades with Upgrade Readiness
    Windows 10 upgrade paths
    Windows 10 edition upgrades
    **Windows as a service**
    Windows as a service provides ongoing new capabilities and updates while maintaining a high level of hardware and software compatibility.
    Explore
    + " +- title: Deploy +- items: + - type: markdown + text: " + Download recommended tools and get step-by-step guidance for in-place upgrades, dynamic provisioning, or traditional deployments.
    + +

    **In-place upgrade**
    The simplest way to upgrade PCs that are currently running WIndows 7, Windows 8, or Windows 8.1 is to do an in-place upgrade.
    Upgrade to Windows 10 with Configuration Manager
    Upgrade to Windows 10 with MDT
    **Traditional deployment**
    Some organizations may still need to opt for an image-based deployment of Windows 10.
    Deploy Windows 10 with Configuration Manager
    Deploy Windows 10 with MDT

    **Dynamic provisioning**
    With Windows 10 you can create provisioning packages that let you quickly configure a device without having to install a new image.
    Provisioning packages for Windows 10
    Build and apply a provisioning package
    Customize Windows 10 start and the taskbar    		Windows deployment for education environments
    Set up a shared or guest PC with Windows 10
    Sideload apps in Windows 10
    + " +- title: Management and security +- items: + - type: markdown + text: " + Learn how to manage Windows 10 clients and apps, secure company data, and manage risk.
    + +

    **Manage Windows 10 updates**
    Get best practices and tools to help you manage clients and apps.
    Manage clients in Windows 10
    Manage apps and features in Windows 10
    **Security**
    Intelligent security, powered by the cloud. Out-of-the-box protection, advanced security features, and intelligent management to respond to advanced threats.
    Windows 10 enterprise security
    Threat protection
    Identity protection
    Information protection
    + " +- title: Stay informed +- items: + - type: markdown + text: " + +

    **Sign up for the Windows IT Pro Insider**
    Find out about new resources and get expert tips and tricks on deployment, management, security, and more.
    Learn more
    **Follow us on Twitter**
    Keep up with the latest desktop and device trends, Windows news, and events for IT pros.
    Visit Twitter
    **Join the Windows Insider Program for Business**
    Get early access to new builds and provide feedback on the latest features and functionalities.
    Get started
    + " diff --git a/windows/known-issues/breadcrumb/toc.yml b/windows/known-issues/breadcrumb/toc.yml deleted file mode 100644 index 61d8fca61e..0000000000 --- a/windows/known-issues/breadcrumb/toc.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / \ No newline at end of file diff --git a/windows/known-issues/docfx.json b/windows/known-issues/docfx.json index a11af85d90..102f32f826 100644 --- a/windows/known-issues/docfx.json +++ b/windows/known-issues/docfx.json @@ -35,9 +35,11 @@ "overwrite": [], "externalReference": [], "globalMetadata": { - "breadcrumb_path": "/windows/known-issues/breadcrumb/toc.json", - "extendBreadcrumb": true, - "feedback_system": "None" + "uhfHeaderId": "MSDocsHeader-WindowsIT", + "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app" }, "fileMetadata": {}, "template": [], diff --git a/windows/privacy/Microsoft-DiagnosticDataViewer.md b/windows/privacy/Microsoft-DiagnosticDataViewer.md index 014cf520b8..f0573631e9 100644 --- a/windows/privacy/Microsoft-DiagnosticDataViewer.md +++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md @@ -1,184 +1,188 @@ ---- -title: Diagnostic Data Viewer for PowerShell Overview (Windows 10) -description: Use this article to use the Diagnostic Data Viewer for PowerShell to review the diagnostic data sent to Microsoft by your device. -keywords: privacy -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: high -author: brianlic-msft -ms.author: brianlic -ms.date: 01/17/2018 ---- - -# Diagnostic Data Viewer for PowerShell Overview - -**Applies to** - -- Windows 10, version 1809 -- Windows 10, version 1803 -- Windows Server, version 1803 -- Windows Server 2019 - -## Introduction -The Diagnostic Data Viewer for PowerShell is a PowerShell module that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft. - -## Requirements - -You must have administrative privilege on the device in order to use this PowerShell module. This module requires OS version 1803 and higher. - -## Install and Use the Diagnostic Data Viewer for PowerShell - -You must install the module before you can use the Diagnostic Data Viewer for PowerShell. - -### Opening an Elevated PowerShell session - -Using the Diagnostic Data Viewer for PowerShell requires administrative (elevated) privilege. There are two ways to open an elevated PowerShell prompt. You can use either method. -- Go to **Start** > **Windows PowerShell** > **Run as administrator** -- Go to **Start** > **Command prompt** > **Run as administrator**, and run the command `C:\> powershell.exe` - -### Install the Diagnostic Data Viewer for PowerShell - - >[!IMPORTANT] - >It is recommended to visit the documentation on [Getting Started](https://docs.microsoft.com/en-us/powershell/gallery/getting-started) with PowerShell Gallery. This page provides more specific details on installing a PowerShell module. - -To install the newest version of the Diagnostic Data Viewer PowerShell module, run the following command within an elevated PowerShell session: -```powershell -PS C:\> Install-Module -Name Microsoft.DiagnosticDataViewer -``` - -To see more information about the module, visit [PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer). - -### Turn on data viewing -Before you can use this tool, you must turn on data viewing. Turning on data viewing enables Windows to store a local history of your device's diagnostic data for you to view until you turn it off. - -Note that this setting does not control whether your device sends diagnostic data. Instead, it controls whether your Windows device saves a local copy of the diagnostic data sent for your viewing. - -**To turn on data viewing through the Settings page** -1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. - -2. Under **Diagnostic data**, turn on the **If data viewing is enabled, you can see your diagnostics data** option. - - ![Location to turn on data viewing](images/ddv-data-viewing.png) - -**To turn on data viewing through PowerShell** - -Run the following command within an elevated PowerShell session: - -```powershell -PS C:\> Enable-DiagnosticDataViewing -``` - -Once data viewing is enabled, your Windows machine will begin saving a history of diagnostic data that is sent to Microsoft from this point on. - - >[!IMPORTANT] - >Turning on data viewing can use up to 1GB (default setting) of disk space on your system drive. We recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article. - - -### Getting Started with Diagnostic Data Viewer for PowerShell -To see how to use the cmdlet, the parameters it accepts, and examples, run the following command from an elevated PowerShell session: - -```powershell -PS C:\> Get-Help Get-DiagnosticData -``` - -**To Start Viewing Diagnostic Data** - -From an elevated PowerShell session, run the following command: - -```powershell -PS C:\> Get-DiagnosticData -``` - -If the number of events is large, and you'd like to stop the command, enter `Ctrl+C`. - - >[!IMPORTANT] - >The above command may produce little to no results if you enabled data viewing recently. It can take several minutes before your Windows device can show diagnostic data it has sent. Use your device as you normally would in the mean time and try again. - -### Doing more with the Diagnostic Data Viewer for PowerShell -The Diagnostic Data Viewer for PowerShell provides you with the following features to view and filter your device's diagnostic data. You can also use the extensive suite of other PowerShell tools with this module. - -- **View your diagnostic events.** Running `PS C:\> Get-DiagnosticData`, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft. - - Each event is displayed as a PowerShell Object. By default each event shows the event name, the time when it was seen by your Windows device, whether the event is [Basic](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization), its [diagnostic event category](#view-diagnostic-event-categories), and a detailed JSON view of the information it contains, which shows the event exactly as it was when sent to Microsoft. Microsoft uses this info to continually improve the Windows operating system. - -- **View Diagnostic event categories.** Each event shows the diagnostic event categories that it belongs to. These categories define how events are used by Microsoft. The categories are shown as numeric identifiers. For more information about these categories, see [Windows Diagnostic Data](https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data). - - To view the diagnostic category represented by each numeric identifier and what the category means, you can run the command: - - ```powershell - PS C:\> Get-DiagnosticDataTypes - ``` - -- **Filter events by when they were sent.** You can view events within specified time ranges by specifying a start time and end time of each command. For example, to see all diagnostic data sent between 12 and 6 hours ago, run the following command. Note that data is shown in order of oldest first. - ```powershell - PS C:\> Get-DiagnosticData -StartTime (Get-Date).AddHours(-12) -EndTime (Get-Date).AddHours(-6) - ``` - -- **Export the results of each command.** You can export the results of each command to a separate file such as a csv by using pipe `|`. For example, - - ```powershell - PS C:\> Get-DiagnosticData | Export-Csv 'mydata.csv' - ``` - -## Turn off data viewing -When you're done reviewing your diagnostic data, we recommend turning off data viewing to prevent using up more memory. Turning off data viewing stops Windows from saving a history of your diagnostic data and clears the existing history of diagnostic data from your device. - -**To turn off data viewing through the Settings page** -1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. - -2. Under **Diagnostic data**, turn off the **If data viewing is enabled, you can see your diagnostics data** option. - - ![Location to turn off data viewing](images/ddv-settings-off.png) - -**To turn off data viewing through PowerShell** - -Within an elevated PowerShell session, run the following command: - -```powershell -PS C:\> Disable-DiagnosticDataViewing -``` - -## Modifying the size of your data history -By default, the tool will show you up to 1GB or 30 days of data (whichever comes first). Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first. - -**Modify the size of your data history** - - >[!IMPORTANT] - >Modifying the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine. - - >[!IMPORTANT] - >If you modify the maximum data history size from a larger value to a lower value, you must turn off data viewing and turn it back on in order to reclaim disk space. - -You can change the maximum data history size (in megabytes) that you can view. For example, to set the maximum data history size to 2048MB (2GB), you can run the following command. - -```powershell -PS C:\> Set-DiagnosticStoreCapacity -Size 2048 -``` - -You can change the maximum data history time (in hours) that you can view. For example, to set the maximum data history time to 24 hours, you can run the following command. - -```powershell -PS C:\> Set-DiagnosticStoreCapacity -Time 24 -``` - - >[!IMPORTANT] - >You may need to restart your machine for the new settings to take effect. - - >[!IMPORTANT] - >If you have the [Diagnostic Data Viewer](diagnostic-data-viewer-overview.md) store app installed on the same device, modifications to the size of your data history through the PowerShell module will also be reflected in the app. - -**Reset the size of your data history** - -To reset the maximum data history size back to its original 1GB default value, run the following command in an elevated PowerShell session: - -```powershell -PS C:\> Set-DiagnosticStoreCapacity -Size 1024 -Time 720 -``` - -When resetting the size of your data history to a lower value, be sure to turn off data viewing and turn it back on in order to reclaim disk space. - -## Related Links -- [Module in PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer) +--- +title: Diagnostic Data Viewer for PowerShell Overview (Windows 10) +description: Use this article to use the Diagnostic Data Viewer for PowerShell to review the diagnostic data sent to Microsoft by your device. +keywords: privacy +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: high +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 01/17/2018 +--- + +# Diagnostic Data Viewer for PowerShell Overview + +**Applies to** + +- Windows 10, version 1809 +- Windows 10, version 1803 +- Windows Server, version 1803 +- Windows Server 2019 + +## Introduction +The Diagnostic Data Viewer for PowerShell is a PowerShell module that lets you review the diagnostic data your device is sending to Microsoft, grouping the info into simple categories based on how it's used by Microsoft. + +## Requirements + +You must have administrative privilege on the device in order to use this PowerShell module. This module requires OS version 1803 and higher. + +## Install and Use the Diagnostic Data Viewer for PowerShell + +You must install the module before you can use the Diagnostic Data Viewer for PowerShell. + +### Opening an Elevated PowerShell session + +Using the Diagnostic Data Viewer for PowerShell requires administrative (elevated) privilege. There are two ways to open an elevated PowerShell prompt. You can use either method. +- Go to **Start** > **Windows PowerShell** > **Run as administrator** +- Go to **Start** > **Command prompt** > **Run as administrator**, and run the command `C:\> powershell.exe` + +### Install the Diagnostic Data Viewer for PowerShell + + >[!IMPORTANT] + >It is recommended to visit the documentation on [Getting Started](https://docs.microsoft.com/en-us/powershell/gallery/getting-started) with PowerShell Gallery. This page provides more specific details on installing a PowerShell module. + +To install the newest version of the Diagnostic Data Viewer PowerShell module, run the following command within an elevated PowerShell session: +```powershell +PS C:\> Install-Module -Name Microsoft.DiagnosticDataViewer +``` + +To see more information about the module, visit [PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer). + +### Turn on data viewing +Before you can use this tool, you must turn on data viewing. Turning on data viewing enables Windows to store a local history of your device's diagnostic data for you to view until you turn it off. + +Note that this setting does not control whether your device sends diagnostic data. Instead, it controls whether your Windows device saves a local copy of the diagnostic data sent for your viewing. + +**To turn on data viewing through the Settings page** +1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. + +2. Under **Diagnostic data**, turn on the **If data viewing is enabled, you can see your diagnostics data** option. + + ![Location to turn on data viewing](images/ddv-data-viewing.png) + +**To turn on data viewing through PowerShell** + +Run the following command within an elevated PowerShell session: + +```powershell +PS C:\> Enable-DiagnosticDataViewing +``` + +Once data viewing is enabled, your Windows machine will begin saving a history of diagnostic data that is sent to Microsoft from this point on. + + >[!IMPORTANT] + >Turning on data viewing can use up to 1GB (default setting) of disk space on your system drive. We recommend that you turn off data viewing when you're done using the Diagnostic Data Viewer. For info about turning off data viewing, see the [Turn off data viewing](#turn-off-data-viewing) section in this article. + + +### Getting Started with Diagnostic Data Viewer for PowerShell +To see how to use the cmdlet, the parameters it accepts, and examples, run the following command from an elevated PowerShell session: + +```powershell +PS C:\> Get-Help Get-DiagnosticData +``` + +**To Start Viewing Diagnostic Data** + +From an elevated PowerShell session, run the following command: + +```powershell +PS C:\> Get-DiagnosticData +``` + +If the number of events is large, and you'd like to stop the command, enter `Ctrl+C`. + + >[!IMPORTANT] + >The above command may produce little to no results if you enabled data viewing recently. It can take several minutes before your Windows device can show diagnostic data it has sent. Use your device as you normally would in the mean time and try again. + +### Doing more with the Diagnostic Data Viewer for PowerShell +The Diagnostic Data Viewer for PowerShell provides you with the following features to view and filter your device's diagnostic data. You can also use the extensive suite of other PowerShell tools with this module. + +- **View your diagnostic events.** Running `PS C:\> Get-DiagnosticData`, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft. + + Each event is displayed as a PowerShell Object. By default each event shows the event name, the time when it was seen by your Windows device, whether the event is [Basic](https://docs.microsoft.com/en-us/windows/privacy/configure-windows-diagnostic-data-in-your-organization), its [diagnostic event category](#view-diagnostic-event-categories), and a detailed JSON view of the information it contains, which shows the event exactly as it was when sent to Microsoft. Microsoft uses this info to continually improve the Windows operating system. + +- **View Diagnostic event categories.** Each event shows the diagnostic event categories that it belongs to. These categories define how events are used by Microsoft. The categories are shown as numeric identifiers. For more information about these categories, see [Windows Diagnostic Data](https://docs.microsoft.com/en-us/windows/privacy/windows-diagnostic-data). + + To view the diagnostic category represented by each numeric identifier and what the category means, you can run the command: + + ```powershell + PS C:\> Get-DiagnosticDataTypes + ``` + +- **Filter events by when they were sent.** You can view events within specified time ranges by specifying a start time and end time of each command. For example, to see all diagnostic data sent between 12 and 6 hours ago, run the following command. Note that data is shown in order of oldest first. + ```powershell + PS C:\> Get-DiagnosticData -StartTime (Get-Date).AddHours(-12) -EndTime (Get-Date).AddHours(-6) + ``` + +- **Export the results of each command.** You can export the results of each command to a separate file such as a csv by using pipe `|`. For example, + + ```powershell + PS C:\> Get-DiagnosticData | Export-Csv 'mydata.csv' + ``` + +## Turn off data viewing +When you're done reviewing your diagnostic data, we recommend turning off data viewing to prevent using up more memory. Turning off data viewing stops Windows from saving a history of your diagnostic data and clears the existing history of diagnostic data from your device. + +**To turn off data viewing through the Settings page** +1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**. + +2. Under **Diagnostic data**, turn off the **If data viewing is enabled, you can see your diagnostics data** option. + + ![Location to turn off data viewing](images/ddv-settings-off.png) + +**To turn off data viewing through PowerShell** + +Within an elevated PowerShell session, run the following command: + +```powershell +PS C:\> Disable-DiagnosticDataViewing +``` + +## Modifying the size of your data history +By default, the tool will show you up to 1GB or 30 days of data (whichever comes first). Once either the time or space limit is reached, the data is incrementally dropped with the oldest data points dropped first. + +**Modify the size of your data history** + + >[!IMPORTANT] + >Modifying the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine. + + >[!IMPORTANT] + >If you modify the maximum data history size from a larger value to a lower value, you must turn off data viewing and turn it back on in order to reclaim disk space. + +You can change the maximum data history size (in megabytes) that you can view. For example, to set the maximum data history size to 2048MB (2GB), you can run the following command. + +```powershell +PS C:\> Set-DiagnosticStoreCapacity -Size 2048 +``` + +You can change the maximum data history time (in hours) that you can view. For example, to set the maximum data history time to 24 hours, you can run the following command. + +```powershell +PS C:\> Set-DiagnosticStoreCapacity -Time 24 +``` + + >[!IMPORTANT] + >You may need to restart your machine for the new settings to take effect. + + >[!IMPORTANT] + >If you have the [Diagnostic Data Viewer](diagnostic-data-viewer-overview.md) store app installed on the same device, modifications to the size of your data history through the PowerShell module will also be reflected in the app. + +**Reset the size of your data history** + +To reset the maximum data history size back to its original 1GB default value, run the following command in an elevated PowerShell session: + +```powershell +PS C:\> Set-DiagnosticStoreCapacity -Size 1024 -Time 720 +``` + +When resetting the size of your data history to a lower value, be sure to turn off data viewing and turn it back on in order to reclaim disk space. + +## Related Links +- [Module in PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer) - [Documentation for Diagnostic Data Viewer for PowerShell](https://docs.microsoft.com/en-us/powershell/module/microsoft.diagnosticdataviewer/?view=win10-ps) \ No newline at end of file diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md index 79ef8ac888..eaf8f033d0 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md @@ -7,9 +7,13 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high +audience: ITPro author: brianlic-msft ms.author: brianlic -ms.date: 12/27/2018 +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 02/15/2019 --- @@ -65,11 +69,12 @@ The following fields are available: - **InventorySystemBios** The count of DecisionDevicePnp objects present on this machine targeting the next release of Windows - **PCFP** The count of DecisionDriverPackage objects present on this machine targeting the next release of Windows - **SystemProcessorCompareExchange** The count of DecisionMatchingInfoBlock objects present on this machine targeting the next release of Windows -- **SystemProcessorNx** The count of DataSourceMatchingInfoPostUpgrade objects present on this machine targeting the next release of Windows -- **SystemProcessorSse2** The count of DecisionMatchingInfoPostUpgrade objects present on this machine targeting the next release of Windows -- **SystemWim** The count of DecisionMediaCenter objects present on this machine targeting the next release of Windows +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. +- **SystemProcessorSse2** The total number of objects of this type present on this device. +- **SystemWim** The total number of objects of this type present on this device. - **SystemWindowsActivationStatus** The count of DecisionSystemBios objects present on this machine targeting the next release of Windows -- **SystemWlan** The count of InventoryApplicationFile objects present on this machine. +- **SystemWlan** The total number of objects of this type present on this device. - **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. @@ -475,7 +480,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd -This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. The following fields are available: @@ -1270,7 +1275,7 @@ This event sends version data about the Apps running on this device, to help kee The following fields are available: - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** Retrieves which version of Internet Explorer is running on this device. +- **IEVersion** The version of Internet Explorer that is running on the device. ### Census.Battery @@ -1757,6 +1762,20 @@ The following fields are available: - **syncId** A string used to group StartSync, EndSync, Add, and Remove operations that belong together. This field is unique by Sync period and is used to disambiguate in situations where multiple agents perform overlapping inventories for the same object. +## Component-based Servicing events + +### CbsServicingProvider.CbsCapabilitySessionFinalize + +This event provides information about the results of installing or uninstalling optional Windows content from Windows Update. + + + +### CbsServicingProvider.CbsCapabilitySessionPended + +This event provides information about the results of installing optional Windows content that requires a reboot to keep Windows up to date. + + + ## Content Delivery Manager events ### Microsoft.Windows.ContentDeliveryManager.ProcessCreativeEvent @@ -1827,6 +1846,7 @@ The following fields are available: - **LastBugCheckOriginalDumpType** The type of crash dump the system intended to save. - **LastBugCheckOtherSettings** Other crash dump settings. - **LastBugCheckParameter1** The first parameter with additional info on the type of the error. +- **LastBugCheckProgress** Progress towards writing out the last crash dump. - **LastSuccessfullyShutdownBootId** The Boot ID of the last fully successful shutdown. - **PowerButtonCumulativePressCount** Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released"). - **PowerButtonCumulativeReleaseCount** Indicates the number of times the power button has been released ("released" not to be confused with "pressed"). @@ -1841,7 +1861,7 @@ The following fields are available: - **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press. - **TransitionInfoBootId** The Boot ID of the captured transition information. - **TransitionInfoCSCount** The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved. -- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited"). +- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited"). - **TransitionInfoCSExitReason** Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered"). - **TransitionInfoCSInProgress** Indicates whether the system was in or entering Connected Standby mode when the last marker was saved. - **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp. @@ -1890,7 +1910,7 @@ The following fields are available: - **CanPerformDiagnosticEscalations** True if UTC is allowed to perform all scenario escalations. - **CanPerformScripting** True if UTC is allowed to perform scripting. - **CanPerformTraceEscalations** True if UTC is allowed to perform scenario escalations with tracing actions. -- **CanReportScenarios** True if UTC is allowed to load and report scenario completion, failure, and cancellation events. +- **CanReportScenarios** True if we can report scenario completions, false otherwise. - **PreviousPermissions** Bitmask representing the previously configured permissions since the telemetry client was last started. - **TransitionFromEverythingOff** True if this transition is moving from not allowing core telemetry to allowing core telemetry. @@ -2017,6 +2037,80 @@ The following fields are available: - **WDDMVersion** The Windows Display Driver Model version. +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + ## Fault Reporting events ### Microsoft.Windows.FaultReporting.AppCrashEvent @@ -2227,6 +2321,30 @@ The following fields are available: - **Version** The version number of the program. +### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverAdd + +This event represents what drivers an application installs. + + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync + +The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. + + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd + +This event provides the basic metadata about the frameworks an application may depend on. + + + +### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkStartSync + +This event indicates that a new set of InventoryApplicationFrameworkAdd events will be sent. + + + ### Microsoft.Windows.Inventory.Core.InventoryApplicationRemove This event indicates that a new set of InventoryDevicePnpAdd events will be sent. @@ -2378,33 +2496,34 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **Class** The device setup class of the driver loaded for the device -- **ClassGuid** The device class GUID from the driver package -- **COMPID** A JSON array the provides the value and order of the compatible ID tree for the device. See [COMPID](#compid). -- **ContainerId** A system-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the device. -- **Description** The device description -- **DeviceState** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present -- **DriverId** A unique identifier for the installed device. +- **Class** The device setup class of the driver loaded for the device. +- **ClassGuid** The device class unique identifier of the driver package loaded on the device. +- **COMPID** The list of “Compatible IDs” for this device. See [COMPID](#compid). +- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. +- **Description** The description of the device. +- **DeviceState** Identifies the current state of the parent (main) device. +- **DriverId** The unique identifier for the installed driver. - **DriverName** The name of the driver image file. +- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. - **DriverVerDate** The date of the driver loaded for the device - **DriverVerVersion** The version of the driver loaded for the device -- **Enumerator** The bus that enumerated the device -- **HWID** A JSON array that provides the value and order of the HWID tree for the device. See [HWID](#hwid). -- **Inf** The INF file name. -- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx -- **InventoryVersion** The version of the inventory file generating the events. -- **LowerClassFilters** Lower filter class drivers IDs installed for the device. -- **LowerFilters** Lower filter drivers IDs installed for the device -- **Manufacturer** The device manufacturer -- **MatchingID** Represents the hardware ID or compatible ID that Windows uses to install a device instance -- **Model** The device model -- **ParentId** Device instance id of the parent of the device -- **ProblemCode** The current error code for the device. -- **Provider** The device provider -- **Service** The device service name -- **STACKID** A JSON array that provides the value and order of the STACKID tree for the device. See [STACKID](#stackid). -- **UpperClassFilters** Upper filter class drivers IDs installed for the device -- **UpperFilters** Upper filter drivers IDs installed for the device +- **Enumerator** Identifies the bus that enumerated the device. +- **HWID** A list of hardware IDs for the device. See [HWID](#hwid). +- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). +- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx +- **InventoryVersion** The version number of the inventory process generating the events. +- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. +- **LowerFilters** The identifiers of the Lower filters installed for the device. +- **Manufacturer** The manufacturer of the device. +- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. +- **Model** Identifies the model of the device. +- **ParentId** The Device Instance ID of the parent of the device. +- **ProblemCode** The error code currently returned by the device, if applicable. +- **Provider** Identifies the device provider. +- **Service** The name of the device service. +- **STACKID** The list of hardware IDs for the stack. See [STACKID](#stackid). +- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. +- **UpperFilters** The identifiers of the Upper filters installed for the device. ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove @@ -2429,6 +2548,18 @@ The following fields are available: - **InventoryVersion** The version of the inventory file generating the events. +### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassAdd + +This event sends basic metadata about the USB hubs on the device. + + + +### Microsoft.Windows.Inventory.Core.InventoryDeviceUsbHubClassStartSync + +This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. + + + ### Microsoft.Windows.Inventory.Core.InventoryDriverBinaryAdd This event provides the basic metadata about driver binaries running on the system. @@ -2567,6 +2698,18 @@ This event provides insight data on the installed Office products +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsRemove + +Indicates that this particular data object represented by the objectInstanceId is no longer present. + + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsStartSync + +This diagnostic event indicates that a new sync is being generated for this object type. + + + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd Describes Office Products installed. @@ -2591,6 +2734,18 @@ Indicates a new sync is being generated for this object type. +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBARuleViolationsStartSync + +This event indicates that a new sync is being generated for this object type. + + + +### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync + +Diagnostic event to indicate a new sync is being generated for this object type. + + + ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd Provides data on Unified Update Platform (UUP) products and what version they are at. @@ -3215,6 +3370,12 @@ The following fields are available: - **Time** The system time at which the event began. +### Microsoft.Windows.Sediment.Info.DetailedState + +This event is sent when detailed state information is needed from an update trial run. + + + ### Microsoft.Windows.Sediment.Info.DownloadServiceError This event provides information when the Download Service returns an error. The information provided helps keep Windows up to date. @@ -3394,6 +3555,17 @@ The following fields are available: - **Url** The new URL from which content will be executed. +### Microsoft.Windows.Sediment.OSRSS.SelfUpdate + +This event returns metadata after Operating System Remediation System Service (OSRSS) successfully replaces itself with a new version. + +The following fields are available: + +- **ServiceVersionMajor** The major version number for the component. +- **ServiceVersionMinor** The minor version number for the component. +- **Time** The system timestamp for when the event occurred. + + ### Microsoft.Windows.Sediment.OSRSS.UrlState This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL. @@ -3408,6 +3580,17 @@ The following fields are available: - **Time** System timestamp the event was fired +### Microsoft.Windows.Sediment.ServiceInstaller.ApplicabilityCheckFailed + +This event returns data relating to the error state after one of the applicability checks for the installer component of the Operating System Remediation System Service (OSRSS) has failed. + +The following fields are available: + +- **CheckName** The name of the applicability check that failed. +- **InstallerVersion** The version information for the installer component. +- **Time** The system timestamp for when the event occurred. + + ### Microsoft.Windows.Sediment.ServiceInstaller.AttemptingUpdate This event indicates the Operating System Remediation System Service (OSRSS) installer is attempting an update to itself. This information helps ensure Windows is up to date. @@ -3855,6 +4038,26 @@ The following fields are available: - **threadId** The ID of the thread on which the activity is executing. +## SIH events + +### SIHEngineTelemetry.EvalApplicability + +This event is sent when targeting logic is evaluated to determine if a device is eligible a given action. + + + +### SIHEngineTelemetry.ExecuteAction + +This event is triggered with SIH attempts to execute (e.g. install) the update or action in question. Includes important information like if the update required a reboot. + + + +### SIHEngineTelemetry.PostRebootReport + +This event reports the status of an action following a reboot, should one have been required. + + + ## Software update events ### SoftwareUpdateClientTelemetry.CheckForUpdates @@ -3977,36 +4180,36 @@ The following fields are available: - **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. +- **AppXDownloadScope** Indicates the scope of the download for application content. - **BiosFamily** The family of the BIOS (Basic Input Output System). - **BiosName** The name of the device BIOS. - **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. +- **BiosSKUNumber** The SKU number of the device BIOS. - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. -- **BundleBytesDownloaded** How many bytes were downloaded for the specific content bundle. -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. +- **BundleId** Identifier associated with the specific content bundle. - **BundleRepeatFailFlag** Indicates whether this particular update bundle had previously failed to download. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **BytesDownloaded** How many bytes were downloaded for an individual piece of content (not the entire bundle). -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. +- **CachedEngineVersion** The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable. +- **CallerApplicationName** The name provided by the application that initiated API calls into the software distribution client. +- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download. - **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** ID which defines which CDN the software distribution client downloaded the content from. - **ClientManagedByWSUSServer** Indicates whether the client is managed by Windows Server Update Services (WSUS). - **ClientVersion** The version number of the software distribution client. - **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. -- **DeviceOEM** What OEM does this device belong to. +- **DeviceModel** The model of the device. +- **DeviceOEM** Identifies the Original Equipment Manufacturer (OEM) of the device. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. -- **DownloadType** Differentiates the download type of SIH downloads between Metadata and Payload downloads. -- **Edition** Indicates the edition of Windows being used. +- **DownloadScenarioId** A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events. +- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads. +- **Edition** Identifies the edition of Windows currently running on the device. - **EventInstanceID** A globally unique identifier for event instance. -- **EventNamespaceID** Indicates whether the event succeeded or failed. Has the format EventType+Event where Event is Succeeded, Cancelled, Failed, etc. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. +- **EventNamespaceID** The ID of the test events environment. +- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed. +- **EventType** Identifies the type of the event (Child, Bundle, or Driver). - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). @@ -4016,39 +4219,39 @@ The following fields are available: - **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **HostName** The hostname URL the content is downloading from. +- **HostName** The parent URL the content is downloading from. - **IPVersion** Indicates whether the download took place over IPv4 or IPv6. -- **IsAOACDevice** Is it Always On, Always Connected? +- **IsAOACDevice** Indicates whether the device is an Always On, Always Connected (AOAC) device. - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) +- **NetworkCostBitMask** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." - **PackageFullName** The package name of the content. - **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. -- **PlatformRole** The PowerPlatformRole as defined on MSDN +- **PlatformRole** The role of the OS platform (Desktop, Mobile, Workstation, etc.). - **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. - **ProcessorArchitecture** Processor architecture of the system (x86, AMD64, ARM). - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one +- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). -- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **RevisionNumber** The revision number of the specified piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. +- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **TargetMetadataVersion** The version of the currently downloading (or most recently downloaded) package. - **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. -- **TotalExpectedBytes** The total count of bytes that the download is expected to be. +- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. +- **TotalExpectedBytes** The total size (in Bytes) expected to be downloaded. - **UpdateId** An identifier associated with the specific piece of content. - **UpdateID** An identifier associated with the specific piece of content. -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UsedDO** Whether the download used the delivery optimization service. +- **UpdateImportance** Indicates whether the content was marked as Important, Recommended, or Optional. +- **UsedDO** Indicates whether the download used the Delivery Optimization (DO) service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. - **WUSetting** Indicates the users' current updating settings. @@ -4221,7 +4424,7 @@ The following fields are available: - **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. - **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. - **ExtendedStatusCode** The secondary status code of the event. -- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. +- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). @@ -4232,7 +4435,7 @@ The following fields are available: - **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **SHA256OfTimestampToken** An encoded string of the timestamp token. - **SignatureAlgorithm** The hash algorithm for the metadata signature. - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. @@ -4452,6 +4655,22 @@ The following fields are available: - **UpdateId** Unique ID for each update. +### Update360Telemetry.UpdateAgentCommit + +This event collects information regarding the commit phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** Outcome of the install phase of the update. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + ### Update360Telemetry.UpdateAgentDownloadRequest This event sends data for the download request phase of updating Windows via the new Unified Update Platform (UUP) scenario. Applicable to PC and Mobile. @@ -4483,6 +4702,26 @@ The following fields are available: - **UpdateId** Unique ID for each Update. +### Update360Telemetry.UpdateAgentExpand + +This event collects information regarding the expansion phase of the new Unified Update Platform (UUP) update scenario, which is leveraged by both Mobile and Desktop. + +The following fields are available: + +- **ElapsedTickCount** Time taken for expand phase. +- **EndFreeSpace** Free space after expand phase. +- **EndSandboxSize** Sandbox size after expand phase. +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique ID for each flight. +- **ObjectId** Unique value for each Update Agent mode. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **StartFreeSpace** Free space before expand phase. +- **StartSandboxSize** Sandbox size after expand phase. +- **UpdateId** Unique ID for each update. + + ### Update360Telemetry.UpdateAgentInitialize This event sends data for the initialize phase of updating Windows via the new Unified Update Platform (UUP) scenario, which is applicable to both PCs and Mobile. @@ -4501,6 +4740,22 @@ The following fields are available: - **UpdateId** Unique ID for each update. +### Update360Telemetry.UpdateAgentInstall + +This event sends data for the install phase of updating Windows. + +The following fields are available: + +- **ErrorCode** The error code returned for the current install phase. +- **FlightId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). +- **ObjectId** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **Result** The result for the current install phase. +- **ScenarioId** Indicates the update scenario. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each update. + + ### Update360Telemetry.UpdateAgentMitigationResult This event sends data indicating the result of each update agent mitigation. @@ -4578,6 +4833,18 @@ The following fields are available: ## Upgrade events +### FacilitatorTelemetry.DCATDownload + +This event indicates whether devices received additional or critical supplemental content during an OS Upgrade, to help keep Windows up-to-date and secure. + + + +### FacilitatorTelemetry.InitializeDU + +This event determines whether devices received additional or critical supplemental content during an OS upgrade. + + + ### Setup360Telemetry.Downlevel This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure. @@ -4865,7 +5132,7 @@ The following fields are available: - **RebootReason** Reason for the reboot. -## Microsoft Store events +## Windows Store events ### Microsoft.Windows.Store.Partner.ReportApplication @@ -5623,17 +5890,17 @@ This event indicates that a scan for a Windows Update occurred. The following fields are available: -- **deferReason** Reason why the device could not check for updates. -- **detectionBlockreason** Reason for detection not completing. +- **deferReason** The reason why the device could not check for updates. +- **detectionBlockreason** The reason detection did not complete. - **detectionDeferreason** A log of deferral reasons for every update state. -- **errorCode** The returned error code. +- **errorCode** The error code returned for the current process. - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **flightID** The specific ID of the Windows Insider build the device is getting. -- **interactive** Indicates whether the session was user initiated. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. +- **interactive** Indicates whether the user initiated the session. +- **revisionNumber** The Update revision number. +- **updateId** The unique identifier of the Update. +- **updateScenarioType** Identifies the type of update session being performed. +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.Download @@ -5696,7 +5963,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** The specific ID of the Windows Insider build the device is getting. +- **flightID** The ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5741,14 +6008,26 @@ This event is sent after a Windows update install completes. The following fields are available: -- **batteryLevel** Current battery capacity in mWh or percentage left. -- **bundleId** Identifier associated with the specific content bundle. +- **batteryLevel** Current battery capacity in megawatt-hours (mWh) or percentage left. +- **bundleId** The unique identifier associated with the specific content bundle. - **bundleRevisionnumber** Identifies the revision number of the content bundle. - **errorCode** The error code returned for the current phase. - **eventScenario** State of update action. -- **flightID** Unique update ID. +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. - **sessionType** The Windows Update session type (Interactive or Background). -- **wuDeviceid** Unique device ID used by Windows Update. +- **wuDeviceid** The unique device identifier used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged + +This event is sent when the options in power menu changed, usually due to an update pending reboot, or after a update is installed. + +The following fields are available: + +- **powermenuNewOptions** The new options after the power menu changed. +- **powermenuOldOptions** The old options before the power menu changed. +- **rebootPendingMinutes** If the power menu changed because a reboot is pending due to a update, this indicates how long that reboot has been pending. +- **wuDeviceid** The device ID recorded by Windows Update if the power menu changed because a reboot is pending due to an update. ### Microsoft.Windows.Update.Orchestrator.PreShutdownStart @@ -5953,7 +6232,7 @@ The following fields are available: - **revisionNumber** Revision number of the OS. - **scheduledRebootTime** Time scheduled for the reboot. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique device ID used by Windows Update. +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.ToastDisplayedToScheduleReboot @@ -5985,12 +6264,44 @@ The following fields are available: ## Windows Update mitigation events +### Mitigation360Telemetry.MitigationCustom.CleanupSafeOsImages + +This event sends data specific to the CleanupSafeOsImages mitigation used for OS Updates. + +The following fields are available: + +- **ClientId** The client ID used by Windows Update. +- **FlightId** The ID of each Windows Insider build the device received. +- **InstanceId** A unique device ID that identifies each update instance. +- **MitigationScenario** The update scenario in which the mitigation was executed. +- **MountedImageCount** The number of mounted images. +- **MountedImageMatches** The number of mounted image matches. +- **MountedImagesFailed** The number of mounted images that could not be removed. +- **MountedImagesRemoved** The number of mounted images that were successfully removed. +- **MountedImagesSkipped** The number of mounted images that were not found. +- **RelatedCV** The correlation vector value generated from the latest USO scan. +- **Result** HResult of this operation. +- **ScenarioId** ID indicating the mitigation scenario. +- **ScenarioSupported** Indicates whether the scenario was supported. +- **SessionId** Unique value for each update attempt. +- **UpdateId** Unique ID for each Windows Update. +- **WuId** Unique ID for the Windows Update client. + + ### Mitigation360Telemetry.MitigationCustom.FixupEditionId This event sends data specific to the FixupEditionId mitigation used for OS Updates. +## Windows Update Reserve Manager events + +### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. + + + ## Winlogon events ### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md index 63376e03ed..27fcd87f88 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md @@ -7,9 +7,13 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high +audience: ITPro author: brianlic-msft ms.author: brianlic -ms.date: 12/13/2018 +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 02/15/2019 --- @@ -46,15 +50,14 @@ Invalid Signature - This event is superseded by an event that contains additiona The following fields are available: -- **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS4** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceDevicePnp_RS4** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. +- **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device. @@ -62,26 +65,24 @@ The following fields are available: - **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS4** The count of the number of this particular object type present on this device. +- **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device. -- **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. -- **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **PCFP** An ID for the system, calculated by hashing hardware identifiers. -- **SystemMemory** The count of SystemMemory objects present on this machine. +- **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. -- **SystemProcessorPrefetchW** The count of SystemProcessorPrefetchW objects present on this machine. +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. - **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. -- **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of SystemWim objects present on this machine. -- **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of the number of this particular object type present on this device. -- **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. +- **SystemTouch** The count of the number of this particular object type present on this device. +- **SystemWim** The total number of objects of this type present on this device. +- **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. +- **SystemWlan** The total number of objects of this type present on this device. - **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device. @@ -506,7 +507,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd -This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -625,6 +626,7 @@ The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. - **Blocking** Is the device blocked from upgrade due to a BIOS block? +- **DisplayGenericMessageGated** Indicates whether a generic offer block message will be shown for the bios. - **HasBiosBlock** Does the device have a BIOS block? @@ -885,6 +887,7 @@ The following fields are available: - **AppraiserVersion** The version of the Appraiser file generating the events. - **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. - **PCFP** An ID for the system calculated by hashing hardware identifiers. +- **Subcontext** Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan. - **Time** The client time of the event. @@ -1339,7 +1342,7 @@ The following fields are available: - **AppraiserTaskExitCode** The Appraiser task exist code. - **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** Retrieves which version of Internet Explorer is running on this device. +- **IEVersion** The version of Internet Explorer that is running on the device. ### Census.Battery @@ -1539,20 +1542,20 @@ Provides information on several important data points about Processor settings The following fields are available: -- **KvaShadow** Microcode info of the processor. +- **KvaShadow** This is the micro code information of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. -- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. The complete list of values can be found in DimProcessorArchitecture. -- **ProcessorClockSpeed** Retrieves the clock speed of the processor in MHz. -- **ProcessorCores** Retrieves the number of cores in the processor. -- **ProcessorIdentifier** The processor identifier of a manufacturer. -- **ProcessorManufacturer** Retrieves the name of the processor's manufacturer. -- **ProcessorModel** Retrieves the name of the processor model. +- **ProcessorArchitecture** Retrieves the processor architecture of the installed operating system. +- **ProcessorClockSpeed** Clock speed of the processor in MHz. +- **ProcessorCores** Number of logical cores in the processor. +- **ProcessorIdentifier** Processor Identifier of a manufacturer. +- **ProcessorManufacturer** Name of the processor manufacturer. +- **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Retrieves the processor architecture of the installed operating system. +- **ProcessorUpdateRevision** The microcode revision. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status -- **SocketCount** Number of physical CPU sockets of the machine. -- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. +- **SocketCount** Count of CPU sockets. +- **SpeculationControl** Indicates whether the system has enabled protections needed to validate the speculation control vulnerability. ### Census.Security @@ -2016,6 +2019,81 @@ The following fields are available: - **WDDMVersion** The Windows Display Driver Model version. +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **securityLevelForStorage** The cluster parameter: security level for storage. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + ## Fault Reporting events ### Microsoft.Windows.FaultReporting.AppCrashEvent @@ -2367,35 +2445,35 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. -- **Class** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. -- **ClassGuid** A unique identifier for the driver installed. -- **COMPID** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). -- **ContainerId** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **Description** The version of the inventory binary generating the events. -- **DeviceState** The current error code for the device. -- **DriverId** A unique identifier for the driver installed. -- **DriverName** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). +- **BusReportedDescription** The description of the device reported by the bus. +- **Class** The device setup class of the driver loaded for the device. +- **ClassGuid** The device class unique identifier of the driver package loaded on the device. +- **COMPID** The list of “Compatible IDs” for this device. +- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. +- **Description** The description of the device. +- **DeviceState** Identifies the current state of the parent (main) device. +- **DriverId** The unique identifier for the installed driver. +- **DriverName** The file name of the installed driver image. - **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. -- **DriverVerDate** The date of the driver loaded for the device. -- **DriverVerVersion** The version of the driver loaded for the device. -- **Enumerator** The bus that enumerated the device. -- **HWID** List of hardware ids for the device. -- **Inf** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **InstallState** Device installation state. -- **InventoryVersion** The version of the inventory binary generating the events. -- **LowerClassFilters** Lower filter class drivers IDs installed for the device. -- **LowerFilters** Lower filter drivers IDs installed for the device. -- **Manufacturer** The device manufacturer. -- **MatchingID** Represents the hardware ID or compatible ID that Windows uses to install a device instance. -- **Model** The device model. -- **ParentId** Device instance id of the parent of the device. -- **ProblemCode** The current error code for the device. -- **Provider** The device provider. -- **Service** The device service name -- **STACKID** The device service name. -- **UpperClassFilters** The list of hardware ids for the stack -- **UpperFilters** Upper filter drivers IDs installed for the device +- **DriverVerDate** The date associated with the driver installed on the device. +- **DriverVerVersion** The version number of the driver installed on the device. +- **Enumerator** Identifies the bus that enumerated the device. +- **HWID** A list of hardware IDs for the device. +- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). +- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx +- **InventoryVersion** The version number of the inventory process generating the events. +- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. +- **LowerFilters** The identifiers of the Lower filters installed for the device. +- **Manufacturer** The manufacturer of the device. +- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. +- **Model** Identifies the model of the device. +- **ParentId** The Device Instance ID of the parent of the device. +- **ProblemCode** The error code currently returned by the device, if applicable. +- **Provider** Identifies the device provider. +- **Service** The name of the device service. +- **STACKID** The list of hardware IDs for the stack. +- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. +- **UpperFilters** The identifiers of the Upper filters installed for the device. ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove @@ -2543,28 +2621,29 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **AddinCLSID** The CLSID for the Office addin -- **AddInCLSID** CLSID key for the office addin -- **AddInId** Office addin ID -- **AddinType** The type of the Office addin. -- **BinFileTimestamp** Timestamp of the Office addin -- **BinFileVersion** Version of the Office addin -- **Description** Office addin description -- **FileId** FileId of the Office addin -- **FileSize** File size of the Office addin -- **FriendlyName** Friendly name for office addin -- **FullPath** Unexpanded path to the office addin -- **LoadBehavior** Uint32 that describes the load behavior -- **LoadTime** Load time for the office add in -- **OfficeApplication** The office application for this add in -- **OfficeArchitecture** Architecture of the addin -- **OfficeVersion** The office version for this add in -- **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this add in -- **ProductCompany** The name of the company associated with the Office addin -- **ProductName** The product name associated with the Office addin -- **ProductVersion** The version associated with the Office addin -- **ProgramId** The unique program identifier of the Office addin -- **Provider** Name of the provider for this addin +- **AddinCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInId** The identifier for the Microsoft Office add-in. +- **AddinType** The type of the Microsoft Office add-in. +- **BinFileTimestamp** The timestamp of the Office add-in. +- **BinFileVersion** The version of the Microsoft Office add-in. +- **Description** Description of the Microsoft Office add-in. +- **FileId** The file identifier of the Microsoft Office add-in. +- **FileSize** The file size of the Microsoft Office add-in. +- **FriendlyName** The friendly name for the Microsoft Office add-in. +- **FullPath** The full path to the Microsoft Office add-in. +- **InventoryVersion** The version of the inventory binary generating the events. +- **LoadBehavior** Integer that describes the load behavior. +- **LoadTime** Load time for the Office add-in. +- **OfficeApplication** The Microsoft Office application associated with the add-in. +- **OfficeArchitecture** The architecture of the add-in. +- **OfficeVersion** The Microsoft Office version for this add-in. +- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in. +- **ProductCompany** The name of the company associated with the Office add-in. +- **ProductName** The product name associated with the Microsoft Office add-in. +- **ProductVersion** The version associated with the Office add-in. +- **ProgramId** The unique program identifier of the Microsoft Office add-in. +- **Provider** Name of the provider for this add-in. - **Usage** Data regarding usage of the add-in. @@ -2582,6 +2661,9 @@ This event indicates that a new sync is being generated for this object type. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIdentifiersAdd @@ -2592,6 +2674,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OAudienceData** Sub-identifier for Microsoft Office release management, identifying the pilot group for a device - **OAudienceId** Microsoft Office identifier for Microsoft Office release management, identifying the pilot group for a device - **OMID** Identifier for the Office SQM Machine @@ -2607,6 +2690,9 @@ Diagnostic event to indicate a new sync is being generated for this object type This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeIESettingsAdd @@ -2617,6 +2703,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OIeFeatureAddon** Flag indicating which Microsoft Office products have this setting enabled. The FEATURE_ADDON_MANAGEMENT feature lets applications hosting the WebBrowser Control to respect add-on management selections made using the Add-on Manager feature of Internet Explorer. Add-ons disabled by the user or by administrative group policy will also be disabled in applications that enable this feature. - **OIeMachineLockdown** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_LOCALMACHINE_LOCKDOWN feature is enabled, Internet Explorer applies security restrictions on content loaded from the user's local machine, which helps prevent malicious behavior involving local files. - **OIeMimeHandling** Flag indicating which Microsoft Office products have this setting enabled. When the FEATURE_MIME_HANDLING feature control is enabled, Internet Explorer handles MIME types more securely. Only applies to Windows Internet Explorer 6 for Windows XP Service Pack 2 (SP2) @@ -2640,6 +2727,9 @@ Diagnostic event to indicate a new sync is being generated for this object type This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeInsightsAdd @@ -2650,6 +2740,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OfficeApplication** The name of the Office application. - **OfficeArchitecture** The bitness of the Office application. - **OfficeVersion** The version of the Office application. @@ -2670,6 +2761,9 @@ Diagnostic event to indicate a new sync is being generated for this object type This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeProductsAdd @@ -2680,6 +2774,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **InventoryVersion** The version of the inventory binary generating the events. - **OC2rApps** A GUID the describes the Office Click-To-Run apps - **OC2rSkus** Comma-delimited list (CSV) of Office Click-To-Run products installed on the device. For example, Office 2016 ProPlus - **OMsiApps** Comma-delimited list (CSV) of Office MSI products installed on the device. For example, Microsoft Word @@ -2692,6 +2787,9 @@ Diagnostic event to indicate a new sync is being generated for this object type This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsAdd @@ -2704,6 +2802,7 @@ The following fields are available: - **BrowserFlags** Browser flags for Office-related products - **ExchangeProviderFlags** Office Exchange provider policies +- **InventoryVersion** The version of the inventory binary generating the events. - **SharedComputerLicensing** Office Shared Computer Licensing policies @@ -2713,6 +2812,9 @@ Diagnostic event to indicate a new sync is being generated for this object type This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAAdd @@ -2779,6 +2881,9 @@ This event indicates that a new sync is being generated for this object type. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeVBAStartSync @@ -2787,6 +2892,9 @@ Diagnostic event to indicate a new sync is being generated for this object type This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). +The following fields are available: + +- **InventoryVersion** The version of the inventory binary generating the events. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousUUPInfoAdd @@ -2841,6 +2949,14 @@ The following fields are available: - **IndicatorValue** The indicator value. +### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove + +This event is a counterpart to InventoryMiscellaneousUexIndicatorAdd that indicates that the item has been removed. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + + + ### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorStartSync This event indicates that a new set of InventoryMiscellaneousUexIndicatorAdd events will be sent. @@ -3263,6 +3379,12 @@ This event indicates an error in the updater payload. This information assists i +### Microsoft.Windows.Sediment.Info.PhaseChange + +The event indicates progress made by the updater. This information assists in keeping Windows up to date. + + + ### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date. @@ -3277,6 +3399,31 @@ The following fields are available: - **Time** The system time at which the event occurred. +### Microsoft.Windows.Sediment.OSRSS.DownloadingUrl + +This event provides information about the URL from which the Operating System Remediation System Service (OSRSS) is attempting to download. This information helps ensure Windows is up to date. + +The following fields are available: + +- **AttemptNumber** The count indicating which download attempt is starting. +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which data was downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.DownloadSuccess + +This event indicates the Operating System Remediation System Service (OSRSS) successfully download data from the indicated URL. This information helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which data was downloaded. + + ### Microsoft.Windows.Sediment.OSRSS.Error This event indicates an error occurred in the Operating System Remediation System Service (OSRSS). The information provided helps ensure future upgrade/update attempts are more successful. @@ -3292,6 +3439,65 @@ The following fields are available: - **Time** The system time at which the event occurred. +### Microsoft.Windows.Sediment.OSRSS.ExeSignatureValidated + +This event indicates the Operating System Remediation System Service (OSRSS) successfully validated the signature of an EXE from the indicated URL. The information provided helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which the validated EXE was downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.ExtractSuccess + +This event indicates that the Operating System Remediation System Service (OSRSS) successfully extracted downloaded content. The information provided helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which the successfully extracted content was downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.NewUrlFound + +This event indicates the Operating System Remediation System Service (OSRSS) succeeded in finding a new URL to download from. This helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The new URL from which content will be downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.ProcessCreated + +This event indicates the Operating System Remediation System Service (OSRSS) created a new process to execute content downloaded from the indicated URL. This information helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The new URL from which content will be executed. + + +### Microsoft.Windows.Sediment.OSRSS.SelfUpdate + +This event returns metadata after Operating System Remediation System Service (OSRSS) successfully replaces itself with a new version. + +The following fields are available: + +- **ServiceVersionMajor** The major version number for the component. +- **ServiceVersionMinor** The minor version number for the component. +- **Time** The system timestamp for when the event occurred. + + ### Microsoft.Windows.Sediment.OSRSS.UrlState This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL. @@ -3306,6 +3512,107 @@ The following fields are available: - **Time** System timestamp the event was fired +### Microsoft.Windows.Sediment.ServiceInstaller.ApplicabilityCheckFailed + +This event returns data relating to the error state after one of the applicability checks for the installer component of the Operating System Remediation System Service (OSRSS) has failed. + +The following fields are available: + +- **CheckName** The name of the applicability check that failed. +- **InstallerVersion** The version information for the installer component. +- **Time** The system timestamp for when the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.AttemptingUpdate + +This event indicates the Operating System Remediation System Service (OSRSS) installer is attempting an update to itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.BinaryUpdated + +This event indicates the Operating System Remediation System Service (OSRSS) updated installer binaries with new binaries as part of its self-update process. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.InstallerLaunched + +This event indicates the Operating System Remediation System Service (OSRSS) has launched. The information provided helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.ServiceInstalled + +This event indicates the Operating System Remediation System Service (OSRSS) successfully installed the Installer Component. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.ServiceRestarted + +This event indicates the Operating System Remediation System Service (OSRSS) has restarted after installing an updated version of itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStarted + +This event indicates the Operating System Remediation System Service (OSRSS) has started after installing an updated version of itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStopped + +This event indicates the Operating System Remediation System Service (OSRSS) was stopped by a self-updated to install an updated version of itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterCompleted + +This event indicates the Operating System Remediation System Service (OSRSS) successfully completed the self-update operation. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterLaunched + +This event indicates the Operating System Remediation System Service (OSRSS) successfully launched the self-updater after downloading it. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + ### Microsoft.Windows.SedimentLauncher.Applicable Indicates whether a given plugin is applicable. @@ -3642,7 +3949,7 @@ The following fields are available: - **EventInstanceID** A unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. - **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it. -- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.) +- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.). - **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it. - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **UpdateID** A unique identifier for the action being acted upon. @@ -3708,7 +4015,7 @@ The following fields are available: - **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. - **FailedParseActions** The list of actions that were not successfully parsed. - **ParsedActions** The list of actions that were successfully parsed. -- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.) +- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.). - **WUDeviceID** The unique identifier controlled by the software distribution client. @@ -3797,50 +4104,81 @@ The following fields are available: - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. -### SoftwareUpdateClientTelemetry.Download +### SoftwareUpdateClientTelemetry.Commit -Download process event for target update on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) +This event tracks the commit process post the update installation when software update client is trying to update the device. The following fields are available: -- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. -- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. - **BiosFamily** The family of the BIOS (Basic Input Output System). - **BiosName** The name of the device BIOS. - **BiosReleaseDate** The release date of the device BIOS. - **BiosSKUNumber** The sku number of the device BIOS. - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. -- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleRevisionNumber** Identifies the revision number of the content bundle +- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client +- **ClientVersion** The version number of the software distribution client. +- **DeviceModel** What is the device model. +- **EventInstanceID** A globally unique identifier for event instance. +- **EventScenario** State of call +- **EventType** Possible values are "Child", "Bundle", or "Driver". +- **FlightId** The specific id of the flight the device is getting +- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) +- **RevisionNumber** Unique revision number of Update +- **ServerId** Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store. +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) +- **SystemBIOSMajorRelease** Major version of the BIOS. +- **SystemBIOSMinorRelease** Minor version of the BIOS. +- **UpdateId** Unique Update ID +- **WUDeviceID** UniqueDeviceID + + +### SoftwareUpdateClientTelemetry.Download + +Download process event for target update on Windows Update client (see eventscenario field for specifics, e.g.: started/failed/succeeded) + +The following fields are available: + +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. +- **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. +- **AppXDownloadScope** Indicates the scope of the download for application content. +- **BiosFamily** The family of the BIOS (Basic Input Output System). +- **BiosName** The name of the device BIOS. +- **BiosReleaseDate** The release date of the device BIOS. +- **BiosSKUNumber** The SKU number of the device BIOS. +- **BIOSVendor** The vendor of the BIOS. +- **BiosVersion** The version of the BIOS. +- **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. +- **BundleId** Identifier associated with the specific content bundle. - **BundleRepeatFailFlag** Indicates whether this particular update bundle had previously failed to download. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. +- **CachedEngineVersion** The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable. +- **CallerApplicationName** The name provided by the application that initiated API calls into the software distribution client. +- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download. - **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** ID which defines which CDN the software distribution client downloaded the content from. - **ClientVersion** The version number of the software distribution client. - **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. +- **DeviceModel** The model of the device. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. -- **DownloadType** Differentiates the download type of SIH downloads between Metadata and Payload downloads. +- **DownloadScenarioId** A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events. +- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads. - **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. +- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed. +- **EventType** Identifies the type of the event (Child, Bundle, or Driver). - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). - **FlightBuildNumber** If this download was for a flight (pre-release build), this indicates the build number of that flight. -- **FlightId** The specific ID of the flight (pre-release build) the device is getting. +- **FlightId** The specific id of the flight (pre-release build) the device is getting. - **FlightRing** The ring (speed of getting builds) that a device is on if participating in flighting (pre-release builds). - **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **HostName** The hostname URL the content is downloading from. +- **HostName** The parent URL the content is downloading from. - **IPVersion** Indicates whether the download took place over IPv4 or IPv6. - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. @@ -3851,25 +4189,25 @@ The following fields are available: - **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. - **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. +- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). -- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **RevisionNumber** The revision number of the specified piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. +- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **TargetMetadataVersion** The version of the currently downloading (or most recently downloaded) package. - **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. -- **TotalExpectedBytes** The total count of bytes that the download is expected to be. +- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. +- **TotalExpectedBytes** The total size (in Bytes) expected to be downloaded. - **UpdateId** An identifier associated with the specific piece of content. - **UpdateID** An identifier associated with the specific piece of content. -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UsedDO** Whether the download used the delivery optimization service. +- **UpdateImportance** Indicates whether the content was marked as Important, Recommended, or Optional. +- **UsedDO** Indicates whether the download used the Delivery Optimization (DO) service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. @@ -3941,14 +4279,14 @@ The following fields are available: - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. - **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. -- **BundleRepeatFailFlag** Has this particular update bundle previously failed to install? +- **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to install. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. - **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. - **ClientVersion** The version number of the software distribution client. - **CSIErrorType** The stage of CBS installation where it failed. -- **CurrentMobileOperator** Mobile operator that device is currently connected to. -- **DeviceModel** What is the device model. +- **CurrentMobileOperator** The mobile operator to which the device is currently connected. +- **DeviceModel** The device model. - **DriverPingBack** Contains information about the previous driver and system state. - **EventInstanceID** A globally unique identifier for event instance. - **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. @@ -3964,21 +4302,21 @@ The following fields are available: - **HardwareId** If this install was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. - **IntentPFNs** Intended application-set metadata for atomic update scenarios. -- **IsDependentSet** Is the driver part of a larger System Hardware/Firmware update? -- **IsFinalOutcomeEvent** Does this event signal the end of the update/upgrade process? -- **IsFirmware** Is this update a firmware update? -- **IsSuccessFailurePostReboot** Did it succeed and then fail after a restart? +- **IsDependentSet** Indicates whether the driver is part of a larger System Hardware/Firmware update. +- **IsFinalOutcomeEvent** Indicates whether this event signals the end of the update/upgrade process. +- **IsFirmware** Indicates whether this update is a firmware update. +- **IsSuccessFailurePostReboot** Indicates whether the update succeeded and then failed after a restart. - **IsWUfBDualScanEnabled** Is Windows Update for Business dual scan enabled on the device? - **IsWUfBEnabled** Indicates whether Windows Update for Business is enabled on the device. -- **MergedUpdate** Was the OS update and a BSP update merged for installation? +- **MergedUpdate** Indicates whether the OS update and a BSP update merged for installation. - **MsiAction** The stage of MSI installation where it failed. - **MsiProductCode** The unique identifier of the MSI installer. - **PackageFullName** The package name of the content being installed. - **PhonePreviewEnabled** Indicates whether a phone was getting preview build, prior to flighting being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. -- **QualityUpdatePause** Are quality OS updates paused on the device? +- **ProcessName** The process name of the caller who initiated API calls, in the event that CallerApplicationName was not provided. +- **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. - **RelatedCV** The previous Correlation Vector that was used before swapping with a new one -- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to install. +- **RepeatFailFlag** Indicates whether this specific piece of content previously failed to install. - **RevisionNumber** The revision number of this specific piece of content. - **ServiceGuid** An ID which represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). - **Setup360Phase** If the install is for an operating system upgrade, indicates which phase of the upgrade is underway. @@ -3988,8 +4326,8 @@ The following fields are available: - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TransactionCode** The ID which represents a given MSI installation -- **UpdateId** Unique update ID +- **TransactionCode** The ID that represents a given MSI installation. +- **UpdateId** Unique update ID. - **UpdateID** An identifier associated with the specific piece of content. - **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. - **UsedSystemVolume** Indicates whether the content was downloaded and then installed from the device's main system storage drive, or an alternate storage drive. @@ -4020,7 +4358,7 @@ The following fields are available: - **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. - **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. - **ExtendedStatusCode** The secondary status code of the event. -- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. +- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). @@ -4031,7 +4369,7 @@ The following fields are available: - **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. +- **SHA256OfTimestampToken** An encoded string of the timestamp token. - **SignatureAlgorithm** The hash algorithm for the metadata signature. - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. @@ -4282,6 +4620,7 @@ The following fields are available: - **FlightId** Unique ID for each flight. - **InternalFailureResult** Indicates a non-fatal error from a plugin. - **ObjectId** Unique value for each Update Agent mode (same concept as InstanceId for Setup360). +- **PackageCategoriesSkipped** Indicates package categories that were skipped, if applicable. - **PackageCountOptional** # of optional packages requested. - **PackageCountRequired** # of required packages requested. - **PackageCountTotal** Total # of packages needed. @@ -4519,36 +4858,36 @@ The following fields are available: - **CV** Correlation vector. - **DetectorVersion** Most recently run detector version for the current campaign. - **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. -- **key1** UI interaction data -- **key10** UI interaction data -- **key11** UI interaction data -- **key12** UI interaction data -- **key13** UI interaction data -- **key14** UI interaction data -- **key15** UI interaction data -- **key16** UI interaction data -- **key17** UI interaction data -- **key18** UI interaction data -- **key19** UI interaction data -- **key2** UI interaction data -- **key20** UI interaction data -- **key21** UI interaction data -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data -- **key27** UI interaction data -- **key28** UI interaction data -- **key29** UI interaction data -- **key3** UI interaction data -- **key30** UI interaction data -- **key4** UI interaction data -- **key5** UI interaction data -- **key6** UI interaction data -- **key7** UI interaction data -- **key8** UI interaction data -- **key9** UI interaction data +- **key1** UI interaction data. +- **key10** UI interaction data. +- **key11** UI interaction data. +- **key12** UI interaction data. +- **key13** UI interaction data. +- **key14** UI interaction data. +- **key15** UI interaction data. +- **key16** UI interaction data. +- **key17** UI interaction data. +- **key18** UI interaction data. +- **key19** UI interaction data. +- **key2** UI interaction data. +- **key20** UI interaction data. +- **key21** UI interaction data. +- **key22** UI interaction data. +- **key23** UI interaction data. +- **key24** The interaction data for the user interface. +- **key25** The interaction data for the user interface. +- **key26** The interaction data for the user interface. +- **key27** The interaction data for the user interface. +- **key28** The interaction data for the user interface. +- **key29** UI interaction data. +- **key3** UI interaction data. +- **key30** UI interaction data. +- **key4** UI interaction data. +- **key5** UI interaction data. +- **key6** UI interaction data. +- **key7** UI interaction data. +- **key8** UI interaction data. +- **key9** UI interaction data. - **PackageVersion** Current package version of the update notification. - **schema** UI interaction type. @@ -4643,6 +4982,12 @@ This event indicates whether devices received additional or critical supplementa +### FacilitatorTelemetry.InitializeDU + +This event determines whether devices received additional or critical supplemental content during an OS upgrade. + + + ### Setup360Telemetry.Downlevel This event sends data indicating that the device has started the downlevel phase of the upgrade, to help keep Windows up-to-date and secure. @@ -4734,6 +5079,7 @@ This event sends data indicating that the device has invoked the predownload qui The following fields are available: - **ClientId** Using Windows Update, this will be the Windows Update client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. +- **FlightData** Unique value that identifies the flight. - **HostOSBuildNumber** The build number of the previous OS. - **HostOsSkuName** The OS edition which is running Setup360 instance (previous operating system). - **InstanceId** A unique GUID that identifies each instance of setuphost.exe. @@ -4848,6 +5194,17 @@ This event sends a summary of all the setup mitigations available for this updat This event collects information regarding the post reboot phase of the new UUP (Unified Update Platform) update scenario; which is leveraged by both Mobile and Desktop. +The following fields are available: + +- **ClientId** The Windows Update client ID passed to Setup. +- **Count** The count of applicable OneSettings for the device. +- **FlightData** The ID for the flight (test instance version). +- **InstanceId** The GUID (Globally-Unique ID) that identifies each instance of setuphost.exe. +- **Parameters** The set of name value pair parameters sent to OneSettings to determine if there are any applicable OneSettings. +- **ReportId** The Update ID passed to Setup. +- **Result** The HResult of the event error. +- **ScenarioId** The update scenario ID. +- **Values** Values sent back to the device, if applicable. ### Setup360Telemetry.UnexpectedEvent @@ -4908,17 +5265,17 @@ This event provides the results from the WaaSMedic engine The following fields are available: - **detectionSummary** Result of each applicable detection that was run. -- **featureAssessmentImpact** WaaS Assessment impact for feature updates. +- **featureAssessmentImpact** Windows as a Service (WaaS) Assessment impact on feature updates - **hrEngineResult** Indicates the WaaSMedic engine operation error codes -- **insufficientSessions** Device not eligible for diagnostics. -- **isManaged** Device is managed for updates. -- **isWUConnected** Device is connected to Windows Update. -- **noMoreActions** No more applicable diagnostics. -- **qualityAssessmentImpact** WaaS Assessment impact for quality updates. +- **insufficientSessions** True, if the device has enough activity to be eligible for update diagnostics. False, if otherwise +- **isManaged** Indicates the device is managed for updates +- **isWUConnected** Indicates the device is connected to Windows Update +- **noMoreActions** All available WaaSMedic diagnostics have run. There are no pending diagnostics and corresponding actions +- **qualityAssessmentImpact** Windows as a Service (WaaS) Assessment impact for quality updates - **remediationSummary** Result of each operation performed on a device to fix an invalid state or configuration that's preventing the device from getting updates. For example, if Windows Update service is turned off, the fix is to turn the it back on. -- **usingBackupFeatureAssessment** Relying on backup feature assessment. -- **usingBackupQualityAssessment** Relying on backup quality assessment. -- **versionString** Version of the WaaSMedic engine. +- **usingBackupFeatureAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup feature assessments, which are determined programmatically on the client +- **usingBackupQualityAssessment** The WaaSMedic engine contacts Windows as a Service (WaaS) Assessment to determine whether the device is up-to-date. If WaaS Assessment isn't available, the engine falls back to backup quality assessments, which are determined programmatically on the client +- **versionString** Installed version of the WaaSMedic engine ## Windows Error Reporting events @@ -4941,7 +5298,7 @@ The following fields are available: - **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson). -## Microsoft Store events +## Windows Store events ### Microsoft.Windows.Store.Partner.ReportApplication @@ -5446,7 +5803,7 @@ The following fields are available: - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. - **cdnUrl** The URL of the source CDN. -- **clientTelId** A random number used for device sampling. +- **clientTelId** Random number used for device selection - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. @@ -5579,14 +5936,14 @@ This event collects information regarding the install phase of the new device ma The following fields are available: -- **errorCode** The error code returned for the current install phase -- **flightId** The unique identifier for each flight -- **objectId** Unique value for each Update Agent mode -- **relatedCV** Correlation vector value generated from the latest scan -- **result** Result of the install phase of update. 0 = Succeeded 1 = Failed, 2 = Cancelled, 3 = Blocked, 4 = BlockCancelled +- **errorCode** The error code returned for the current install phase. +- **flightId** The unique identifier for each flight (pre-release builds). +- **objectId** Unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest scan. +- **result** Outcome of the install phase of the update. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionId** Unique value for each Update Agent mode attempt -- **updateId** Unique ID for each update +- **sessionId** Unique value for each update session. +- **updateId** Unique ID for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart @@ -5595,13 +5952,13 @@ This event sends data for the start of each mode during the process of updating The following fields are available: -- **flightId** The unique identifier for each flight -- **mode** Indicates that the Update Agent mode that has started. 1 = Initialize, 2 = DownloadRequest, 3 = Install, 4 = Commit -- **objectId** Unique value for each Update Agent mode -- **relatedCV** Correlation vector value generated from the latest scan +- **flightId** The unique identifier for each flight (pre-release builds). +- **mode** Indicates the active Update Agent mode. +- **objectId** Unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest scan. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate -- **sessionId** Unique value for each Update Agent mode attempt -- **updateId** Unique ID for each update +- **sessionId** The unique identifier for each update session. +- **updateId** The unique identifier for each Update. ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed @@ -5610,6 +5967,18 @@ This event indicates that a notification dialog box is about to be displayed to +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog + +This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. + + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog + +This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed. + + + ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootRebootFailedDialog This event indicates that the Enhanced Engaged restart "restart failed" dialog box was displayed. @@ -5622,6 +5991,18 @@ This event indicates that the Enhanced Engaged restart "restart imminent" dialog +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootSecondReminderDialog + +This event indicates that the second reminder dialog box was displayed for Enhanced Engaged restart. + + + +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootThirdReminderDialog + +This event indicates that the third reminder dialog box for Enhanced Engaged restart was displayed. + + + ### Microsoft.Windows.Update.NotificationUx.RebootScheduled Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. @@ -5646,6 +6027,12 @@ This event indicates a policy is present that may restrict update activity to ou +### Microsoft.Windows.Update.Orchestrator.AttemptImmediateReboot + +This event sends data when the Windows Update Orchestrator is set to reboot immediately after installing the update. + + + ### Microsoft.Windows.Update.Orchestrator.BlockedByActiveHours This event indicates that update activity was blocked because it is within the active hours window. @@ -5680,17 +6067,17 @@ This event indicates that a scan for a Windows Update occurred. The following fields are available: -- **deferReason** Reason why the device could not check for updates. -- **detectionBlockreason** Reason for detection not completing. +- **deferReason** The reason why the device could not check for updates. +- **detectionBlockreason** The reason detection did not complete. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** The returned error code. +- **errorCode** The error code returned for the current process. - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **flightID** The specific ID of the Windows Insider build the device is getting. -- **interactive** Indicates whether the session was user initiated. -- **revisionNumber** Update revision number. -- **updateId** Update ID. -- **updateScenarioType** Device ID -- **wuDeviceid** Unique device ID used by Windows Update. +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. +- **interactive** Indicates whether the user initiated the session. +- **revisionNumber** The Update revision number. +- **updateId** The unique identifier of the Update. +- **updateScenarioType** Identifies the type of update session being performed. +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -5780,7 +6167,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** The specific ID of the Windows Insider build the device is getting. +- **flightID** The ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -5826,15 +6213,21 @@ This event is sent after a Windows update install completes. The following fields are available: -- **batteryLevel** Current battery capacity in mWh or percentage left. -- **bundleId** Identifier associated with the specific content bundle. +- **batteryLevel** Current battery capacity in megawatt-hours (mWh) or percentage left. +- **bundleId** The unique identifier associated with the specific content bundle. - **bundleRevisionnumber** Identifies the revision number of the content bundle. - **errorCode** The error code returned for the current phase. - **eventScenario** State of update action. -- **flightID** Update session type +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. - **sessionType** The Windows Update session type (Interactive or Background). -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **updateScenarioType** Identifies the type of Update session being performed. +- **wuDeviceid** The unique device identifier used by Windows Update. + + +### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged + +This event is sent when the options in power menu changed, usually due to an update pending reboot, or after a update is installed. + ### Microsoft.Windows.Update.Orchestrator.PreShutdownStart @@ -6055,7 +6448,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique device ID used by Windows Update. +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -6101,24 +6494,32 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **ClientId** The client ID used by Windows Update. +- **FlightId** The ID of each Windows Insider build the device received. +- **InstanceId** A unique device ID that identifies each update instance. - **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **MountedImageCount** The number of mounted images. +- **MountedImageMatches** The number of mounted image matches. +- **MountedImagesFailed** The number of mounted images that could not be removed. +- **MountedImagesRemoved** The number of mounted images that were successfully removed. +- **MountedImagesSkipped** The number of mounted images that were not found. +- **RelatedCV** The correlation vector value generated from the latest USO scan. - **Result** HResult of this operation. - **ScenarioId** ID indicating the mitigation scenario. - **ScenarioSupported** Indicates whether the scenario was supported. - **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each Windows Update. - **WuId** Unique ID for the Windows Update client. +## Windows Update Reserve Manager events + +### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. + + + ## Winlogon events ### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md index c8a8b09e66..e3c6418b17 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md @@ -7,9 +7,13 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high +audience: ITPro author: brianlic-msft ms.author: brianlic -ms.date: 12/13/2018 +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 02/15/2019 --- @@ -47,55 +51,55 @@ This event lists the types of objects and how many of each exist on the client d The following fields are available: - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. +- **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS5** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. +- **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS5** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. - **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. -- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. +- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. - **DatasourceSystemBios_RS5** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS5Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device. +- **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS5** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. -- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device. +- **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS5** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. -- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. - **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. - **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. - **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. -- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device. +- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. - **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. -- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. - **DecisionSystemBios_RS5** The total DecisionSystemBios objects targeting the next release of Windows on this device. -- **DecisionSystemBios_RS5Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS5Setup** The count of the number of this particular object type present on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. -- **InventoryLanguagePack** The count of InventoryLanguagePack objects present on this machine. +- **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. @@ -104,15 +108,15 @@ The following fields are available: - **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of SystemProcessorNx objects present on this machine. -- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of SystemProcessorSse2 objects present on this machine. +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. +- **SystemProcessorSse2** The total number of objects of this type present on this device. - **SystemTouch** The count of SystemTouch objects present on this machine. -- **SystemWim** The count of SystemWim objects present on this machine. +- **SystemWim** The total number of objects of this type present on this device. - **SystemWindowsActivationStatus** The count of SystemWindowsActivationStatus objects present on this machine. -- **SystemWlan** The count of SystemWlan objects present on this machine. +- **SystemWlan** The total number of objects of this type present on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. +- **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS5** The count of the number of this particular object type present on this device. @@ -540,7 +544,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd -This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1223,6 +1227,12 @@ The following fields are available: - **WindowsNotActivatedDecision** Is the current operating system activated? +### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusEndSync + +This event indicates that a full set of SystemWindowsActivationStatusAdd events has succeeded in being sent. + + + ### Microsoft.Windows.Appraiser.General.SystemWindowsActivationStatusRemove This event indicates that the SystemWindowsActivationStatus object is no longer present. @@ -1377,7 +1387,7 @@ The following fields are available: - **AppraiserTaskExitCode** The Appraiser task exist code. - **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** IE version running on the device. +- **IEVersion** The version of Internet Explorer that is running on the device. ### Census.Battery @@ -1578,7 +1588,7 @@ Provides information on several important data points about Processor settings The following fields are available: -- **KvaShadow** Microcode info of the processor. +- **KvaShadow** This is the micro code information of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. - **PreviousUpdateRevision** Previous microcode revision. @@ -1589,10 +1599,10 @@ The following fields are available: - **ProcessorManufacturer** Name of the processor manufacturer. - **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision +- **ProcessorUpdateRevision** The microcode revision. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status. - **SocketCount** Count of CPU sockets. -- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. +- **SpeculationControl** Indicates whether the system has enabled protections needed to validate the speculation control vulnerability. ### Census.Security @@ -2844,6 +2854,81 @@ The following fields are available: - **WDDMVersion** The Windows Display Driver Model version. +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **securityLevelForStorage** The cluster parameter: security level for storage. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + ## Fault Reporting events ### Microsoft.Windows.FaultReporting.AppCrashEvent @@ -3015,6 +3100,17 @@ The following fields are available: - **ProgramIds** The unique program identifier the driver is associated with. +### Microsoft.Windows.Inventory.Core.InventoryApplicationDriverStartSync + +The InventoryApplicationDriverStartSync event indicates that a new set of InventoryApplicationDriverStartAdd events will be sent. + +This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). + +The following fields are available: + +- **InventoryVersion** The version of the inventory component. + + ### Microsoft.Windows.Inventory.Core.InventoryApplicationFrameworkAdd This event provides the basic metadata about the frameworks an application may depend on. @@ -3191,35 +3287,35 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BusReportedDescription** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. -- **Class** A unique identifier for the driver installed. -- **ClassGuid** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). -- **COMPID** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **ContainerId** The version of the inventory binary generating the events. -- **Description** The current error code for the device. -- **DeviceState** The device description. -- **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present -- **DriverName** A unique identifier for the driver installed. -- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage -- **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). +- **BusReportedDescription** The description of the device reported by the bus. +- **Class** The device setup class of the driver loaded for the device. +- **ClassGuid** The device class unique identifier of the driver package loaded on the device. +- **COMPID** The list of “Compatible IDs” for this device. +- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. +- **Description** The description of the device. +- **DeviceState** Identifies the current state of the parent (main) device. +- **DriverId** The unique identifier for the installed driver. +- **DriverName** The name of the driver image file. +- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. +- **DriverVerDate** The date associated with the driver loaded on the device. - **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage. -- **Enumerator** The date of the driver loaded for the device. -- **HWID** The version of the driver loaded for the device. -- **Inf** The bus that enumerated the device. -- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx -- **InventoryVersion** List of hardware ids for the device. -- **LowerClassFilters** Lower filter class drivers IDs installed for the device -- **LowerFilters** Lower filter drivers IDs installed for the device -- **Manufacturer** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **MatchingID** Device installation state. -- **Model** The version of the inventory binary generating the events. -- **ParentId** Lower filter class drivers IDs installed for the device. -- **ProblemCode** Lower filter drivers IDs installed for the device. -- **Provider** The device manufacturer. -- **Service** The device service name -- **STACKID** Represents the hardware ID or compatible ID that Windows uses to install a device instance. -- **UpperClassFilters** Upper filter drivers IDs installed for the device -- **UpperFilters** The device model. +- **Enumerator** Identifies the bus that enumerated the device. +- **HWID** A list of hardware IDs for the device. +- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). +- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx +- **InventoryVersion** The version number of the inventory process generating the events. +- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. +- **LowerFilters** The identifiers of the Lower filters installed for the device. +- **Manufacturer** The manufacturer of the device. +- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. +- **Model** Identifies the model of the device. +- **ParentId** The Device Instance ID of the parent of the device. +- **ProblemCode** The error code currently returned by the device, if applicable. +- **Provider** Identifies the device provider. +- **Service** The name of the device service. +- **STACKID** The list of hardware IDs for the stack. +- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. +- **UpperFilters** The identifiers of the Upper filters installed for the device. ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove @@ -3367,29 +3463,29 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **AddinCLSID** The CLSID for the Office addin -- **AddInCLSID** CLSID key for the office addin -- **AddInId** Office addin ID -- **AddinType** The type of the Office addin. -- **BinFileTimestamp** Timestamp of the Office addin -- **BinFileVersion** Version of the Office addin -- **Description** Office addin description -- **FileId** FileId of the Office addin -- **FileSize** File size of the Office addin -- **FriendlyName** Friendly name for office addin -- **FullPath** Unexpanded path to the office addin +- **AddinCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInId** The identifier for the Microsoft Office add-in. +- **AddinType** The type of the Microsoft Office add-in. +- **BinFileTimestamp** The timestamp of the Office add-in. +- **BinFileVersion** The version of the Microsoft Office add-in. +- **Description** Description of the Microsoft Office add-in. +- **FileId** The file identifier of the Microsoft Office add-in. +- **FileSize** The file size of the Microsoft Office add-in. +- **FriendlyName** The friendly name for the Microsoft Office add-in. +- **FullPath** The full path to the Microsoft Office add-in. - **InventoryVersion** The version of the inventory binary generating the events. -- **LoadBehavior** Uint32 that describes the load behavior +- **LoadBehavior** Integer that describes the load behavior. - **LoadTime** Load time for the office addin -- **OfficeApplication** The office application for this addin -- **OfficeArchitecture** Architecture of the addin -- **OfficeVersion** The office version for this addin -- **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this addin -- **ProductCompany** The name of the company associated with the Office addin -- **ProductName** The product name associated with the Office addin -- **ProductVersion** The version associated with the Office addin -- **ProgramId** The unique program identifier of the Office addin -- **Provider** Name of the provider for this addin +- **OfficeApplication** The Microsoft Office application associated with the add-in. +- **OfficeArchitecture** The architecture of the add-in. +- **OfficeVersion** The Microsoft Office version for this add-in. +- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in. +- **ProductCompany** The name of the company associated with the Office add-in. +- **ProductName** The product name associated with the Microsoft Office add-in. +- **ProductVersion** The version associated with the Office add-in. +- **ProgramId** The unique program identifier of the Microsoft Office add-in. +- **Provider** Name of the provider for this add-in. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove @@ -3785,6 +3881,81 @@ The following fields are available: - **UptimeDeltaMS** Total time (in milliseconds) added to Uptime since the last event +## Miracast events + +### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd + +This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session + +The following fields are available: + +- **AudioChannelCount** The number of audio channels. +- **AudioSampleRate** The sample rate of audio in terms of samples per second. +- **AudioSubtype** The unique subtype identifier of the audio codec (encoding method) used for audio encoding. +- **AverageBitrate** The average video bitrate used during the Miracast session, in bits per second. +- **AverageDataRate** The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second. +- **AveragePacketSendTimeInMs** The average time required for the network to send a sample, in milliseconds. +- **ConnectorType** The type of connector used during the Miracast session. +- **EncodeAverageTimeMS** The average time to encode a frame of video, in milliseconds. +- **EncodeCount** The count of total frames encoded in the session. +- **EncodeMaxTimeMS** The maximum time to encode a frame, in milliseconds. +- **EncodeMinTimeMS** The minimum time to encode a frame, in milliseconds. +- **EncoderCreationTimeInMs** The time required to create the video encoder, in milliseconds. +- **ErrorSource** Identifies the component that encountered an error that caused a disconnect, if applicable. +- **FirstFrameTime** The time (tick count) when the first frame is sent. +- **FirstLatencyMode** The first latency mode. +- **FrameAverageTimeMS** Average time to process an entire frame, in milliseconds. +- **FrameCount** The total number of frames processed. +- **FrameMaxTimeMS** The maximum time required to process an entire frame, in milliseconds. +- **FrameMinTimeMS** The minimum time required to process an entire frame, in milliseconds. +- **Glitches** The number of frames that failed to be delivered on time. +- **HardwareCursorEnabled** Indicates if hardware cursor was enabled when the connection ended. +- **HDCPState** The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended. +- **HighestBitrate** The highest video bitrate used during the Miracast session, in bits per second. +- **HighestDataRate** The highest available bandwidth reported by the WiFi driver, in bits per second. +- **LastLatencyMode** The last reported latency mode. +- **LastLatencyTime** The last reported latency time. +- **LogTimeReference** The reference time, in tick counts. +- **LowestBitrate** The lowest video bitrate used during the Miracast session, in bits per second. +- **LowestDataRate** The lowest video bitrate used during the Miracast session, in bits per second. +- **MediaErrorCode** The error code reported by the media session, if applicable. +- **MiracastEntry** The time (tick count) when the Miracast driver was first loaded. +- **MiracastM1** The time (tick count) when the M1 request was sent. +- **MiracastM2** The time (tick count) when the M2 request was sent. +- **MiracastM3** The time (tick count) when the M3 request was sent. +- **MiracastM4** The time (tick count) when the M4 request was sent. +- **MiracastM5** The time (tick count) when the M5 request was sent. +- **MiracastM6** The time (tick count) when the M6 request was sent. +- **MiracastM7** The time (tick count) when the M7 request was sent. +- **MiracastSessionState** The state of the Miracast session when the connection ended. +- **MiracastStreaming** The time (tick count) when the Miracast session first started processing frames. +- **ProfileCount** The count of profiles generated from the receiver M4 response. +- **ProfileCountAfterFiltering** The count of profiles after filtering based on available bandwidth and encoder capabilities. +- **RefreshRate** The refresh rate set on the remote display. +- **RotationSupported** Indicates if the Miracast receiver supports display rotation. +- **RTSPSessionId** The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session. +- **SessionGuid** The unique identifier of to correlate various Miracast events from a session. +- **SinkHadEdid** Indicates if the Miracast receiver reported an EDID. +- **SupportMicrosoftColorSpaceConversion** Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver. +- **SupportsMicrosoftDiagnostics** Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension. +- **SupportsMicrosoftFormatChange** Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension. +- **SupportsMicrosoftLatencyManagement** Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension. +- **SupportsMicrosoftRTCP** Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension. +- **SupportsMicrosoftVideoFormats** Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution. +- **SupportsWiDi** Indicates whether Miracast receiver supports Intel WiDi extensions. +- **TeardownErrorCode** The error code reason for teardown provided by the receiver, if applicable. +- **TeardownErrorReason** The text string reason for teardown provided by the receiver, if applicable. +- **UIBCEndState** Indicates whether UIBC was enabled when the connection ended. +- **UIBCEverEnabled** Indicates whether UIBC was ever enabled. +- **UIBCStatus** The result code reported by the UIBC setup process. +- **VideoBitrate** The starting bitrate for the video encoder. +- **VideoCodecLevel** The encoding level used for encoding, specific to the video subtype. +- **VideoHeight** The height of encoded video frames. +- **VideoSubtype** The unique subtype identifier of the video codec (encoding method) used for video encoding. +- **VideoWidth** The width of encoded video frames. +- **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol. + + ## OneDrive events ### Microsoft.OneDrive.Sync.Setup.APIOperation @@ -3920,10 +4091,10 @@ Event tells us effectiveness of new privacy experience. The following fields are available: -- **isAdmin** Whether the current user is an administrator or not +- **isAdmin** whether the person who is logging in is an admin - **isLaunching** Whether or not the privacy consent experience will be launched -- **isSilentElevation** Whether the current user has enabled silent elevation -- **privacyConsentState** The current state of the privacy consent experience +- **isSilentElevation** whether the user has most restrictive UAC controls +- **privacyConsentState** whether the user has completed privacy experience - **userRegionCode** The current user's region setting @@ -4227,6 +4398,17 @@ This event indicates an error in the updater payload. This information assists i +### Microsoft.Windows.Sediment.Info.PhaseChange + +The event indicates progress made by the updater. This information assists in keeping Windows up to date. + +The following fields are available: + +- **NewPhase** The phase of progress made. +- **ReleaseVer** The version information for the component in which the change occurred. +- **Time** The system time at which the phase chance occurred. + + ### Microsoft.Windows.Sediment.OSRSS.CheckingOneSettings This event indicates the parameters that the Operating System Remediation System Service (OSRSS) uses for a secure ping to Microsoft to help ensure Windows is up to date. @@ -4241,6 +4423,31 @@ The following fields are available: - **Time** The system time at which the event occurred. +### Microsoft.Windows.Sediment.OSRSS.DownloadingUrl + +This event provides information about the URL from which the Operating System Remediation System Service (OSRSS) is attempting to download. This information helps ensure Windows is up to date. + +The following fields are available: + +- **AttemptNumber** The count indicating which download attempt is starting. +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which data was downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.DownloadSuccess + +This event indicates the Operating System Remediation System Service (OSRSS) successfully download data from the indicated URL. This information helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which data was downloaded. + + ### Microsoft.Windows.Sediment.OSRSS.Error This event indicates an error occurred in the Operating System Remediation System Service (OSRSS). The information provided helps ensure future upgrade/update attempts are more successful. @@ -4256,6 +4463,65 @@ The following fields are available: - **Time** The system time at which the event occurred. +### Microsoft.Windows.Sediment.OSRSS.ExeSignatureValidated + +This event indicates the Operating System Remediation System Service (OSRSS) successfully validated the signature of an EXE from the indicated URL. The information provided helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which the validated EXE was downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.ExtractSuccess + +This event indicates that the Operating System Remediation System Service (OSRSS) successfully extracted downloaded content. The information provided helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The URL from which the successfully extracted content was downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.NewUrlFound + +This event indicates the Operating System Remediation System Service (OSRSS) succeeded in finding a new URL to download from. This helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The new URL from which content will be downloaded. + + +### Microsoft.Windows.Sediment.OSRSS.ProcessCreated + +This event indicates the Operating System Remediation System Service (OSRSS) created a new process to execute content downloaded from the indicated URL. This information helps ensure Windows is up to date. + +The following fields are available: + +- **ServiceVersionMajor** The Major version information of the component. +- **ServiceVersionMinor** The Minor version information of the component. +- **Time** The system time at which the event occurred. +- **Url** The new URL from which content will be executed. + + +### Microsoft.Windows.Sediment.OSRSS.SelfUpdate + +This event returns metadata after Operating System Remediation System Service (OSRSS) successfully replaces itself with a new version. + +The following fields are available: + +- **ServiceVersionMajor** The major version number for the component. +- **ServiceVersionMinor** The minor version number for the component. +- **Time** The system timestamp for when the event occurred. + + ### Microsoft.Windows.Sediment.OSRSS.UrlState This event indicates the state the Operating System Remediation System Service (OSRSS) is in while attempting a download from the URL. @@ -4270,6 +4536,66 @@ The following fields are available: - **Time** System timestamp when the event was started. +### Microsoft.Windows.Sediment.ServiceInstaller.AttemptingUpdate + +This event indicates the Operating System Remediation System Service (OSRSS) installer is attempting an update to itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.BinaryUpdated + +This event indicates the Operating System Remediation System Service (OSRSS) updated installer binaries with new binaries as part of its self-update process. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.ServiceRestarted + +This event indicates the Operating System Remediation System Service (OSRSS) has restarted after installing an updated version of itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.ServiceStopped + +This event indicates the Operating System Remediation System Service (OSRSS) was stopped by a self-updated to install an updated version of itself. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterCompleted + +This event indicates the Operating System Remediation System Service (OSRSS) successfully completed the self-update operation. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + +### Microsoft.Windows.Sediment.ServiceInstaller.UpdaterLaunched + +This event indicates the Operating System Remediation System Service (OSRSS) successfully launched the self-updater after downloading it. This information helps ensure Windows is up to date. + +The following fields are available: + +- **InstallerVersion** The version information of the Installer component. +- **Time** The system time at which the event occurred. + + ### Microsoft.Windows.SedimentLauncher.Applicable Indicates whether a given plugin is applicable. @@ -4293,6 +4619,7 @@ Indicates whether a given plugin has completed its work. The following fields are available: - **CV** Correlation vector. +- **FailedReasons** Concatenated list of failure reasons. - **GlobalEventCounter** Client side counter which indicates ordering of events sent by this user. - **PackageVersion** Current package version of Remediation. - **PluginName** Name of the plugin specified for each generic plugin event. @@ -4480,30 +4807,6 @@ The following fields are available: ## SIH events -### SIHEngineTelemetry.EvalApplicability - -This event is sent when targeting logic is evaluated to determine if a device is eligible for a given action. - -The following fields are available: - -- **ActionReasons** If an action has been assessed as inapplicable, the additional logic prevented it. -- **AdditionalReasons** If an action has been assessed as inapplicable, the additional logic prevented it. -- **CachedEngineVersion** The engine DLL version that is being used. -- **EventInstanceID** A unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. -- **HandlerReasons** If an action has been assessed as inapplicable, the installer technology-specific logic prevented it. -- **IsExecutingAction** If the action is presently being executed. -- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.) -- **SihclientVersion** The client version that is being used. -- **StandardReasons** If an action has been assessed as inapplicable, the standard logic the prevented it. -- **StatusCode** Result code of the event (success, cancellation, failure code HResult). -- **UpdateID** A unique identifier for the action being acted upon. -- **WuapiVersion** The Windows Update API version that is currently installed. -- **WuaucltVersion** The Windows Update client version that is currently installed. -- **WuauengVersion** The Windows Update engine version that is currently installed. -- **WUDeviceID** The unique identifier controlled by the software distribution client. - - ### SIHEngineTelemetry.SLSActionData This event reports if the SIH client was able to successfully parse the manifest describing the actions to be evaluated. @@ -4515,7 +4818,7 @@ The following fields are available: - **EventScenario** Indicates the purpose of sending this event – whether because the software distribution just started checking for content, or whether it was cancelled, succeeded, or failed. - **FailedParseActions** The list of actions that were not successfully parsed. - **ParsedActions** The list of actions that were successfully parsed. -- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.) +- **ServiceGuid** A unique identifier that represents which service the software distribution client is connecting to (SIH, Windows Update, Microsoft Store, etc.). - **SihclientVersion** The client version that is being used. - **WuapiVersion** The Windows Update API version that is currently installed. - **WuaucltVersion** The Windows Update client version that is currently installed. @@ -4631,7 +4934,7 @@ The following fields are available: - **FlightId** The specific id of the flight the device is getting - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) - **SystemBIOSMajorRelease** Major release version of the system bios - **SystemBIOSMinorRelease** Minor release version of the system bios - **UpdateId** Identifier associated with the specific piece of content @@ -4644,32 +4947,32 @@ Download process event for target update on Windows Update client. See EventScen The following fields are available: -- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. +- **AppXDownloadScope** Indicates the scope of the download for application content. - **BiosFamily** The family of the BIOS (Basic Input Output System). - **BiosName** The name of the device BIOS. - **BiosReleaseDate** The release date of the device BIOS. -- **BiosSKUNumber** The sku number of the device BIOS. +- **BiosSKUNumber** The SKU number of the device BIOS. - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. - **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle. - **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. +- **CallerApplicationName** The name provided by the application that initiated API calls into the software distribution client. +- **CbsDownloadMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. - **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** ID which defines which CDN the software distribution client downloaded the content from. - **ClientVersion** The version number of the software distribution client. - **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. +- **DeviceModel** The model of the device. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **DownloadScenarioId** A unique ID for a given download used to tie together WU and DO events. +- **DownloadScenarioId** A unique ID for a given download, used to tie together Windows Update and Delivery Optimizer events. - **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. +- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed. +- **EventType** Identifies the type of the event (Child, Bundle, or Driver). - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). @@ -4679,35 +4982,35 @@ The following fields are available: - **HandlerType** Indicates what kind of content is being downloaded (app, driver, windows patch, etc.). - **HardwareId** If this download was for a driver targeted to a particular device model, this ID indicates the model of the device. - **HomeMobileOperator** The mobile operator that the device was originally intended to work with. -- **HostName** The hostname URL the content is downloading from. +- **HostName** The parent URL the content is downloading from. - **IPVersion** Indicates whether the download took place over IPv4 or IPv6. - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) +- **NetworkCostBitMask** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." - **PackageFullName** The package name of the content. - **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **ProcessName** The process name of the application that initiated API calls, in the event where CallerApplicationName was not provided. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. - **RegulationReason** The reason that the update is regulated -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. +- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. - **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). -- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. +- **RevisionNumber** The revision number of the specified piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. +- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. - **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. -- **TotalExpectedBytes** The total count of bytes that the download is expected to be. +- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. +- **TotalExpectedBytes** The total size (in Bytes) expected to be downloaded. - **UpdateId** An identifier associated with the specific piece of content. -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UsedDO** Whether the download used the delivery optimization service. +- **UpdateImportance** Indicates whether the content was marked as Important, Recommended, or Optional. +- **UsedDO** Whether the download used the Delivery Optimization (DO) service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. @@ -4855,24 +5158,24 @@ The following fields are available: - **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. - **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. - **ExtendedStatusCode** The secondary status code of the event. -- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. +- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. - **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce -- **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **MetadataSignature** Base64 string of the signature associated with the update metadata (specified by revision id) +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. -- **RevisionId** The revision ID for a specific piece of content. -- **RevisionNumber** The revision number for a specific piece of content. +- **RevisionId** Identifies the revision of this specific piece of content +- **RevisionNumber** Identifies the revision number of this specific piece of content - **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. -- **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** A base64-encoded string of hash of the timestamp token blob. -- **SignatureAlgorithm** The hash algorithm for the metadata signature. +- **SHA256OfLeafCertPublicKey** Base64 encoding of hash of the Base64CertData in the FragmentSigning data of leaf certificate. +- **SHA256OfTimestampToken** An encoded string of the timestamp token. +- **SignatureAlgorithm** Hash algorithm for the metadata signature - **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast - **StatusCode** The status code of the event. - **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. - **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. -- **UpdateId** The update ID for a specific piece of content. +- **UpdateId** Identifier associated with the specific piece of content - **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. @@ -5169,36 +5472,36 @@ The following fields are available: - **CV** Correlation vector. - **DetectorVersion** Most recently run detector version for the current campaign. - **GlobalEventCounter** Client side counter that indicates the ordering of events sent by this user. -- **key1** UI interaction data -- **key10** UI interaction data -- **key11** UI interaction data -- **key12** UI interaction data -- **key13** UI interaction data -- **key14** UI interaction data -- **key15** UI interaction data -- **key16** UI interaction data -- **key17** UI interaction data -- **key18** UI interaction data -- **key19** UI interaction data -- **key2** UI interaction data -- **key20** UI interaction data -- **key21** UI interaction data -- **key22** UI interaction data -- **key23** UI interaction data -- **key24** UI interaction data -- **key25** UI interaction data -- **key26** UI interaction data -- **key27** UI interaction data -- **key28** UI interaction data -- **key29** UI interaction data -- **key3** UI interaction data -- **key30** UI interaction data -- **key4** UI interaction data -- **key5** UI interaction data -- **key6** UI interaction data -- **key7** UI interaction data -- **key8** UI interaction data -- **key9** UI interaction data +- **key1** UI interaction data. +- **key10** UI interaction data. +- **key11** UI interaction data. +- **key12** UI interaction data. +- **key13** UI interaction data. +- **key14** UI interaction data. +- **key15** UI interaction data. +- **key16** UI interaction data. +- **key17** UI interaction data. +- **key18** UI interaction data. +- **key19** UI interaction data. +- **key2** UI interaction data. +- **key20** UI interaction data. +- **key21** UI interaction data. +- **key22** UI interaction data. +- **key23** UI interaction data. +- **key24** UI interaction data. +- **key25** UI interaction data. +- **key26** The interaction data for the user interface. +- **key27** UI interaction data. +- **key28** UI interaction data. +- **key29** UI interaction data. +- **key3** UI interaction data. +- **key30** UI interaction data. +- **key4** UI interaction data. +- **key5** UI interaction data. +- **key6** UI interaction data. +- **key7** UI interaction data. +- **key8** UI interaction data. +- **key9** UI interaction data. - **PackageVersion** Current package version of the update notification. - **schema** UI interaction type. @@ -5301,6 +5604,16 @@ The following fields are available: - **Type** Type of package that was downloaded. +### FacilitatorTelemetry.DUDownload + +This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. + +The following fields are available: + +- **PackageCategoriesFailed** Lists the categories of packages that failed to download. +- **PackageCategoriesSkipped** Lists the categories of package downloads that were skipped. + + ### FacilitatorTelemetry.InitializeDU This event determines whether devices received additional or critical supplemental content during an OS upgrade. @@ -5374,7 +5687,7 @@ The following fields are available: - **Setup360Extended** Detailed information about the phase or action when the potential failure occurred. - **Setup360Mode** The phase of Setup360. Example: Predownload, Install, Finalize, Rollback. - **Setup360Result** The result of Setup360. This is an HRESULT error code that is used to diagnose errors. -- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT. +- **Setup360Scenario** The Setup360 flow type. Example: Boot, Media, Update, MCT - **SetupVersionBuildNumber** The build number of Setup360 (build number of target OS). - **State** Exit state of a Setup360 run. Example: succeeded, failed, blocked, cancelled. - **TestId** ID that uniquely identifies a group of events. @@ -5516,7 +5829,7 @@ The following fields are available: - **InstanceId** Retrieves a unique identifier for each instance of a setup session. - **Operation** Facilitator’s last known operation (scan, download, etc.). - **ReportId** ID for tying together events stream side. -- **ResultCode** Result returned by setup for the entire operation. +- **ResultCode** Result returned for the entire setup operation. - **Scenario** Dynamic Update scenario (Image DU, or Setup DU). - **ScenarioId** Identifies the update scenario. - **TargetBranch** Branch of the target OS. @@ -5675,7 +5988,7 @@ The following fields are available: - **PertProb** Constant used in algorithm for randomization. -## Microsoft Store events +## Windows Store events ### Microsoft.Windows.Store.StoreActivating @@ -5947,9 +6260,9 @@ The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. - **FailedRetry** Indicates whether the installation or update retry was successful. -- **HResult** The HResult code of the operation. -- **PFN** The Package Family Name of the app that is being installed or updated. -- **ProductId** The product ID of the app that is being updated or installed. +- **HResult** Resulting HResult error/success code of this call +- **PFN** Package Family Name of the app that being installed or updated +- **ProductId** Product Id of the app that is being updated or installed ### Microsoft.Windows.StoreAgent.Telemetry.FulfillmentInitiate @@ -6114,7 +6427,7 @@ The following fields are available: - **current** Result of currency check. - **dismOperationSucceeded** Dism uninstall operation status. -- **hResult** Failure Error code. +- **hResult** Failure error code. - **oSVersion** Build number of the device. - **paused** Indicates whether the device is paused. - **rebootRequestSucceeded** Reboot Configuration Service Provider (CSP) call success status. @@ -6259,7 +6572,7 @@ The following fields are available: - **background** Indicates whether the download is happening in the background. - **bytesRequested** Number of bytes requested for the download. - **callerName** Name of the API caller. -- **cdnUrl** The URL of the source CDN +- **cdnUrl** The URL of the source Content Distribution Network (CDN). - **costFlags** A set of flags representing network cost. - **deviceProfile** Identifies the usage or form factor (such as Desktop, Xbox, or VM). - **diceRoll** Random number used for determining if a client will use peering. @@ -6334,21 +6647,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. +- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system. +- **missingUpdateCount** The number of updates in the device manifest that are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. +- **publishedCount** The number of drivers packages delivered by the device manifest that are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. +- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. +- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** The unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -6419,11 +6732,11 @@ This event collects information regarding the install phase of the new device ma The following fields are available: - **errorCode** The error code returned for the current install phase. -- **flightId** Unique ID for each flight. +- **flightId** The unique identifier for each flight (pre-release builds). - **objectId** Unique value for each diagnostics session. -- **relatedCV** Correlation vector value generated from the latest USO scan. +- **relatedCV** Correlation vector value generated from the latest scan. - **result** Outcome of the install phase of the update. -- **scenarioId** Indicates the update scenario. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate - **sessionId** Unique value for each update session. - **updateId** Unique ID for each Update. @@ -6434,13 +6747,13 @@ This event sends data for the start of each mode during the process of updating The following fields are available: -- **flightId** Unique ID for each flight. -- **mode** The mode that is starting. +- **flightId** The unique identifier for each flight (pre-release builds). +- **mode** Indicates the active Update Agent mode. - **objectId** Unique value for each diagnostics session. -- **relatedCV** Correlation vector value generated from the latest USO scan. -- **scenarioId** Indicates the update scenario. -- **sessionId** Unique value for each update session. -- **updateId** Unique ID for each Update. +- **relatedCV** Correlation vector value generated from the latest scan. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate +- **sessionId** The unique identifier for each update session. +- **updateId** The unique identifier for each Update. ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed @@ -6565,6 +6878,22 @@ The following fields are available: - **UtcTime** The time that dialog box was displayed, in Coordinated Universal Time. +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderDialog + +This event returns information relating to the Enhanced Engaged reboot reminder dialog that was displayed. + +The following fields are available: + +- **DeviceLocalTime** The time at which the reboot reminder dialog was shown (based on the local device time settings). +- **ETag** The OneSettings versioning value. +- **ExitCode** Indicates how users exited the reboot reminder dialog box. +- **RebootVersion** The version of the DTE (Direct-to-Engaged). +- **UpdateId** The ID of the update that is waiting for reboot to finish installation. +- **UpdateRevision** The revision of the update that is waiting for reboot to finish installation. +- **UserResponseString** The option chosen by the user on the reboot dialog box. +- **UtcTime** The time at which the reboot reminder dialog was shown (in UTC). + + ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootSecondReminderDialog This event indicates that the second reminder dialog box was displayed for Enhanced Engaged restart. @@ -6597,6 +6926,12 @@ The following fields are available: - **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedSecondRebootReminderDialog + +This event is sent when a second reminder dialog is displayed during Enhanced Engaged Reboot. + + + ### Microsoft.Windows.Update.NotificationUx.RebootScheduled Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. @@ -6671,7 +7006,7 @@ The following fields are available: - **displayNeededReason** List of reasons for needing display. - **eventScenario** Indicates the purpose of the event (scan started, succeeded, failed, etc.). -- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery).. +- **filteredDeferReason** Applicable filtered reasons why reboot was postponed (such as user active, or low battery). - **gameModeReason** Name of the executable that caused the game mode state check to start. - **ignoredReason** List of reasons that were intentionally ignored. - **raisedDeferReason** Indicates all potential reasons for postponing restart (such as user active, or low battery). @@ -6688,20 +7023,20 @@ This event indicates that a scan for a Windows Update occurred. The following fields are available: -- **deferReason** Reason why the device could not check for updates. -- **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** State of update action +- **deferReason** The reason why the device could not check for updates. +- **detectionBlockingPolicy** The Policy that blocked detection. +- **detectionBlockreason** The reason detection did not complete. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** Error info +- **errorCode** The error code returned for the current process. - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **flightID** The specific ID of the Windows Insider build the device is getting. -- **interactive** Indicates whether the session was user initiated. -- **networkStatus** Error info -- **revisionNumber** Update revision number. -- **scanTriggerSource** Source of the triggered scan. -- **updateId** Update ID. -- **updateScenarioType** Device ID -- **wuDeviceid** Device ID +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. +- **interactive** Indicates whether the user initiated the session. +- **networkStatus** Indicates if the device is connected to the internet. +- **revisionNumber** The Update revision number. +- **scanTriggerSource** The source of the triggered scan. +- **updateId** The unique identifier of the Update. +- **updateScenarioType** Identifies the type of update session being performed. +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -6785,7 +7120,7 @@ This event is sent during update scan, download, or install, and indicates that The following fields are available: -- **configVersion** Escalation config version on device. +- **configVersion** The escalation configuration version on the device. - **downloadElapsedTime** Indicates how long since the download is required on device. - **downloadRiskLevel** At-risk level of download phase. - **installElapsedTime** Indicates how long since the install is required on device. @@ -6861,7 +7196,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** Unique update ID +- **flightID** The ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **installCommitfailedtime** The time it took for a reboot to happen but the upgrade failed to progress. @@ -6907,15 +7242,15 @@ This event is sent after a Windows update install completes. The following fields are available: -- **batteryLevel** Current battery capacity in mWh or percentage left. -- **bundleId** Identifier associated with the specific content bundle. +- **batteryLevel** Current battery capacity in megawatt-hours (mWh) or percentage left. +- **bundleId** The unique identifier associated with the specific content bundle. - **bundleRevisionnumber** Identifies the revision number of the content bundle. - **errorCode** The error code returned for the current phase. - **eventScenario** State of update action. -- **flightID** The flight ID of the device +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. - **sessionType** The Windows Update session type (Interactive or Background). -- **updateScenarioType** The update session type. -- **wuDeviceid** Unique device ID used by Windows Update. +- **updateScenarioType** Identifies the type of Update session being performed. +- **wuDeviceid** The unique device identifier used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.PowerMenuOptionsChanged @@ -7188,7 +7523,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique DeviceID +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerFirstReadyToReboot @@ -7234,21 +7569,21 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **ClientId** The client ID used by Windows Update. +- **FlightId** The ID of each Windows Insider build the device received. +- **InstanceId** A unique device ID that identifies each update instance. - **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **MountedImageCount** The number of mounted images. +- **MountedImageMatches** The number of mounted image matches. +- **MountedImagesFailed** The number of mounted images that could not be removed. +- **MountedImagesRemoved** The number of mounted images that were successfully removed. +- **MountedImagesSkipped** The number of mounted images that were not found. +- **RelatedCV** The correlation vector value generated from the latest USO scan. - **Result** HResult of this operation. - **ScenarioId** ID indicating the mitigation scenario. - **ScenarioSupported** Indicates whether the scenario was supported. - **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each Windows Update. - **WuId** Unique ID for the Windows Update client. @@ -7297,6 +7632,38 @@ The following fields are available: - **WuId** Unique ID for the Windows Update client. +## Windows Update Reserve Manager events + +### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. + + + +### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError + +This event is sent when the Update Reserve Manager returns an error from one of its internal functions. + + + +### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization + +This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. + + + +### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. + + + +### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. + + + ## Winlogon events ### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md index 639c8005ed..8916790a12 100644 --- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md +++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md @@ -7,9 +7,13 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security localizationpriority: high +audience: ITPro author: brianlic-msft ms.author: brianlic -ms.date: 12/13/2018 +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 02/15/2019 --- @@ -306,7 +310,7 @@ The following fields are available: - **DatasourceApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS1** An ID for the system, calculated by hashing hardware identifiers. - **DatasourceApplicationFile_RS2** An ID for the system, calculated by hashing hardware identifiers. -- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **DatasourceApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS4** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS4Setup** The count of the number of this particular object type present on this device. - **DatasourceApplicationFile_RS5** The count of the number of this particular object type present on this device. @@ -317,8 +321,8 @@ The following fields are available: - **DatasourceDevicePnp_19H1** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS1** The total DataSourceDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DatasourceDevicePnp_RS2** The total DatasourceDevicePnp objects targeting Windows 10 version 1703 present on this device. -- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device. +- **DatasourceDevicePnp_RS2** The count of the number of this particular object type present on this device. +- **DatasourceDevicePnp_RS3** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS4** The count of the number of this particular object type present on this device. - **DatasourceDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. @@ -331,7 +335,7 @@ The following fields are available: - **DatasourceDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS1** The total DataSourceDriverPackage objects targeting Windows 10 version 1607 on this device. - **DatasourceDriverPackage_RS2** The total DataSourceDriverPackage objects targeting Windows 10, version 1703 on this device. -- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device. +- **DatasourceDriverPackage_RS3** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS4** The count of the number of this particular object type present on this device. - **DatasourceDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. @@ -343,8 +347,8 @@ The following fields are available: - **DataSourceMatchingInfoBlock_19H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS1** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoBlock_RS2** The total DataSourceMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. -- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoBlock_RS2** The count of the number of this particular object type present on this device. +- **DataSourceMatchingInfoBlock_RS3** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. @@ -356,7 +360,7 @@ The following fields are available: - **DataSourceMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS1** The total DataSourceMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. - **DataSourceMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. -- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoPassive_RS3** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. @@ -367,8 +371,8 @@ The following fields are available: - **DataSourceMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS1** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 present on this device. -- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. +- **DataSourceMatchingInfoPostUpgrade_RS2** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. +- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. - **DataSourceMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device. - **DataSourceMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. @@ -380,7 +384,7 @@ The following fields are available: - **DatasourceSystemBios_19H1Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS1** The total DatasourceSystemBios objects targeting Windows 10 version 1607 present on this device. - **DatasourceSystemBios_RS2** The total DatasourceSystemBios objects targeting Windows 10 version 1703 present on this device. -- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device. +- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting Windows 10 version 1709 present on this device. - **DatasourceSystemBios_RS3Setup** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS4** The count of the number of this particular object type present on this device. - **DatasourceSystemBios_RS4Setup** The count of the number of this particular object type present on this device. @@ -393,7 +397,7 @@ The following fields are available: - **DecisionApplicationFile_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS1** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS2** The count of the number of this particular object type present on this device. -- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. +- **DecisionApplicationFile_RS3** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS4** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionApplicationFile_RS5** The count of the number of this particular object type present on this device. @@ -404,8 +408,8 @@ The following fields are available: - **DecisionDevicePnp_19H1** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS1** The total DecisionDevicePnp objects targeting Windows 10 version 1607 on this device. -- **DecisionDevicePnp_RS2** The total DecisionDevicePnp objects targeting Windows 10 version 1703 present on this device. -- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device. +- **DecisionDevicePnp_RS2** The count of the number of this particular object type present on this device. +- **DecisionDevicePnp_RS3** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS3Setup** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS4** The count of the number of this particular object type present on this device. - **DecisionDevicePnp_RS4Setup** The count of the number of this particular object type present on this device. @@ -418,7 +422,7 @@ The following fields are available: - **DecisionDriverPackage_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS1** The total DecisionDriverPackage objects targeting Windows 10 version 1607 on this device. - **DecisionDriverPackage_RS2** The count of the number of this particular object type present on this device. -- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device. +- **DecisionDriverPackage_RS3** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS3Setup** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS4** The count of the number of this particular object type present on this device. - **DecisionDriverPackage_RS4Setup** The count of the number of this particular object type present on this device. @@ -431,8 +435,8 @@ The following fields are available: - **DecisionMatchingInfoBlock_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS1** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1607 present on this device. - **DecisionMatchingInfoBlock_RS2** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1703 present on this device. -- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device. -- **DecisionMatchingInfoBlock_RS4** The count of the number of this particular object type present on this device. +- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1709 present on this device. +- **DecisionMatchingInfoBlock_RS4** The total DecisionMatchingInfoBlock objects targeting Windows 10 version 1803 present on this device. - **DecisionMatchingInfoBlock_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS5** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoBlock_RS5Setup** The count of the number of this particular object type present on this device. @@ -442,8 +446,8 @@ The following fields are available: - **DecisionMatchingInfoPassive_19H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS1** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPassive_RS2** The count of the number of this particular object type present on this device. -- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoPassive_RS2** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1703 on this device. +- **DecisionMatchingInfoPassive_RS3** The total DecisionMatchingInfoPassive objects targeting Windows 10 version 1803 on this device. - **DecisionMatchingInfoPassive_RS4** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPassive_RS5** The count of the number of this particular object type present on this device. @@ -454,8 +458,8 @@ The following fields are available: - **DecisionMatchingInfoPostUpgrade_19H1** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_19H1Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS1** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1607 on this device. -- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 present on this device. -- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device. +- **DecisionMatchingInfoPostUpgrade_RS2** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1703 on this device. +- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting Windows 10 version 1709 on this device. - **DecisionMatchingInfoPostUpgrade_RS4** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionMatchingInfoPostUpgrade_RS5** The count of the number of this particular object type present on this device. @@ -467,8 +471,8 @@ The following fields are available: - **DecisionMediaCenter_19H1Setup** The total DecisionMediaCenter objects targeting the next release of Windows on this device. - **DecisionMediaCenter_RS1** The total DecisionMediaCenter objects targeting Windows 10 version 1607 present on this device. - **DecisionMediaCenter_RS2** The total DecisionMediaCenter objects targeting Windows 10 version 1703 present on this device. -- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device. -- **DecisionMediaCenter_RS4** The count of the number of this particular object type present on this device. +- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting Windows 10 version 1709 present on this device. +- **DecisionMediaCenter_RS4** The total DecisionMediaCenter objects targeting Windows 10 version 1803 present on this device. - **DecisionMediaCenter_RS4Setup** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS5** The count of the number of this particular object type present on this device. - **DecisionMediaCenter_RS5Setup** The count of the number of this particular object type present on this device. @@ -478,8 +482,8 @@ The following fields are available: - **DecisionSystemBios_19H1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_19H1Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_RS1** The total DecisionSystemBios objects targeting Windows 10 version 1607 on this device. -- **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 present on this device. -- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device. +- **DecisionSystemBios_RS2** The total DecisionSystemBios objects targeting Windows 10 version 1703 on this device. +- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting Windows 10 version 1709 on this device. - **DecisionSystemBios_RS3Setup** The count of the number of this particular object type present on this device. - **DecisionSystemBios_RS4** The total DecisionSystemBios objects targeting Windows 10 version, 1803 present on this device. - **DecisionSystemBios_RS4Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. @@ -487,6 +491,7 @@ The following fields are available: - **DecisionSystemBios_RS5Setup** The total DecisionSystemBios objects targeting the next release of Windows on this device. - **DecisionSystemBios_TH1** The count of the number of this particular object type present on this device. - **DecisionSystemBios_TH2** The count of the number of this particular object type present on this device. +- **DecisionSystemProcessor_RS2** The count of the number of this particular object type present on this device. - **DecisionTest_RS1** An ID for the system, calculated by hashing hardware identifiers. - **InventoryApplicationFile** The count of the number of this particular object type present on this device. - **InventoryDeviceContainer** A count of device container objects in cache. @@ -496,25 +501,27 @@ The following fields are available: - **InventoryLanguagePack** The count of the number of this particular object type present on this device. - **InventoryMediaCenter** The count of the number of this particular object type present on this device. - **InventorySystemBios** The count of the number of this particular object type present on this device. +- **InventorySystemMachine** The count of the number of this particular object type present on this device. +- **InventorySystemProcessor** The count of the number of this particular object type present on this device. - **InventoryTest** The count of the number of this particular object type present on this device. - **InventoryUplevelDriverPackage** The count of the number of this particular object type present on this device. - **PCFP** The count of the number of this particular object type present on this device. - **SystemMemory** The count of the number of this particular object type present on this device. - **SystemProcessorCompareExchange** The count of the number of this particular object type present on this device. - **SystemProcessorLahfSahf** The count of the number of this particular object type present on this device. -- **SystemProcessorNx** The count of the number of this particular object type present on this device. -- **SystemProcessorPrefetchW** The count of the number of this particular object type present on this device. -- **SystemProcessorSse2** The count of the number of this particular object type present on this device. +- **SystemProcessorNx** The total number of objects of this type present on this device. +- **SystemProcessorPrefetchW** The total number of objects of this type present on this device. +- **SystemProcessorSse2** The total number of objects of this type present on this device. - **SystemTouch** The count of the number of this particular object type present on this device. -- **SystemWim** The count of the number of this particular object type present on this device. +- **SystemWim** The total number of objects of this type present on this device. - **SystemWindowsActivationStatus** The count of the number of this particular object type present on this device. -- **SystemWlan** The count of the number of this particular object type present on this device. +- **SystemWlan** The total number of objects of this type present on this device. - **Wmdrm_19ASetup** The count of the number of this particular object type present on this device. - **Wmdrm_19H1** The count of the number of this particular object type present on this device. - **Wmdrm_19H1Setup** The total Wmdrm objects targeting the next release of Windows on this device. - **Wmdrm_RS1** An ID for the system, calculated by hashing hardware identifiers. -- **Wmdrm_RS2** The total Wmdrm objects targeting Windows 10 version 1703 present on this device. -- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device. +- **Wmdrm_RS2** An ID for the system, calculated by hashing hardware identifiers. +- **Wmdrm_RS3** An ID for the system, calculated by hashing hardware identifiers. - **Wmdrm_RS4** The total Wmdrm objects targeting Windows 10, version 1803 present on this device. - **Wmdrm_RS4Setup** The count of the number of this particular object type present on this device. - **Wmdrm_RS5** The count of the number of this particular object type present on this device. @@ -573,6 +580,10 @@ The following fields are available: - **ActiveNetworkConnection** Indicates whether the device is an active network device. - **AppraiserVersion** The version of the appraiser file generating the events. +- **CosDeviceRating** An enumeration that indicates if there is a driver on the target operating system. +- **CosDeviceSolution** An enumeration that indicates how a driver on the target operating system is available. +- **CosDeviceSolutionUrl** Microsoft.Windows.Appraiser.General.DatasourceDevicePnpAdd . Empty string +- **CosPopulatedFromId** The expected uplevel driver matching ID based on driver coverage data. - **IsBootCritical** Indicates whether the device boot is critical. - **UplevelInboxDriver** Indicates whether there is a driver uplevel for this device. - **WuDriverCoverage** Indicates whether there is a driver uplevel for this device, according to Windows Update. @@ -870,6 +881,7 @@ The following fields are available: - **DriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? - **DriverIsDeviceBlocked** Was the driver package was blocked because of a device block? - **DriverIsDriverBlocked** Is the driver package blocked because of a driver block? +- **DriverIsTroubleshooterBlocked** Indicates whether the driver package is blocked because of a troubleshooter block. - **DriverShouldNotMigrate** Should the driver package be migrated during upgrade? - **SdbDriverBlockOverridden** Does the driver package have an SDB block that blocks it from migrating, but that block has been overridden? @@ -937,7 +949,7 @@ The following fields are available: ### Microsoft.Windows.Appraiser.General.DecisionMatchingInfoPassiveAdd -This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up-to-date. +This event sends compatibility decision data about non-blocking entries on the system that are not keyed by either applications or devices, to help keep Windows up to date. This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). @@ -1320,6 +1332,7 @@ The following fields are available: - **AppraiserBranch** The source branch in which the currently running version of Appraiser was built. - **AppraiserProcess** The name of the process that launched Appraiser. - **AppraiserVersion** The version of the Appraiser file generating the events. +- **CensusId** A unique hardware identifier. - **Context** Indicates what mode Appraiser is running in. Example: Setup or Telemetry. - **PCFP** An ID for the system calculated by hashing hardware identifiers. - **Subcontext** Indicates what categories of incompatibilities appraiser is scanning for. Can be N/A, Resolve, or a semicolon-delimited list that can include App, Dev, Sys, Gat, or Rescan. @@ -1780,7 +1793,7 @@ The following fields are available: - **AppraiserTaskExitCode** The Appraiser task exist code. - **AppraiserTaskLastRun** The last runtime for the Appraiser task. - **CensusVersion** The version of Census that generated the current data for this device. -- **IEVersion** IE version running on the device. +- **IEVersion** The version of Internet Explorer that is running on the device. ### Census.Battery @@ -1989,18 +2002,14 @@ The following fields are available: - **AdvertisingId** Current state of the advertising ID setting. - **AppDiagnostics** Current state of the app diagnostics setting. - **Appointments** Current state of the calendar setting. -- **AppointmentsSystem** Current state of the calendar setting. - **Bluetooth** Current state of the Bluetooth capability setting. - **BluetoothSync** Current state of the Bluetooth sync capability setting. - **BroadFileSystemAccess** Current state of the broad file system access setting. - **CellularData** Current state of the cellular data capability setting. - **Chat** Current state of the chat setting. -- **ChatSystem** Current state of the chat setting. - **Contacts** Current state of the contacts setting. -- **ContactsSystem** Current state of the Contacts setting. - **DocumentsLibrary** Current state of the documents library setting. - **Email** Current state of the email setting. -- **EmailSystem** Current state of the email setting. - **FindMyDevice** Current state of the "find my device" setting. - **GazeInput** Current state of the gaze input setting. - **HumanInterfaceDevice** Current state of the human interface device setting. @@ -2012,7 +2021,6 @@ The following fields are available: - **Microphone** Current state of the microphone setting. - **PhoneCall** Current state of the phone call setting. - **PhoneCallHistory** Current state of the call history setting. -- **PhoneCallHistorySystem** Current state of the call history setting. - **PicturesLibrary** Current state of the pictures library setting. - **Radios** Current state of the radios setting. - **SensorsCustom** Current state of the custom sensor setting. @@ -2022,7 +2030,6 @@ The following fields are available: - **USB** Current state of the USB setting. - **UserAccountInformation** Current state of the account information setting. - **UserDataTasks** Current state of the tasks setting. -- **UserDataTasksSystem** Current state of the tasks setting. - **UserNotificationListener** Current state of the notifications setting. - **VideosLibrary** Current state of the videos library setting. - **Webcam** Current state of the camera setting. @@ -2035,7 +2042,7 @@ Provides information on several important data points about Processor settings The following fields are available: -- **KvaShadow** Microcode info of the processor. +- **KvaShadow** This is the micro code information of the processor. - **MMSettingOverride** Microcode setting of the processor. - **MMSettingOverrideMask** Microcode setting override of the processor. - **PreviousUpdateRevision** Previous microcode revision @@ -2046,10 +2053,10 @@ The following fields are available: - **ProcessorManufacturer** Name of the processor manufacturer. - **ProcessorModel** Name of the processor model. - **ProcessorPhysicalCores** Number of physical cores in the processor. -- **ProcessorUpdateRevision** Microcode revision +- **ProcessorUpdateRevision** The microcode revision. - **ProcessorUpdateStatus** Enum value that represents the processor microcode load status - **SocketCount** Count of CPU sockets. -- **SpeculationControl** If the system has enabled protections needed to validate the speculation control vulnerability. +- **SpeculationControl** Indicates whether the system has enabled protections needed to validate the speculation control vulnerability. ### Census.Security @@ -2097,6 +2104,7 @@ The following fields are available: - **PrimaryDiskTotalCapacity** Retrieves the amount of disk space on the primary disk of the device in MB. - **PrimaryDiskType** Retrieves an enumerator value of type STORAGE_BUS_TYPE that indicates the type of bus to which the device is connected. This should be used to interpret the raw device properties at the end of this structure (if any). +- **StorageReservePassedPolicy** Indicates whether the Storage Reserve policy, which ensures that updates have enough disk space and customers are on the latest OS, is enabled on this device. - **SystemVolumeTotalCapacity** Retrieves the size of the partition that the System volume is installed on in MB. @@ -2159,18 +2167,14 @@ The following fields are available: - **AdvertisingId** Current state of the advertising ID setting. - **AppDiagnostics** Current state of the app diagnostics setting. - **Appointments** Current state of the calendar setting. -- **AppointmentsSystem** Current state of the calendar setting. - **Bluetooth** Current state of the Bluetooth capability setting. - **BluetoothSync** Current state of the Bluetooth sync capability setting. - **BroadFileSystemAccess** Current state of the broad file system access setting. - **CellularData** Current state of the cellular data capability setting. - **Chat** Current state of the chat setting. -- **ChatSystem** Current state of the chat setting. - **Contacts** Current state of the contacts setting. -- **ContactsSystem** Current state of the contacts setting. - **DocumentsLibrary** Current state of the documents library setting. - **Email** Current state of the email setting. -- **EmailSystem** Current state of the email setting. - **GazeInput** Current state of the gaze input setting. - **HumanInterfaceDevice** Current state of the human interface device setting. - **InkTypeImprovement** Current state of the improve inking and typing setting. @@ -2182,7 +2186,6 @@ The following fields are available: - **Microphone** Current state of the microphone setting. - **PhoneCall** Current state of the phone call setting. - **PhoneCallHistory** Current state of the call history setting. -- **PhoneCallHistorySystem** Current state of the call history setting. - **PicturesLibrary** Current state of the pictures library setting. - **Radios** Current state of the radios setting. - **SensorsCustom** Current state of the custom sensor setting. @@ -2192,7 +2195,6 @@ The following fields are available: - **USB** Current state of the USB setting. - **UserAccountInformation** Current state of the account information setting. - **UserDataTasks** Current state of the tasks setting. -- **UserDataTasksSystem** Current state of the tasks setting. - **UserNotificationListener** Current state of the notifications setting. - **VideosLibrary** Current state of the videos library setting. - **Webcam** Current state of the camera setting. @@ -2542,6 +2544,42 @@ The following fields are available: - **transactionCanceled** Indicates whether the uninstall was cancelled. +### CbsServicingProvider.CbsQualityUpdateInstall + +This event reports on the performance and reliability results of installing Servicing content from Windows Update to keep Windows up to date. + +The following fields are available: + +- **buildVersion** The build version number of the update package. +- **clientId** The name of the application requesting the optional content. +- **corruptionHistoryFlags** A bitmask of the types of component store corruption that have caused update failures on the device. +- **corruptionType** An enumeration listing the type of data corruption responsible for the current update failure. +- **currentStateEnd** The final state of the package after the operation has completed. +- **doqTimeSeconds** The time in seconds spent updating drivers. +- **executeTimeSeconds** The number of seconds required to execute the install. +- **failureDetails** The driver or installer that caused the update to fail. +- **failureSourceEnd** An enumeration indicating at what phase of the update a failure occurred. +- **hrStatusEnd** The return code of the install operation. +- **initiatedOffline** A true or false value indicating whether the package was installed into an offline Windows Imaging Format (WIM) file. +- **majorVersion** The major version number of the update package. +- **minorVersion** The minor version number of the update package. +- **originalState** The starting state of the package. +- **overallTimeSeconds** The time (in seconds) to perform the overall servicing operation. +- **planTimeSeconds** The time in seconds required to plan the update operations. +- **poqTimeSeconds** The time in seconds processing file and registry operations. +- **postRebootTimeSeconds** The time (in seconds) to do startup processing for the update. +- **preRebootTimeSeconds** The time (in seconds) between execution of the installation and the reboot. +- **primitiveExecutionContext** An enumeration indicating at what phase of shutdown or startup the update was installed. +- **rebootCount** The number of reboots required to install the update. +- **rebootTimeSeconds** The time (in seconds) before startup processing begins for the update. +- **resolveTimeSeconds** The time in seconds required to resolve the packages that are part of the update. +- **revisionVersion** The revision version number of the update package. +- **rptTimeSeconds** The time in seconds spent executing installer plugins. +- **shutdownTimeSeconds** The time (in seconds) required to do shutdown processing for the update. +- **stackRevision** The revision number of the servicing stack. +- **stageTimeSeconds** The time (in seconds) required to stage all files that are part of the update. + + ## Deployment extensions ### DeploymentTelemetry.Deployment_End @@ -2609,7 +2647,7 @@ The following fields are available: - **AcDcStateAtLastShutdown** Identifies if the device was on battery or plugged in. - **BatteryLevelAtLastShutdown** The last recorded battery level. - **BatteryPercentageAtLastShutdown** The battery percentage at the last shutdown. -- **CrashDumpEnabled** Are crash dumps enabled? +- **CrashDumpEnabled** Indicates whether crash dumps are enabled. - **CumulativeCrashCount** Cumulative count of operating system crashes since the BootId reset. - **CurrentBootId** BootId at the time the abnormal shutdown event was being reported. - **Firmwaredata->ResetReasonEmbeddedController** The reset reason that was supplied by the firmware. @@ -2630,36 +2668,36 @@ The following fields are available: - **LastBugCheckVersion** The version of the information struct written during the crash. - **LastSuccessfullyShutdownBootId** BootId of the last fully successful shutdown. - **LongPowerButtonPressDetected** Identifies if the user was pressing and holding power button. -- **OOBEInProgress** Identifies if OOBE is running. +- **OOBEInProgress** Identifies if the Out-Of-Box-Experience is running. - **OSSetupInProgress** Identifies if the operating system setup is running. -- **PowerButtonCumulativePressCount** How many times has the power button been pressed? -- **PowerButtonCumulativeReleaseCount** How many times has the power button been released? -- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record power button metrics. -- **PowerButtonLastPressBootId** BootId of the last time the power button was pressed. -- **PowerButtonLastPressTime** Date and time of the last time the power button was pressed. -- **PowerButtonLastReleaseBootId** BootId of the last time the power button was released. -- **PowerButtonLastReleaseTime** Date and time of the last time the power button was released. +- **PowerButtonCumulativePressCount** Indicates the number of times the power button has been pressed ("pressed" not to be confused with "released"). +- **PowerButtonCumulativeReleaseCount** Indicates the number of times the power button has been released ("released" not to be confused with "pressed"). +- **PowerButtonErrorCount** Indicates the number of times there was an error attempting to record Power Button metrics (e.g.: due to a failure to lock/update the bootstat file). +- **PowerButtonLastPressBootId** BootId of the last time the Power Button was detected to have been pressed ("pressed" not to be confused with "released"). +- **PowerButtonLastPressTime** Date/time of the last time the Power Button was pressed ("pressed" not to be confused with "released"). +- **PowerButtonLastReleaseBootId** The Boot ID of the last time the Power Button was released ("released" not to be confused with "pressed"). +- **PowerButtonLastReleaseTime** The date and time the Power Button was most recently released ("released" not to be confused with "pressed"). - **PowerButtonPressCurrentCsPhase** Represents the phase of Connected Standby exit when the power button was pressed. - **PowerButtonPressIsShutdownInProgress** Indicates whether a system shutdown was in progress at the last time the power button was pressed. -- **PowerButtonPressLastPowerWatchdogStage** Progress while the monitor is being turned on. +- **PowerButtonPressLastPowerWatchdogStage** The last stage completed when the Power Button was most recently pressed. - **PowerButtonPressPowerWatchdogArmed** Indicates whether or not the watchdog for the monitor was active at the time of the last power button press. - **ShutdownDeviceType** Identifies who triggered a shutdown. Is it because of battery, thermal zones, or through a Kernel API. - **SleepCheckpoint** Provides the last checkpoint when there is a failure during a sleep transition. - **SleepCheckpointSource** Indicates whether the source is the EFI variable or bootstat file. - **SleepCheckpointStatus** Indicates whether the checkpoint information is valid. - **StaleBootStatData** Identifies if the data from bootstat is stale. -- **TransitionInfoBootId** BootId of the captured transition info. -- **TransitionInfoCSCount** l number of times the system transitioned from Connected Standby mode. -- **TransitionInfoCSEntryReason** Indicates the reason the device last entered Connected Standby mode. -- **TransitionInfoCSExitReason** Indicates the reason the device last exited Connected Standby mode. -- **TransitionInfoCSInProgress** At the time the last marker was saved, the system was in or entering Connected Standby mode. -- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp, +- **TransitionInfoBootId** The Boot ID of the captured transition information. +- **TransitionInfoCSCount** The total number of times the system transitioned from "Connected Standby" mode to "On" when the last marker was saved. +- **TransitionInfoCSEntryReason** Indicates the reason the device last entered "Connected Standby" mode ("entered" not to be confused with "exited"). +- **TransitionInfoCSExitReason** Indicates the reason the device last exited "Connected Standby" mode ("exited" not to be confused with "entered"). +- **TransitionInfoCSInProgress** Indicates whether the system was in or entering Connected Standby mode when the last marker was saved. +- **TransitionInfoLastReferenceTimeChecksum** The checksum of TransitionInfoLastReferenceTimestamp. - **TransitionInfoLastReferenceTimestamp** The date and time that the marker was last saved. - **TransitionInfoLidState** Describes the state of the laptop lid. -- **TransitionInfoPowerButtonTimestamp** The date and time of the last time the power button was pressed. -- **TransitionInfoSleepInProgress** At the time the last marker was saved, the system was in or entering sleep mode. -- **TransitionInfoSleepTranstionsToOn** Total number of times the device transitioned from sleep mode. -- **TransitionInfoSystemRunning** At the time the last marker was saved, the device was running. +- **TransitionInfoPowerButtonTimestamp** The most recent date and time when the Power Button was pressed (collected via a different mechanism than PowerButtonLastPressTime). +- **TransitionInfoSleepInProgress** Indicates whether the system was in or entering Sleep mode when the last marker was saved. +- **TransitionInfoSleepTranstionsToOn** The total number of times the system transitioned from Sleep mode to on, when the last marker was saved. +- **TransitionInfoSystemRunning** Indicates whether the system was running when the last marker was saved. - **TransitionInfoSystemShutdownInProgress** Indicates whether a device shutdown was in progress when the power button was pressed. - **TransitionInfoUserShutdownInProgress** Indicates whether a user shutdown was in progress when the power button was pressed. - **TransitionLatestCheckpointId** Represents a unique identifier for a checkpoint during the device state transition. @@ -3369,6 +3407,7 @@ The following fields are available: - **GPUVendorID** The GPU vendor ID. - **InterfaceId** The GPU interface ID. - **IsDisplayDevice** Does the GPU have displaying capabilities? +- **IsHwSchSupported** Indicates whether the adapter supports hardware scheduling. - **IsHybridDiscrete** Does the GPU have discrete GPU capabilities in a hybrid device? - **IsHybridIntegrated** Does the GPU have integrated GPU capabilities in a hybrid device? - **IsLDA** Is the GPU comprised of Linked Display Adapters? @@ -3382,6 +3421,7 @@ The following fields are available: - **IsSoftwareDevice** Is this a software implementation of the GPU? - **KMDFilePath** The file path to the location of the Display Kernel Mode Driver in the Driver Store. - **MeasureEnabled** Is the device listening to MICROSOFT_KEYWORD_MEASURES? +- **MsHybridDiscrete** Indicates whether the adapter is a discrete adapter in a hybrid configuration. - **NumVidPnSources** The number of supported display output sources. - **NumVidPnTargets** The number of supported display output targets. - **SharedSystemMemoryB** The amount of system memory shared by GPU and CPU (in bytes). @@ -3393,6 +3433,81 @@ The following fields are available: - **WDDMVersion** The Windows Display Driver Model version. +## Failover Clustering events + +### Microsoft.Windows.Server.FailoverClusteringCritical.ClusterSummary2 + +This event returns information about how many resources and of what type are in the server cluster. This data is collected to keep Windows Server safe, secure, and up to date. The data includes information about whether hardware is configured correctly, if the software is patched correctly, and assists in preventing crashes by attributing issues (like fatal errors) to workloads and system configurations. + +The following fields are available: + +- **autoAssignSite** The cluster parameter: auto site. +- **autoBalancerLevel** The cluster parameter: auto balancer level. +- **autoBalancerMode** The cluster parameter: auto balancer mode. +- **blockCacheSize** The configured size of the block cache. +- **ClusterAdConfiguration** The ad configuration of the cluster. +- **clusterAdType** The cluster parameter: mgmt_point_type. +- **clusterDumpPolicy** The cluster configured dump policy. +- **clusterFunctionalLevel** The current cluster functional level. +- **clusterGuid** The unique identifier for the cluster. +- **clusterWitnessType** The witness type the cluster is configured for. +- **countNodesInSite** The number of nodes in the cluster. +- **crossSiteDelay** The cluster parameter: CrossSiteDelay. +- **crossSiteThreshold** The cluster parameter: CrossSiteThreshold. +- **crossSubnetDelay** The cluster parameter: CrossSubnetDelay. +- **crossSubnetThreshold** The cluster parameter: CrossSubnetThreshold. +- **csvCompatibleFilters** The cluster parameter: ClusterCsvCompatibleFilters. +- **csvIncompatibleFilters** The cluster parameter: ClusterCsvIncompatibleFilters. +- **csvResourceCount** The number of resources in the cluster. +- **currentNodeSite** The name configured for the current site for the cluster. +- **dasModeBusType** The direct storage bus type of the storage spaces. +- **downLevelNodeCount** The number of nodes in the cluster that are running down-level. +- **drainOnShutdown** Specifies whether a node should be drained when it is shut down. +- **dynamicQuorumEnabled** Specifies whether dynamic Quorum has been enabled. +- **enforcedAntiAffinity** The cluster parameter: enforced anti affinity. +- **genAppNames** The win32 service name of a clustered service. +- **genSvcNames** The command line of a clustered genapp. +- **hangRecoveryAction** The cluster parameter: hang recovery action. +- **hangTimeOut** Specifies the “hang time out” parameter for the cluster. +- **isCalabria** Specifies whether storage spaces direct is enabled. +- **isMixedMode** Identifies if the cluster is running with different version of OS for nodes. +- **isRunningDownLevel** Identifies if the current node is running down-level. +- **logLevel** Specifies the granularity that is logged in the cluster log. +- **logSize** Specifies the size of the cluster log. +- **lowerQuorumPriorityNodeId** The cluster parameter: lower quorum priority node ID. +- **minNeverPreempt** The cluster parameter: minimum never preempt. +- **minPreemptor** The cluster parameter: minimum preemptor priority. +- **netftIpsecEnabled** The parameter: netftIpsecEnabled. +- **NodeCount** The number of nodes in the cluster. +- **nodeId** The current node number in the cluster. +- **nodeResourceCounts** Specifies the number of node resources. +- **nodeResourceOnlineCounts** Specifies the number of node resources that are online. +- **numberOfSites** The number of different sites. +- **numNodesInNoSite** The number of nodes not belonging to a site. +- **plumbAllCrossSubnetRoutes** The cluster parameter: plumb all cross subnet routes. +- **preferredSite** The preferred site location. +- **privateCloudWitness** Specifies whether a private cloud witness exists for this cluster. +- **quarantineDuration** The quarantine duration. +- **quarantineThreshold** The quarantine threshold. +- **quorumArbitrationTimeout** In the event of an arbitration event, this specifies the quorum timeout period. +- **resiliencyLevel** Specifies the level of resiliency. +- **resourceCounts** Specifies the number of resources. +- **resourceTypeCounts** Specifies the number of resource types in the cluster. +- **resourceTypes** Data representative of each resource type. +- **resourceTypesPath** Data representative of the DLL path for each resource type. +- **sameSubnetDelay** The cluster parameter: same subnet delay. +- **sameSubnetThreshold** The cluster parameter: same subnet threshold. +- **secondsInMixedMode** The amount of time (in seconds) that the cluster has been in mixed mode (nodes with different operating system versions in the same cluster). +- **securityLevel** The cluster parameter: security level. +- **securityLevelForStorage** The cluster parameter: security level for storage. +- **sharedVolumeBlockCacheSize** Specifies the block cache size for shared for shared volumes. +- **shutdownTimeoutMinutes** Specifies the amount of time it takes to time out when shutting down. +- **upNodeCount** Specifies the number of nodes that are up (online). +- **useClientAccessNetworksForCsv** The cluster parameter: use client access networks for CSV. +- **vmIsolationTime** The cluster parameter: VM isolation time. +- **witnessDatabaseWriteTimeout** Specifies the timeout period for writing to the quorum witness database. + + ## Fault Reporting events ### Microsoft.Windows.FaultReporting.AppCrashEvent @@ -3409,7 +3524,6 @@ The following fields are available: - **ExceptionOffset** The address where the exception had occurred. - **Flags** Flags indicating how reporting is done. For example, queue the report, do not offer JIT debugging, or do not terminate the process after reporting. - **FriendlyAppName** The description of the app that has crashed, if different from the AppName. Otherwise, the process name. -- **IsCrashFatal** (Deprecated) True/False to indicate whether the crash resulted in process termination. - **IsFatal** True/False to indicate whether the crash resulted in process termination. - **ModName** Exception module name (e.g. bar.dll). - **ModTimeStamp** The date/time stamp of the module. @@ -3425,6 +3539,20 @@ The following fields are available: - **TargetAsId** The sequence number for the hanging process. +## Feature update events + +### Microsoft.Windows.Upgrade.Uninstall.UninstallFinalizedAndRebootTriggered + +This event indicates that the uninstall was properly configured and that a system reboot was initiated. + + + +### Microsoft.Windows.Upgrade.Uninstall.UninstallGoBackButtonClicked + +This event sends basic metadata about the starting point of uninstalling a feature update, which helps ensure customers can safely revert to a well-known state if the update caused any problems. + + + ## Hang Reporting events ### Microsoft.Windows.HangReporting.AppHangEvent @@ -3711,6 +3839,8 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: +- **audio.captureDriver** Audio device capture driver. Example: hdaudio.inf:db04a16ce4e8d6ee:HdAudModel:10.0.14887.1000:hdaudio\func_01 +- **audio.renderDriver** Audio device render driver. Example: hdaudio.inf:db04a16ce4e8d6ee:HdAudModel:10.0.14889.1001:hdaudio\func_01 - **Audio_CaptureDriver** The Audio device capture driver endpoint. - **Audio_RenderDriver** The Audio device render driver endpoint. - **InventoryVersion** The version of the inventory file generating the events. @@ -3748,34 +3878,35 @@ The following fields are available: - **BusReportedDescription** The description of the device reported by the bux. - **Class** The device setup class of the driver loaded for the device. -- **ClassGuid** The device class GUID from the driver package -- **COMPID** The device setup class guid of the driver loaded for the device. -- **ContainerId** The list of compat ids for the device. -- **Description** System-supplied GUID that uniquely groups the functional devices associated with a single-function or multifunction device installed in the computer. -- **DeviceState** The device description. -- **DriverId** DeviceState is a bitmask of the following: DEVICE_IS_CONNECTED 0x0001 (currently only for container). DEVICE_IS_NETWORK_DEVICE 0x0002 (currently only for container). DEVICE_IS_PAIRED 0x0004 (currently only for container). DEVICE_IS_ACTIVE 0x0008 (currently never set). DEVICE_IS_MACHINE 0x0010 (currently only for container). DEVICE_IS_PRESENT 0x0020 (currently always set). DEVICE_IS_HIDDEN 0x0040. DEVICE_IS_PRINTER 0x0080 (currently only for container). DEVICE_IS_WIRELESS 0x0100. DEVICE_IS_WIRELESS_FAT 0x0200. The most common values are therefore: 32 (0x20)= device is present. 96 (0x60)= device is present but hidden. 288 (0x120)= device is a wireless device that is present -- **DriverName** A unique identifier for the driver installed. -- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage -- **DriverVerDate** Name of the .sys image file (or wudfrd.sys if using user mode driver framework). -- **DriverVerVersion** The immediate parent directory name in the Directory field of InventoryDriverPackage. -- **Enumerator** The date of the driver loaded for the device. +- **ClassGuid** The device class unique identifier of the driver package loaded on the device. +- **COMPID** The list of “Compatible IDs” for this device. +- **ContainerId** The system-supplied unique identifier that specifies which group(s) the device(s) installed on the parent (main) device belong to. +- **Description** The description of the device. +- **DeviceInterfaceClasses** The device interfaces that this device implements. +- **DeviceState** Identifies the current state of the parent (main) device. +- **DriverId** The unique identifier for the installed driver. +- **DriverName** The name of the driver image file. +- **DriverPackageStrongName** The immediate parent directory name in the Directory field of InventoryDriverPackage. +- **DriverVerDate** The date associated with the driver installed on the device. +- **DriverVerVersion** The version number of the driver installed on the device. +- **Enumerator** Identifies the bus that enumerated the device. - **ExtendedInfs** The extended INF file names. -- **HWID** The version of the driver loaded for the device. -- **Inf** The bus that enumerated the device. -- **InstallState** The device installation state. One of these values: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx -- **InventoryVersion** List of hardware ids for the device. -- **LowerClassFilters** Lower filter class drivers IDs installed for the device -- **LowerFilters** Lower filter drivers IDs installed for the device -- **Manufacturer** INF file name (the name could be renamed by OS, such as oemXX.inf) -- **MatchingID** Device installation state. -- **Model** The version of the inventory binary generating the events. -- **ParentId** Lower filter class drivers IDs installed for the device. -- **ProblemCode** Lower filter drivers IDs installed for the device. -- **Provider** The device manufacturer. -- **Service** The device service name -- **STACKID** Represents the hardware ID or compatible ID that Windows uses to install a device instance. -- **UpperClassFilters** Upper filter drivers IDs installed for the device -- **UpperFilters** The device model. +- **HWID** A list of hardware IDs for the device. +- **Inf** The name of the INF file (possibly renamed by the OS, such as oemXX.inf). +- **InstallState** The device installation state. For a list of values, see: https://msdn.microsoft.com/en-us/library/windows/hardware/ff543130.aspx +- **InventoryVersion** The version number of the inventory process generating the events. +- **LowerClassFilters** The identifiers of the Lower Class filters installed for the device. +- **LowerFilters** The identifiers of the Lower filters installed for the device. +- **Manufacturer** The manufacturer of the device. +- **MatchingID** The Hardware ID or Compatible ID that Windows uses to install a device instance. +- **Model** Identifies the model of the device. +- **ParentId** The Device Instance ID of the parent of the device. +- **ProblemCode** The error code currently returned by the device, if applicable. +- **Provider** Identifies the device provider. +- **Service** The name of the device service. +- **STACKID** The list of hardware IDs for the stack. +- **UpperClassFilters** The identifiers of the Upper Class filters installed for the device. +- **UpperFilters** The identifiers of the Upper filters installed for the device. ### Microsoft.Windows.Inventory.Core.InventoryDevicePnpRemove @@ -3817,7 +3948,6 @@ The following fields are available: This event indicates that a new set of InventoryDeviceUsbHubClassAdd events will be sent. -This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedeviceinventorychange). The following fields are available: @@ -3974,30 +4104,30 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **AddinCLSID** The CLSID for the Office add-in. -- **AddInCLSID** CLSID key for the office addin -- **AddInId** Office add-in ID. -- **AddinType** Office add-in Type. -- **BinFileTimestamp** Timestamp of the Office add-in. -- **BinFileVersion** Version of the Office add-in. -- **Description** Office add-in description. -- **FileId** FileId of the Office add-in. -- **FileSize** File size of the Office add-in. -- **FriendlyName** Friendly name for office add-in. -- **FullPath** Unexpanded path to the office add-in. +- **AddinCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInCLSID** The class identifier key for the Microsoft Office add-in. +- **AddInId** The identifier for the Microsoft Office add-in. +- **AddinType** The type of the Microsoft Office add-in. +- **BinFileTimestamp** The timestamp of the Office add-in. +- **BinFileVersion** The version of the Microsoft Office add-in. +- **Description** Description of the Microsoft Office add-in. +- **FileId** The file identifier of the Microsoft Office add-in. +- **FileSize** The file size of the Microsoft Office add-in. +- **FriendlyName** The friendly name for the Microsoft Office add-in. +- **FullPath** The full path to the Microsoft Office add-in. - **InventoryVersion** The version of the inventory binary generating the events. -- **LoadBehavior** Uint32 that describes the load behavior. -- **LoadTime** Load time for the office addin -- **OfficeApplication** The office application for this add-in. -- **OfficeArchitecture** Architecture of the add-in. -- **OfficeVersion** The office version for this add-in. -- **OutlookCrashingAddin** Boolean that indicates if crashes have been found for this add-in. +- **LoadBehavior** Integer that describes the load behavior. +- **LoadTime** Load time for the Office add-in. +- **OfficeApplication** The Microsoft Office application associated with the add-in. +- **OfficeArchitecture** The architecture of the add-in. +- **OfficeVersion** The Microsoft Office version for this add-in. +- **OutlookCrashingAddin** Indicates whether crashes have been found for this add-in. - **ProductCompany** The name of the company associated with the Office add-in. -- **ProductName** The product name associated with the Office add-in. +- **ProductName** The product name associated with the Microsoft Office add-in. - **ProductVersion** The version associated with the Office add-in. -- **ProgramId** The unique program identifier of the Office add-in. +- **ProgramId** The unique program identifier of the Microsoft Office add-in. - **Provider** Name of the provider for this add-in. -- **Usage** Data regarding usage of the add-in. +- **Usage** Data about usage for the add-in. ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeAddInRemove @@ -4159,10 +4289,10 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: -- **BrowserFlags** Browser flags for Office-related products. -- **ExchangeProviderFlags** Provider policies for Office Exchange. +- **BrowserFlags** Browser flags for Office-related products +- **ExchangeProviderFlags** Provider policies for Office Exchange - **InventoryVersion** The version of the inventory binary generating the events. -- **SharedComputerLicensing** Office shared computer licensing policies. +- **SharedComputerLicensing** Office shared computer licensing policies ### Microsoft.Windows.Inventory.General.InventoryMiscellaneousOfficeSettingsStartSync @@ -4315,6 +4445,7 @@ This event includes fields from [Ms.Device.DeviceInventoryChange](#msdevicedevic The following fields are available: - **IndicatorValue** The indicator value. +- **Value** Describes an operating system indicator that may be relevant for the device upgrade. ### Microsoft.Windows.Inventory.Indicators.InventoryMiscellaneousUexIndicatorRemove @@ -4376,6 +4507,80 @@ The following fields are available: - **UserInputTime** The amount of time the loader application spent waiting for user input. +## Miracast events + +### Microsoft.Windows.Cast.Miracast.MiracastSessionEnd + +This event sends data at the end of a Miracast session that helps determine RTSP related Miracast failures along with some statistics about the session + +The following fields are available: + +- **AudioChannelCount** The number of audio channels. +- **AudioSampleRate** The sample rate of audio in terms of samples per second. +- **AudioSubtype** The unique subtype identifier of the audio codec (encoding method) used for audio encoding. +- **AverageBitrate** The average video bitrate used during the Miracast session, in bits per second. +- **AverageDataRate** The average available bandwidth reported by the WiFi driver during the Miracast session, in bits per second. +- **AveragePacketSendTimeInMs** The average time required for the network to send a sample, in milliseconds. +- **ConnectorType** The type of connector used during the Miracast session. +- **EncodeAverageTimeMS** The average time to encode a frame of video, in milliseconds. +- **EncodeCount** The count of total frames encoded in the session. +- **EncodeMaxTimeMS** The maximum time to encode a frame, in milliseconds. +- **EncodeMinTimeMS** The minimum time to encode a frame, in milliseconds. +- **EncoderCreationTimeInMs** The time required to create the video encoder, in milliseconds. +- **ErrorSource** Identifies the component that encountered an error that caused a disconnect, if applicable. +- **FirstFrameTime** The time (tick count) when the first frame is sent. +- **FirstLatencyMode** The first latency mode. +- **FrameAverageTimeMS** Average time to process an entire frame, in milliseconds. +- **FrameCount** The total number of frames processed. +- **FrameMaxTimeMS** The maximum time required to process an entire frame, in milliseconds. +- **FrameMinTimeMS** The minimum time required to process an entire frame, in milliseconds. +- **Glitches** The number of frames that failed to be delivered on time. +- **HardwareCursorEnabled** Indicates if hardware cursor was enabled when the connection ended. +- **HDCPState** The state of HDCP (High-bandwidth Digital Content Protection) when the connection ended. +- **HighestBitrate** The highest video bitrate used during the Miracast session, in bits per second. +- **HighestDataRate** The highest available bandwidth reported by the WiFi driver, in bits per second. +- **LastLatencyMode** The last reported latency mode. +- **LogTimeReference** The reference time, in tick counts. +- **LowestBitrate** The lowest video bitrate used during the Miracast session, in bits per second. +- **LowestDataRate** The lowest video bitrate used during the Miracast session, in bits per second. +- **MediaErrorCode** The error code reported by the media session, if applicable. +- **MiracastEntry** The time (tick count) when the Miracast driver was first loaded. +- **MiracastM1** The time (tick count) when the M1 request was sent. +- **MiracastM2** The time (tick count) when the M2 request was sent. +- **MiracastM3** The time (tick count) when the M3 request was sent. +- **MiracastM4** The time (tick count) when the M4 request was sent. +- **MiracastM5** The time (tick count) when the M5 request was sent. +- **MiracastM6** The time (tick count) when the M6 request was sent. +- **MiracastM7** The time (tick count) when the M7 request was sent. +- **MiracastSessionState** The state of the Miracast session when the connection ended. +- **MiracastStreaming** The time (tick count) when the Miracast session first started processing frames. +- **ProfileCount** The count of profiles generated from the receiver M4 response. +- **ProfileCountAfterFiltering** The count of profiles after filtering based on available bandwidth and encoder capabilities. +- **RefreshRate** The refresh rate set on the remote display. +- **RotationSupported** Indicates if the Miracast receiver supports display rotation. +- **RTSPSessionId** The unique identifier of the RTSP session. This matches the RTSP session ID for the receiver for the same session. +- **SessionGuid** The unique identifier of to correlate various Miracast events from a session. +- **SinkHadEdid** Indicates if the Miracast receiver reported an EDID. +- **SupportMicrosoftColorSpaceConversion** Indicates whether the Microsoft color space conversion for extra color fidelity is supported by the receiver. +- **SupportsMicrosoftDiagnostics** Indicates whether the Miracast receiver supports the Microsoft Diagnostics Miracast extension. +- **SupportsMicrosoftFormatChange** Indicates whether the Miracast receiver supports the Microsoft Format Change Miracast extension. +- **SupportsMicrosoftLatencyManagement** Indicates whether the Miracast receiver supports the Microsoft Latency Management Miracast extension. +- **SupportsMicrosoftRTCP** Indicates whether the Miracast receiver supports the Microsoft RTCP Miracast extension. +- **SupportsMicrosoftVideoFormats** Indicates whether the Miracast receiver supports Microsoft video format for 3:2 resolution. +- **SupportsWiDi** Indicates whether Miracast receiver supports Intel WiDi extensions. +- **TeardownErrorCode** The error code reason for teardown provided by the receiver, if applicable. +- **TeardownErrorReason** The text string reason for teardown provided by the receiver, if applicable. +- **UIBCEndState** Indicates whether UIBC was enabled when the connection ended. +- **UIBCEverEnabled** Indicates whether UIBC was ever enabled. +- **UIBCStatus** The result code reported by the UIBC setup process. +- **VideoBitrate** The starting bitrate for the video encoder. +- **VideoCodecLevel** The encoding level used for encoding, specific to the video subtype. +- **VideoHeight** The height of encoded video frames. +- **VideoSubtype** The unique subtype identifier of the video codec (encoding method) used for video encoding. +- **VideoWidth** The width of encoded video frames. +- **WFD2Supported** Indicates if the Miracast receiver supports WFD2 protocol. + + ## OneDrive events ### Microsoft.OneDrive.Sync.Setup.APIOperation @@ -4509,6 +4714,71 @@ The following fields are available: - **userRegionCode** The current user's region setting +### wilActivity + +This event provides a Windows Internal Library context used for Product and Service diagnostics. + +The following fields are available: + +- **callContext** The function where the failure occurred. +- **currentContextId** The ID of the current call context where the failure occurred. +- **currentContextMessage** The message of the current call context where the failure occurred. +- **currentContextName** The name of the current call context where the failure occurred. +- **failureCount** The number of failures for this failure ID. +- **failureId** The ID of the failure that occurred. +- **failureType** The type of the failure that occurred. +- **fileName** The file name where the failure occurred. +- **function** The function where the failure occurred. +- **hresult** The HResult of the overall activity. +- **lineNumber** The line number where the failure occurred. +- **message** The message of the failure that occurred. +- **module** The module where the failure occurred. +- **originatingContextId** The ID of the originating call context that resulted in the failure. +- **originatingContextMessage** The message of the originating call context that resulted in the failure. +- **originatingContextName** The name of the originating call context that resulted in the failure. +- **threadId** The ID of the thread on which the activity is executing. + + +## Sediment events + +### Microsoft.Windows.Sediment.Info.DetailedState + +This event is sent when detailed state information is needed from an update trial run. + +The following fields are available: + +- **Data** Data relevant to the state, such as what percent of disk space the directory takes up. +- **Id** Identifies the trial being run, such as a disk related trial. +- **ReleaseVer** The version of the component. +- **State** The state of the reporting data from the trial, such as the top-level directory analysis. +- **Time** The time the event was fired. + + +### Microsoft.Windows.Sediment.Info.Error + +This event indicates an error in the updater payload. This information assists in keeping Windows up to date. + +The following fields are available: + +- **FailureType** The type of error encountered. +- **FileName** The code file in which the error occurred. +- **HResult** The failure error code. +- **LineNumber** The line number in the code file at which the error occurred. +- **ReleaseVer** The version information for the component in which the error occurred. +- **Time** The system time at which the error occurred. + + +### Microsoft.Windows.Sediment.Info.PhaseChange + +The event indicates progress made by the updater. This information assists in keeping Windows up to date. + +The following fields are available: + +- **NewPhase** The phase of progress made. +- **ReleaseVer** The version information for the component in which the change occurred. +- **Time** The system time at which the phase chance occurred. + + ## Setup events ### SetupPlatformTel.SetupPlatformTelActivityEvent @@ -4548,15 +4818,6 @@ The following fields are available: - **Value** Retrieves the value associated with the corresponding event name (Field Name). For example: For time related events this will include the system time. -### SetupPlatformTel.SetupPlatfOrmTelEvent - -This service retrieves events generated by SetupPlatform, the engine that drives the various deployment scenarios. - -The following fields are available: - -- **GroupName** Retrieves the groupname the event belongs to. Example: Install Information, DU Information, Disk Space Information etc. - - ## Software update events ### SoftwareUpdateClientTelemetry.CheckForUpdates @@ -4660,6 +4921,7 @@ The following fields are available: - **BundleRevisionNumber** Identifies the revision number of the content bundle - **CallerApplicationName** Name provided by the caller who initiated API calls into the software distribution client - **ClientVersion** Version number of the software distribution client +- **DeploymentProviderMode** The mode of operation of the update deployment provider. - **DeviceModel** Device model as defined in the system bios - **EventInstanceID** A globally unique identifier for event instance - **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. @@ -4667,7 +4929,7 @@ The following fields are available: - **FlightId** The specific id of the flight the device is getting - **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.) - **RevisionNumber** Identifies the revision number of this specific piece of content -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc) - **SystemBIOSMajorRelease** Major release version of the system bios - **SystemBIOSMinorRelease** Minor release version of the system bios - **UpdateId** Identifier associated with the specific piece of content @@ -4680,11 +4942,11 @@ Download process event for target update on Windows Update client. See the Event The following fields are available: -- **ActiveDownloadTime** Number of seconds the update was actively being downloaded. +- **ActiveDownloadTime** How long the download took, in seconds, excluding time where the update wasn't actively being downloaded. - **AppXBlockHashFailures** Indicates the number of blocks that failed hash validation during download of the app payload. - **AppXBlockHashValidationFailureCount** A count of the number of blocks that have failed validation after being downloaded. -- **AppXDownloadScope** Indicates the scope of the download for application content. For streaming install scenarios, AllContent - non-streaming download, RequiredOnly - streaming download requested content required for launch, AutomaticOnly - streaming download requested automatic streams for the app, and Unknown - for events sent before download scope is determined by the Windows Update client. -- **AppXScope** Indicates the scope of the app download. The values can be one of the following: "RequiredContentOnly" - only the content required to launch the app is being downloaded; "AutomaticContentOnly" - only the optional [automatic] content for the app (the ones that can downloaded after the app has been launched) is being downloaded; "AllContent" - all content for the app, including the optional [automatic] content, is being downloaded. +- **AppXDownloadScope** Indicates the scope of the download for application content. +- **AppXScope** Indicates the scope of the app download. - **BiosFamily** The family of the BIOS (Basic Input Output System). - **BiosName** The name of the device BIOS. - **BiosReleaseDate** The release date of the device BIOS. @@ -4692,28 +4954,28 @@ The following fields are available: - **BIOSVendor** The vendor of the BIOS. - **BiosVersion** The version of the BIOS. - **BundleBytesDownloaded** Number of bytes downloaded for the specific content bundle. -- **BundleId** Identifier associated with the specific content bundle; should not be all zeros if the bundleID was found. +- **BundleId** Identifier associated with the specific content bundle. - **BundleRepeatFailCount** Indicates whether this particular update bundle has previously failed. - **BundleRepeatFailFlag** Indicates whether this particular update bundle previously failed to download. - **BundleRevisionNumber** Identifies the revision number of the content bundle. - **BytesDownloaded** Number of bytes that were downloaded for an individual piece of content (not the entire bundle). -- **CachedEngineVersion** For self-initiated healing, the version of the SIH engine that is cached on the device. If the SIH engine does not exist, the value is null. -- **CallerApplicationName** The name provided by the caller who initiated API calls into the software distribution client. -- **CbsDownloadMethod** Indicates whether the download was a full-file download or a partial/delta download. -- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. This value can be one of the following: (1) express download method was used for download; (2) SelfContained download method was used for download indicating the update had no express content; (3) SelfContained download method was used indicating that the update has an express payload, but the server is not hosting it; (4) SelfContained download method was used indicating that range requests are not supported; (5) SelfContained download method was used indicating that the system does not support express download (dpx.dll is not present); (6) SelfContained download method was used indicating that self-contained download method was selected previously; (7) SelfContained download method was used indicating a fall back to self-contained if the number of requests made by DPX exceeds a certain threshold. +- **CachedEngineVersion** The version of the “Self-Initiated Healing” (SIH) engine that is cached on the device, if applicable. +- **CallerApplicationName** The name provided by the application that initiated API calls into the software distribution client. +- **CbsDownloadMethod** Indicates whether the download was a full- or a partial-file download. +- **CbsMethod** The method used for downloading the update content related to the Component Based Servicing (CBS) technology. - **CDNCountryCode** Two letter country abbreviation for the Content Distribution Network (CDN) location. - **CDNId** ID which defines which CDN the software distribution client downloaded the content from. - **ClientVersion** The version number of the software distribution client. -- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0. -- **ConnectTime** Indicates the cumulative sum (in seconds) of the time it took to establish the connection for all updates in an update bundle. +- **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. +- **ConnectTime** Indicates the cumulative amount of time (in seconds) it took to establish the connection for all updates in an update bundle. - **CurrentMobileOperator** The mobile operator the device is currently connected to. -- **DeviceModel** What is the device model. +- **DeviceModel** The model of the device. - **DownloadPriority** Indicates whether a download happened at background, normal, or foreground priority. -- **DownloadProps** Indicates a bitmask for download operations indicating: (1) if an update was downloaded to a system volume (least significant bit i.e. bit 0); (2) if the update was from a channel other than the installed channel (bit 1); (3) if the update was for a product pinned by policy (bit 2); (4) if the deployment action for the update is uninstall (bit 3). -- **DownloadType** Differentiates the download type of SIH downloads between Metadata and Payload downloads. +- **DownloadProps** Information about the download operation. +- **DownloadType** Differentiates the download type of “Self-Initiated Healing” (SIH) downloads between Metadata and Payload downloads. - **EventInstanceID** A globally unique identifier for event instance. -- **EventScenario** Indicates the purpose of sending this event - whether because the software distribution just started downloading content, or whether it was cancelled, succeeded, or failed. -- **EventType** Possible values are Child, Bundle, or Driver. +- **EventScenario** Indicates the purpose for sending this event: whether because the software distribution just started downloading content; or whether it was cancelled, succeeded, or failed. +- **EventType** Identifies the type of the event (Child, Bundle, or Driver). - **ExtendedStatusCode** Secondary error code for certain scenarios where StatusCode wasn't specific enough. - **FeatureUpdatePause** Indicates whether feature OS updates are paused on the device. - **FlightBranch** The branch that a device is on if participating in flighting (pre-release builds). @@ -4728,38 +4990,38 @@ The following fields are available: - **IsDependentSet** Indicates whether a driver is a part of a larger System Hardware/Firmware Update - **IsWUfBDualScanEnabled** Indicates if Windows Update for Business dual scan is enabled on the device. - **IsWUfBEnabled** Indicates if Windows Update for Business is enabled on the device. -- **NetworkCost** A flag indicating the cost of the network used for downloading the update content. The values can be: 0x0 (Unkown); 0x1 (Network cost is unrestricted); 0x2 (Network cost is fixed); 0x4 (Network cost is variable); 0x10000 (Network cost over data limit); 0x20000 (Network cost congested); 0x40000 (Network cost roaming); 0x80000 (Network cost approaching data limit). +- **NetworkCost** A flag indicating the cost of the network (congested, fixed, variable, over data limit, roaming, etc.) used for downloading the update content. - **NetworkCostBitMask** Indicates what kind of network the device is connected to (roaming, metered, over data cap, etc.) - **NetworkRestrictionStatus** More general version of NetworkCostBitMask, specifying whether Windows considered the current network to be "metered." - **PackageFullName** The package name of the content. - **PhonePreviewEnabled** Indicates whether a phone was opted-in to getting preview builds, prior to flighting (pre-release builds) being introduced. -- **PostDnldTime** Time taken (in seconds) to signal download completion after the last job has completed downloading payload. -- **ProcessName** The process name of the caller who initiated API calls, in the event where CallerApplicationName was not provided. +- **PostDnldTime** Time (in seconds) taken to signal download completion after the last job completed downloading the payload. +- **ProcessName** The process name of the application that initiated API calls, in the event where CallerApplicationName was not provided. - **QualityUpdatePause** Indicates whether quality OS updates are paused on the device. - **Reason** A 32-bit integer representing the reason the update is blocked from being downloaded in the background. - **RegulationReason** The reason that the update is regulated - **RegulationResult** The result code (HResult) of the last attempt to contact the regulation web service for download regulation of update content. -- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one. -- **RepeatFailCount** Indicates whether this specific piece of content has previously failed. -- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download. -- **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** An ID that represents which service the software distribution client is installing content for (Windows Update, Microsoft Store, etc.). -- **Setup360Phase** If the download is for an operating system upgrade, this datapoint indicates which phase of the upgrade is underway. -- **ShippingMobileOperator** The mobile operator that a device shipped on. -- **SizeCalcTime** Time taken (in seconds) to calculate the total download size of the payload. +- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector. +- **RepeatFailCount** Indicates whether this specific content has previously failed. +- **RepeatFailFlag** Indicates whether this specific content previously failed to download. +- **RevisionNumber** The revision number of the specified piece of content. +- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.). +- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade. +- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped. +- **SizeCalcTime** Time (in seconds) taken to calculate the total download size of the payload. - **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult). - **SystemBIOSMajorRelease** Major version of the BIOS. - **SystemBIOSMinorRelease** Minor version of the BIOS. - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. -- **TargetMetadataVersion** For self-initiated healing, this is the target version of the SIH engine to download (if needed). If not, the value is null. +- **TargetMetadataVersion** The version of the currently downloading (or most recently downloaded) package. - **ThrottlingServiceHResult** Result code (success/failure) while contacting a web service to determine whether this device should download content yet. -- **TimeToEstablishConnection** Time (in ms) it took to establish the connection prior to beginning downloaded. -- **TotalExpectedBytes** The total count of bytes that the download is expected to be. +- **TimeToEstablishConnection** Time (in milliseconds) it took to establish the connection prior to beginning downloaded. +- **TotalExpectedBytes** The total size (in Bytes) expected to be downloaded. - **UpdateId** An identifier associated with the specific piece of content. - **UpdateID** An identifier associated with the specific piece of content. -- **UpdateImportance** Indicates whether a piece of content was marked as Important, Recommended, or Optional. -- **UsedDO** Whether the download used the delivery optimization service. +- **UpdateImportance** Indicates whether the content was marked as Important, Recommended, or Optional. +- **UsedDO** Indicates whether the download used the Delivery Optimization (DO) service. - **UsedSystemVolume** Indicates whether the content was downloaded to the device's main system storage drive, or an alternate storage drive. - **WUDeviceID** The unique identifier of a specific device, used to identify how many devices are encountering success or a particular issue. @@ -4838,6 +5100,7 @@ The following fields are available: - **CommonProps** A bitmask for future flags associated with the Windows Update client behavior. No value is currently reported in this field. Expected value for this field is 0. - **CSIErrorType** The stage of CBS installation where it failed. - **CurrentMobileOperator** The mobile operator to which the device is currently connected. +- **DeploymentProviderMode** The mode of operation of the update deployment provider. - **DeviceModel** The device model. - **DriverPingBack** Contains information about the previous driver and system state. - **DriverRecoveryIds** The list of identifiers that could be used for uninstalling the drivers if a recovery is required. @@ -4924,7 +5187,7 @@ The following fields are available: - **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. - **RepeatFailCount** Indicates whether this specific piece of content has previously failed. - **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. @@ -4984,7 +5247,7 @@ The following fields are available: - **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one. - **RepeatFailCount** Indicates whether this specific piece of content previously failed. - **RevisionNumber** Identifies the revision number of this specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.). +- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.). - **StatusCode** Result code of the event (success, cancellation, failure code HResult). - **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver. - **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device. @@ -5016,28 +5279,28 @@ Ensures Windows Updates are secure and complete. Event helps to identify whether The following fields are available: - **CallerApplicationName** Name of application making the Windows Update request. Used to identify context of request. -- **EndpointUrl** URL of the endpoint where client obtains update metadata. Used to identify test vs staging vs production environments. -- **EventScenario** Indicates the purpose of the event - whether because scan started, succeded, failed, etc. -- **ExtendedStatusCode** Secondary status code for certain scenarios where StatusCode was not specific enough. -- **LeafCertId** Integral ID from the FragmentSigning data for certificate that failed. +- **EndpointUrl** The endpoint URL where the device obtains update metadata. This is used to distinguish between test, staging, and production environments. +- **EventScenario** The purpose of this event, such as scan started, scan succeeded, or scan failed. +- **ExtendedStatusCode** The secondary status code of the event. +- **LeafCertId** The integral ID from the FragmentSigning data for the certificate that failed. - **ListOfSHA256OfIntermediateCerData** A semicolon delimited list of base64 encoding of hashes for the Base64CerData in the FragmentSigning data of an intermediate certificate. -- **MetadataIntegrityMode** Mode of update transport metadata integrity check. 0-Unknown, 1-Ignoe, 2-Audit, 3-Enforce +- **MetadataIntegrityMode** The mode of the transport metadata integrity check. 0 = unknown; 1 = ignore; 2 = audit; 3 = enforce - **MetadataSignature** A base64-encoded string of the signature associated with the update metadata (specified by revision ID). -- **RawMode** Raw unparsed mode string from the SLS response. May be null if not applicable. +- **RawMode** The raw unparsed mode string from the SLS response. This field is null if not applicable. - **RawValidityWindowInDays** The raw unparsed validity window string in days of the timestamp token. This field is null if not applicable. - **RevisionId** The revision ID for a specific piece of content. - **RevisionNumber** The revision number for a specific piece of content. -- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc) +- **ServiceGuid** Identifies the service to which the software distribution client is connected, Example: Windows Update or Microsoft Store - **SHA256OfLeafCerData** A base64 encoding of the hash for the Base64CerData in the FragmentSigning data of the leaf certificate. - **SHA256OfLeafCertPublicKey** A base64 encoding of the hash of the Base64CertData in the FragmentSigning data of the leaf certificate. -- **SHA256OfTimestampToken** Base64 string of hash of the timestamp token blob +- **SHA256OfTimestampToken** An encoded string of the timestamp token. - **SignatureAlgorithm** The hash algorithm for the metadata signature. -- **SLSPrograms** A test program a machine may be opted in. Examples include "Canary" and "Insider Fast". -- **StatusCode** Result code of the event (success, cancellation, failure code HResult) -- **TimestampTokenCertThumbprint** Thumbprint of the encoded timestamp token. -- **TimestampTokenId** Created time encoded in the timestamp blob. This will be zeroed if the token is itself malformed and decoding failed. +- **SLSPrograms** A test program to which a device may have opted in. Example: Insider Fast +- **StatusCode** The status code of the event. +- **TimestampTokenCertThumbprint** The thumbprint of the encoded timestamp token. +- **TimestampTokenId** The time this was created. It is encoded in a timestamp blob and will be zero if the token is malformed. - **UpdateId** The update ID for a specific piece of content. -- **ValidityWindowInDays** Validity window in effect when verifying the timestamp +- **ValidityWindowInDays** The validity window that's in effect when verifying the timestamp. ## System Resource Usage Monitor events @@ -5133,6 +5396,7 @@ The following fields are available: - **RangeRequestState** Indicates the range request type used. - **RelatedCV** Correlation vector value generated from the latest USO scan. - **Result** Outcome of the download request phase of update. +- **SandboxTaggedForReserves** The sandbox for reserves. - **ScenarioId** Indicates the update scenario. - **SessionId** Unique value for each attempt (same value for initialize, download, install commit phases). - **UpdateId** Unique ID for each update. @@ -5360,6 +5624,24 @@ The following fields are available: - **UserSession** Indicates whether install was invoked by user actions. +## Update notification events + +### Microsoft.Windows.UpdateNotificationPipeline.UNPCampaignManagerHeartbeat + +This event is sent at the start of the CampaignManager event and is intended to be used as a heartbeat. + +The following fields are available: + +- **CampaignConfigVersion** Configuration version for the current campaign. +- **CampaignID** Currently campaign that is running on Update Notification Pipeline (UNP). +- **ConfigCatalogVersion** Current catalog version of UNP. +- **ContentVersion** Content version for the current campaign on UNP. +- **CV** Correlation vector. +- **DetectorVersion** Most recently run detector version for the current campaign on UNP. +- **GlobalEventCounter** Client-side counter that indicates the event ordering sent by the user. +- **PackageVersion** Current UNP package version. + + ## Upgrade events ### FacilitatorTelemetry.DCATDownload @@ -5374,6 +5656,22 @@ The following fields are available: - **ResultCode** Result returned by the Facilitator DCAT call. - **Scenario** Dynamic update scenario (Image DU, or Setup DU). - **Type** Type of package that was downloaded. +- **UpdateId** The ID of the update that was downloaded. + + +### FacilitatorTelemetry.DUDownload + +This event returns data about the download of supplemental packages critical to upgrading a device to the next version of Windows. + +The following fields are available: + +- **DownloadRequestAttributes** The attributes sent for download. +- **PackageCategoriesFailed** Lists the categories of packages that failed to download. +- **PackageCategoriesSkipped** Lists the categories of package downloads that were skipped. +- **ResultCode** The result of the event execution. +- **Scenario** Identifies the active Download scenario. +- **Url** The URL the download request was sent to. +- **Version** Identifies the version of Facilitator used. ### FacilitatorTelemetry.InitializeDU @@ -5591,7 +5889,7 @@ The following fields are available: - **InstanceId** Retrieves a unique identifier for each instance of a setup session. - **Operation** Facilitator’s last known operation (scan, download, etc.). - **ReportId** ID for tying together events stream side. -- **ResultCode** Result returned by setup for the entire operation. +- **ResultCode** Result returned for the entire setup operation. - **Scenario** Dynamic Update scenario (Image DU, or Setup DU). - **ScenarioId** Identifies the update scenario. - **TargetBranch** Branch of the target OS. @@ -5693,6 +5991,7 @@ The following fields are available: - **detectionSummary** Result of each applicable detection that was run. - **featureAssessmentImpact** WaaS Assessment impact for feature updates. - **hrEngineResult** Error code from the engine operation. +- **insufficientSessions** Device not eligible for diagnostics. - **isInteractiveMode** The user started a run of WaaSMedic. - **isManaged** Device is managed for updates. - **isWUConnected** Device is connected to Windows Update. @@ -5754,7 +6053,7 @@ The following fields are available: - **PertProb** The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”. -## Microsoft Store events +## Windows Store events ### Microsoft.Windows.Store.StoreActivating @@ -6033,7 +6332,9 @@ This event is sent at the beginning of an app install or update to help keep Win The following fields are available: - **CatalogId** The name of the product catalog from which this app was chosen. +- **FulfillmentPluginId** The ID of the plugin needed to install the package type of the product. - **PFN** The Package Family Name of the app that is being installed or updated. +- **PluginTelemetryData** Diagnostic information specific to the package-type plug-in. - **ProductId** The product ID of the app that is being updated or installed. @@ -6224,6 +6525,7 @@ The following fields are available: - **bytesFromCDN** The number of bytes received from a CDN source. - **bytesFromGroupPeers** The number of bytes received from a peer in the same domain group. - **bytesFromIntPeers** The number of bytes received from peers not in the same LAN or in the same domain group. +- **bytesFromLinkLocalPeers** The number of bytes received from local peers. - **bytesFromLocalCache** Bytes copied over from local (on disk) cache. - **bytesFromPeers** The number of bytes received from a peer in the same LAN. - **bytesRequested** The total number of bytes requested for download. @@ -6251,7 +6553,9 @@ The following fields are available: - **isVpn** Is the device connected to a Virtual Private Network? - **jobID** Identifier for the Windows Update job. - **lanConnectionCount** The total number of connections made to peers in the same LAN. +- **linkLocalConnectionCount** The number of connections made to peers in the same Link-local network. - **numPeers** The total number of peers used for this download. +- **numPeersLocal** The total number of local peers used for this download. - **predefinedCallerName** The name of the API Caller. - **restrictedUpload** Is the upload restricted? - **routeToCacheServer** The cache server setting, source, and value. @@ -6298,6 +6602,7 @@ The following fields are available: - **doClientVersion** The version of the Delivery Optimization client. - **doErrorCode** The Delivery Optimization error code that was returned. - **downloadMode** The download mode used for this file download session (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100). +- **downloadModeReason** Reason for the download. - **downloadModeSrc** Source of the DownloadMode setting (KvsProvider = 0, GeoProvider = 1, GeoVerProvider = 2, CpProvider = 3, DiscoveryProvider = 4, RegistryProvider = 5, GroupPolicyProvider = 6, MdmProvider = 7, SettingsProvider = 8, InvalidProviderType = 9). - **errorCode** The error code that was returned. - **experimentId** ID used to correlate client/services calls that are part of the same test during A/B testing. @@ -6363,21 +6668,21 @@ This event collects information regarding the state of devices and drivers on th The following fields are available: - **activated** Whether the entire device manifest update is considered activated and in use. -- **analysisErrorCount** How many driver packages that could not be analyzed because errors were hit during the analysis. +- **analysisErrorCount** The number of driver packages that could not be analyzed because errors occurred during analysis. - **flightId** Unique ID for each flight. -- **missingDriverCount** How many driver packages that were delivered by the device manifest that are missing from the system. -- **missingUpdateCount** How many updates that were part of the device manifest that are missing from the system. +- **missingDriverCount** The number of driver packages delivered by the device manifest that are missing from the system. +- **missingUpdateCount** The number of updates in the device manifest that are missing from the system. - **objectId** Unique value for each diagnostics session. -- **publishedCount** How many drivers packages that were delivered by the device manifest that are published and available to be used on devices. +- **publishedCount** The number of drivers packages delivered by the device manifest that are published and available to be used on devices. - **relatedCV** Correlation vector value generated from the latest USO scan. - **scenarioId** Indicates the update scenario. - **sessionId** Unique value for each update session. -- **summary** A summary string that contains some basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match on. +- **summary** A summary string that contains basic information about driver packages that are part of the device manifest and any devices on the system that those driver packages match. - **summaryAppendError** A Boolean indicating if there was an error appending more information to the summary string. -- **truncatedDeviceCount** How many devices are missing from the summary string due to there not being enough room in the string. -- **truncatedDriverCount** How many driver packages are missing from the summary string due to there not being enough room in the string. +- **truncatedDeviceCount** The number of devices missing from the summary string because there is not enough room in the string. +- **truncatedDriverCount** The number of driver packages missing from the summary string because there is not enough room in the string. - **unpublishedCount** How many drivers packages that were delivered by the device manifest that are still unpublished and unavailable to be used on devices. -- **updateId** Unique ID for each Update. +- **updateId** The unique ID for each update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentCommit @@ -6448,13 +6753,13 @@ This event collects information regarding the install phase of the new device ma The following fields are available: - **errorCode** The error code returned for the current install phase. -- **flightId** The unique identifier for each flight. +- **flightId** The unique identifier for each flight (pre-release builds). - **objectId** The unique identifier for each diagnostics session. -- **relatedCV** Correlation vector value generated from the latest USO scan. +- **relatedCV** Correlation vector value generated from the latest scan. - **result** Outcome of the install phase of the update. -- **scenarioId** The unique identifier for the update scenario. +- **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate - **sessionId** The unique identifier for each update session. -- **updateId** The unique identifier for each update. +- **updateId** The unique identifier for each Update. ### Microsoft.Windows.Update.DeviceUpdateAgent.UpdateAgentModeStart @@ -6463,13 +6768,13 @@ This event sends data for the start of each mode during the process of updating The following fields are available: -- **flightId** The unique identifier for each flight. -- **mode** The mode that is starting. -- **objectId** The unique value for each diagnostics session. -- **relatedCV** Correlation vector value generated from the latest USO scan. +- **flightId** The unique identifier for each flight (pre-release builds). +- **mode** Indicates the active Update Agent mode. +- **objectId** Unique value for each diagnostics session. +- **relatedCV** Correlation vector value generated from the latest scan. - **scenarioId** The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate. -- **sessionId** Unique value for each Update Agent mode attempt. -- **updateId** Unique identifier for each update. +- **sessionId** The unique identifier for each update session. +- **updateId** The unique identifier for each Update. ### Microsoft.Windows.Update.NotificationUx.DialogNotificationToBeDisplayed @@ -6498,6 +6803,22 @@ The following fields are available: - **UtcTime** The time the dialog box notification will be displayed, in Coordinated Universal Time. +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootAcceptAutoDialog + +This event indicates that the Enhanced Engaged restart "accept automatically" dialog box was displayed. + +The following fields are available: + +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the dialog box. +- **RebootVersion** Version of DTE. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that user chose on this dialog box. +- **UtcTime** The time that the dialog box was displayed, in Coordinated Universal Time. + + ### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootFirstReminderDialog This event indicates that the Enhanced Engaged restart "first reminder" dialog box was displayed.. @@ -6562,6 +6883,42 @@ The following fields are available: - **UtcTime** The time at which the reboot reminder dialog was shown (in UTC). +### Microsoft.Windows.Update.NotificationUx.EnhancedEngagedRebootReminderToast + +This event indicates that the Enhanced Engaged restart reminder pop-up banner was displayed. + +The following fields are available: + +- **DeviceLocalTime** The local time on the device sending the event. +- **ETag** OneSettings versioning value. +- **ExitCode** Indicates how users exited the pop-up banner. +- **RebootVersion** The version of the reboot logic. +- **UpdateId** The ID of the update that is pending restart to finish installation. +- **UpdateRevision** The revision of the update that is pending restart to finish installation. +- **UserResponseString** The option that the user chose in the pop-up banner. +- **UtcTime** The time that the pop-up banner was displayed, in Coordinated Universal Time. + + +### Microsoft.Windows.Update.NotificationUx.RebootScheduled + +Indicates when a reboot is scheduled by the system or a user for a security, quality, or feature update. + +The following fields are available: + +- **activeHoursApplicable** Indicates whether an Active Hours policy is present on the device. +- **IsEnhancedEngagedReboot** Indicates whether this is an Enhanced Engaged reboot. +- **rebootArgument** Argument for the reboot task. It also represents specific reboot related action. +- **rebootOutsideOfActiveHours** Indicates whether a restart is scheduled outside of active hours. +- **rebootScheduledByUser** Indicates whether the restart was scheduled by user (if not, it was scheduled automatically). +- **rebootState** The current state of the restart. +- **rebootUsingSmartScheduler** Indicates whether the reboot is scheduled by smart scheduler. +- **revisionNumber** Revision number of the update that is getting installed with this restart. +- **scheduledRebootTime** Time of the scheduled restart. +- **scheduledRebootTimeInUTC** Time of the scheduled restart in Coordinated Universal Time. +- **updateId** ID of the update that is getting installed with this restart. +- **wuDeviceid** Unique device ID used by Windows Update. + + ### Microsoft.Windows.Update.Orchestrator.ActivityRestrictedByActiveHoursPolicy This event indicates a policy is present that may restrict update activity to outside of active hours. @@ -6622,20 +6979,20 @@ This event indicates that a scan for a Windows Update occurred. The following fields are available: -- **deferReason** Reason why the device could not check for updates. -- **detectionBlockingPolicy** State of update action. -- **detectionBlockreason** Reason for detection not completing. +- **deferReason** The reason why the device could not check for updates. +- **detectionBlockingPolicy** The Policy that blocked detection. +- **detectionBlockreason** The reason detection did not complete. - **detectionRetryMode** Indicates whether we will try to scan again. -- **errorCode** The returned error code. +- **errorCode** The error code returned for the current process. - **eventScenario** End-to-end update session ID, or indicates the purpose of sending this event - whether because the software distribution just started installing content, or whether it was cancelled, succeeded, or failed. -- **flightID** The specific ID of the Windows Insider build the device is getting. -- **interactive** Indicates whether the session was user initiated. -- **networkStatus** Error info -- **revisionNumber** Update revision number. -- **scanTriggerSource** Source of the triggered scan. -- **updateId** Update ID. -- **updateScenarioType** Update Session type -- **wuDeviceid** Device ID +- **flightID** The unique identifier for the flight (Windows Insider pre-release build) should be delivered to the device, if applicable. +- **interactive** Indicates whether the user initiated the session. +- **networkStatus** Indicates if the device is connected to the internet. +- **revisionNumber** The Update revision number. +- **scanTriggerSource** The source of the triggered scan. +- **updateId** The unique identifier of the Update. +- **updateScenarioType** Identifies the type of update session being performed. +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Orchestrator.DisplayNeeded @@ -6700,6 +7057,23 @@ The following fields are available: - **wuDeviceid** Device ID used by Windows Update. +### Microsoft.Windows.Update.Orchestrator.EscalationRiskLevels + +This event is sent during update scan, download, or install, and indicates that the device is at risk of being out-of-date. + +The following fields are available: + +- **configVersion** The escalation configuration version on the device. +- **downloadElapsedTime** Indicates how long since the download is required on device. +- **downloadRiskLevel** At-risk level of download phase. +- **installElapsedTime** Indicates how long since the install is required on device. +- **installRiskLevel** The at-risk level of install phase. +- **isSediment** Assessment of whether is device is at risk. +- **scanElapsedTime** Indicates how long since the scan is required on device. +- **scanRiskLevel** At-risk level of the scan phase. +- **wuDeviceid** Device ID used by Windows Update. + + ### Microsoft.Windows.Update.Orchestrator.FailedToAddTimeTriggerToScanTask This event indicated that USO failed to add a trigger time to a task. @@ -6718,6 +7092,7 @@ The following fields are available: - **EventPublishedTime** Time when this event was generated. - **flightID** The specific ID of the Windows Insider build. +- **inapplicableReason** The reason why the update is inapplicable. - **revisionNumber** Update revision number. - **updateId** Unique Windows Update ID. - **updateScenarioType** Update session type. @@ -6739,7 +7114,7 @@ The following fields are available: - **revisionNumber** Revision number of the update. - **updateId** Update ID. - **updateScenarioType** The update session type. -- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated to ensure the correct update process and experience is provided to keep Windows up to date.Indicates the exact state of the user experience at the time the required reboot was initiated. +- **uxRebootstate** Indicates the exact state of the user experience at the time the required reboot was initiated. - **wuDeviceid** Unique device ID used by Windows Update. @@ -6753,7 +7128,7 @@ The following fields are available: - **deferReason** Reason for install not completing. - **errorCode** The error code reppresented by a hexadecimal value. - **eventScenario** End-to-end update session ID. -- **flightID** Unique update ID +- **flightID** The ID of the Windows Insider build the device is getting. - **flightUpdate** Indicates whether the update is a Windows Insider build. - **ForcedRebootReminderSet** A boolean value that indicates if a forced reboot will happen for updates. - **IgnoreReasonsForRestart** The reason(s) a Postpone Restart command was ignored. @@ -7028,7 +7403,7 @@ The following fields are available: - **scheduledRebootTime** Time scheduled for the reboot. - **scheduledRebootTimeInUTC** Time scheduled for the reboot, in UTC. - **updateId** Identifies which update is being scheduled. -- **wuDeviceid** Unique DeviceID +- **wuDeviceid** The unique device ID used by Windows Update. ### Microsoft.Windows.Update.Ux.MusNotification.UxBrokerScheduledTask @@ -7069,21 +7444,43 @@ This event sends data specific to the CleanupSafeOsImages mitigation used for OS The following fields are available: -- **ClientId** In the WU scenario, this will be the WU client ID that is passed to Setup. In Media setup, default value is Media360, but can be overwritten by the caller to a unique value. -- **FlightId** Unique identifier for each flight. -- **InstanceId** Unique GUID that identifies each instances of setuphost.exe. +- **ClientId** The client ID used by Windows Update. +- **FlightId** The ID of each Windows Insider build the device received. +- **InstanceId** A unique device ID that identifies each update instance. - **MitigationScenario** The update scenario in which the mitigation was executed. -- **MountedImageCount** Number of mounted images. -- **MountedImageMatches** Number of mounted images that were under %systemdrive%\$Windows.~BT. -- **MountedImagesFailed** Number of mounted images under %systemdrive%\$Windows.~BT that could not be removed. -- **MountedImagesRemoved** Number of mounted images under %systemdrive%\$Windows.~BT that were successfully removed. -- **MountedImagesSkipped** Number of mounted images that were not under %systemdrive%\$Windows.~BT. -- **RelatedCV** Correlation vector value generated from the latest USO scan. +- **MountedImageCount** The number of mounted images. +- **MountedImageMatches** The number of mounted image matches. +- **MountedImagesFailed** The number of mounted images that could not be removed. +- **MountedImagesRemoved** The number of mounted images that were successfully removed. +- **MountedImagesSkipped** The number of mounted images that were not found. +- **RelatedCV** The correlation vector value generated from the latest USO scan. - **Result** HResult of this operation. - **ScenarioId** ID indicating the mitigation scenario. - **ScenarioSupported** Indicates whether the scenario was supported. - **SessionId** Unique value for each update attempt. -- **UpdateId** Unique ID for each Update. +- **UpdateId** Unique ID for each Windows Update. +- **WuId** Unique ID for the Windows Update client. + + +### Mitigation360Telemetry.MitigationCustom.FixAppXReparsePoints + +This event sends data specific to the FixAppXReparsePoints mitigation used for OS updates. + +The following fields are available: + +- **ClientId** Unique identifier for each flight. +- **FlightId** Unique GUID that identifies each instances of setuphost.exe. +- **InstanceId** The update scenario in which the mitigation was executed. +- **MitigationScenario** Correlation vector value generated from the latest USO scan. +- **RelatedCV** Number of reparse points that are corrupted but we failed to fix them. +- **ReparsePointsFailed** Number of reparse points that were corrupted and were fixed by this mitigation. +- **ReparsePointsFixed** Number of reparse points that are not corrupted and no action is required. +- **ReparsePointsSkipped** HResult of this operation. +- **Result** ID indicating the mitigation scenario. +- **ScenarioId** Indicates whether the scenario was supported. +- **ScenarioSupported** Unique value for each update attempt. +- **SessionId** Unique ID for each Update. +- **UpdateId** Unique ID for the Windows Update client. - **WuId** Unique ID for the Windows Update client. @@ -7110,6 +7507,57 @@ The following fields are available: - **WuId** Unique ID for the Windows Update client. +## Windows Update Reserve Manager events + +### Microsoft.Windows.UpdateReserveManager.CommitPendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager commits a hard reserve adjustment that was pending. + +The following fields are available: + +- **FinalAdjustment** Final adjustment for the hard reserve following the addition or removal of optional content. +- **InitialAdjustment** Initial intended adjustment for the hard reserve following the addition/removal of optional content. + + +### Microsoft.Windows.UpdateReserveManager.FunctionReturnedError + +This event is sent when the Update Reserve Manager returns an error from one of its internal functions. + +The following fields are available: + +- **FailedExpression** The failed expression that was returned. +- **FailedFile** The binary file that contained the failed function. +- **FailedFunction** The name of the function that originated the failure. +- **FailedLine** The line number of the failure. +- **ReturnCode** The return code of the function. + + +### Microsoft.Windows.UpdateReserveManager.PrepareTIForReserveInitialization + +This event is sent when the Update Reserve Manager prepares the Trusted Installer to initialize reserves on the next boot. + +The following fields are available: + +- **Flags** The flags that are passed to the function to prepare the Trusted Installer for reserve initialization. + + +### Microsoft.Windows.UpdateReserveManager.RemovePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager removes a pending hard reserve adjustment. + + + +### Microsoft.Windows.UpdateReserveManager.UpdatePendingHardReserveAdjustment + +This event is sent when the Update Reserve Manager needs to adjust the size of the hard reserve after the option content is installed. + +The following fields are available: + +- **ChangeSize** The change in the hard reserve size based on the addition or removal of optional content. +- **PendingHardReserveAdjustment** The final change to the hard reserve size. +- **UpdateType** Indicates whether the change is an increase or decrease in the size of the hard reserve. + + ## Winlogon events ### Microsoft.Windows.Security.Winlogon.SetupCompleteLogon diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 37a8b7a031..da571eeaf2 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -7,7 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 04/04/2018 --- diff --git a/windows/privacy/diagnostic-data-viewer-overview.md b/windows/privacy/diagnostic-data-viewer-overview.md index c3e3209466..2f7c2c256d 100644 --- a/windows/privacy/diagnostic-data-viewer-overview.md +++ b/windows/privacy/diagnostic-data-viewer-overview.md @@ -7,8 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high -author: brianlic-msft -ms.author: brianlic +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 01/17/2018 --- @@ -62,6 +66,9 @@ The Diagnostic Data Viewer provides you with the following features to view and - **View your diagnostic events.** In the left column, you can review your diagnostic events. These events reflect activities that occurred and were sent to Microsoft. Selecting an event opens the detailed JSON view, which provides the exact details uploaded to Microsoft. Microsoft uses this info to continually improve the Windows operating system. + + >[!Important] + >Seeing an event does not necessarily mean it has been uploaded yet. It’s possible that some events are still queued and will be uploaded at a later time. ![View your diagnostic events](images/ddv-event-view.png) diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index e1797ff113..f3f9bf6b3f 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -7,9 +7,13 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high -ms.date: 11/9/2018 -author: danihalfin +audience: ITPro +author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 11/9/2018 --- diff --git a/windows/privacy/gdpr-it-guidance.md b/windows/privacy/gdpr-it-guidance.md index 273464ae5a..3cc4c3a5d1 100644 --- a/windows/privacy/gdpr-it-guidance.md +++ b/windows/privacy/gdpr-it-guidance.md @@ -7,8 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 05/11/2018 --- # Windows and the GDPR: Information for IT Administrators and Decision Makers diff --git a/windows/privacy/gdpr-win10-whitepaper.md b/windows/privacy/gdpr-win10-whitepaper.md index a8a0214f4a..62925e34b9 100644 --- a/windows/privacy/gdpr-win10-whitepaper.md +++ b/windows/privacy/gdpr-win10-whitepaper.md @@ -7,8 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high +audience: ITPro author: pwiglemsft ms.author: pwigle +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 09/25/2017 --- diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml index c0af2a06c7..8d5740bc52 100644 --- a/windows/privacy/index.yml +++ b/windows/privacy/index.yml @@ -22,7 +22,13 @@ metadata: ms.date: 04/25/2018 - ms.topic: article + ms.topic: conceptual + + audience: ITPro + + manager: dansimp + + ms.collection: M365-security-compliance ms.devlang: na diff --git a/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md b/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md index ee8ecf4a8b..142906d55e 100644 --- a/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md +++ b/windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md @@ -7,8 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 11/16/2018 robots: noindex,nofollow --- diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 5c89da41a0..75f9a40255 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -7,8 +7,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 06/05/2018 --- diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 2e754c9ad3..a3e6817d6a 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 6/26/2018 --- # Manage connection endpoints for Windows 10, version 1709 diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index f508978478..c23ac04672 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 6/26/2018 --- # Manage connection endpoints for Windows 10, version 1803 diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 7c645311a6..74fa377991 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 6/26/2018 --- # Manage connection endpoints for Windows 10, version 1809 diff --git a/windows/privacy/windows-diagnostic-data-1703.md b/windows/privacy/windows-diagnostic-data-1703.md index 15ce44125d..de1f934651 100644 --- a/windows/privacy/windows-diagnostic-data-1703.md +++ b/windows/privacy/windows-diagnostic-data-1703.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high -author: eross-msft -ms.author: lizross +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 11/28/2017 --- diff --git a/windows/privacy/windows-diagnostic-data.md b/windows/privacy/windows-diagnostic-data.md index dd435f2d40..2b73716da2 100644 --- a/windows/privacy/windows-diagnostic-data.md +++ b/windows/privacy/windows-diagnostic-data.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high -author: brianlic-msft -ms.author: brianlic +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 03/13/2018 --- diff --git a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md index 89c04ebc76..58b39b8a65 100644 --- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 6/26/2018 --- # Windows 10, version 1709, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md index 39343b19d9..833236d614 100644 --- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 6/26/2018 --- # Windows 10, version 1803, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md index 222b37d0e2..370860330f 100644 --- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md @@ -6,8 +6,12 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 6/26/2018 --- # Windows 10, version 1809, connection endpoints for non-Enterprise editions diff --git a/windows/privacy/windows-personal-data-services-configuration.md b/windows/privacy/windows-personal-data-services-configuration.md index e830022a97..bb0d5fa4f5 100644 --- a/windows/privacy/windows-personal-data-services-configuration.md +++ b/windows/privacy/windows-personal-data-services-configuration.md @@ -7,8 +7,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: high +audience: ITPro author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article ms.date: 05/11/2018 --- # Windows 10 personal data services configuration diff --git a/windows/security/identity-protection/TOC.md b/windows/security/identity-protection/TOC.md index 23991e4fc0..a3c24b5cf6 100644 --- a/windows/security/identity-protection/TOC.md +++ b/windows/security/identity-protection/TOC.md @@ -11,13 +11,12 @@ ### [Active Directory Security Groups](access-control/active-directory-security-groups.md) ### [Special Identities](access-control/special-identities.md) -## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) +### [User Account Control](user-account-control\user-account-control-overview.md) +#### [How User Account Control works](user-account-control\how-user-account-control-works.md) +#### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md) +#### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md) -## [Enterprise Certificate Pinning](enterprise-certificate-pinning.md) - -## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) - -## [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md) +## [Windows Hello for Business](hello-for-business/hello-identity-verification.md) ## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) ### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md) @@ -43,11 +42,6 @@ #### [Smart Card Group Policy and Registry Settings](smart-cards/smart-card-group-policy-and-registry-settings.md) #### [Smart Card Events](smart-cards/smart-card-events.md) -### [User Account Control](user-account-control\user-account-control-overview.md) -#### [How User Account Control works](user-account-control\how-user-account-control-works.md) -#### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md) -#### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md) - ### [Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-overview.md) #### [Understanding and Evaluating Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md) ##### [Get Started with Virtual Smart Cards: Walkthrough Guide](virtual-smart-cards\virtual-smart-card-get-started.md) @@ -56,6 +50,13 @@ ##### [Evaluate Virtual Smart Card Security](virtual-smart-cards\virtual-smart-card-evaluate-security.md) #### [Tpmvscmgr](virtual-smart-cards\virtual-smart-card-tpmvscmgr.md) +## [Enterprise Certificate Pinning](enterprise-certificate-pinning.md) + +## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) + +## [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md) + +## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) ## [VPN technical guide](vpn\vpn-guide.md) ### [VPN connection types](vpn\vpn-connection-type.md) @@ -67,8 +68,4 @@ ### [VPN security features](vpn\vpn-security-features.md) ### [VPN profile options](vpn\vpn-profile-options.md) ### [How to configure Diffie Hellman protocol over IKEv2 VPN connections](vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md) -### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md) -### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md) - -## [Windows Hello for Business](hello-for-business/hello-identity-verification.md) - +### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md) \ No newline at end of file diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md index 5516d2dc33..2743a5eb64 100644 --- a/windows/security/identity-protection/access-control/access-control.md +++ b/windows/security/identity-protection/access-control/access-control.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 07/18/2017 --- diff --git a/windows/security/identity-protection/access-control/active-directory-accounts.md b/windows/security/identity-protection/access-control/active-directory-accounts.md index 18260aeb64..f9fd22c432 100644 --- a/windows/security/identity-protection/access-control/active-directory-accounts.md +++ b/windows/security/identity-protection/access-control/active-directory-accounts.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index d0a9735761..0b2f989db7 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/dynamic-access-control.md b/windows/security/identity-protection/access-control/dynamic-access-control.md index 168780b269..ee4a831edc 100644 --- a/windows/security/identity-protection/access-control/dynamic-access-control.md +++ b/windows/security/identity-protection/access-control/dynamic-access-control.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 53820f7491..2fefc6e157 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -5,16 +5,24 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.date: 12/10/2018 +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium +ms.date: 02/28/2019 --- # Local Accounts **Applies to** - Windows 10 +- Windows Server 2019 - Windows Server 2016 -This reference topic for the IT professional describes the default local user accounts for servers, including how to manage these built-in accounts on a member or standalone server. This topic does not describe the default local user accounts for an Active Directory domain controller. +This reference topic for IT professionals describes the default local user accounts for servers, including how to manage these built-in accounts on a member or standalone server. ## About local user accounts @@ -30,6 +38,8 @@ This topic describes the following: - [HelpAssistant account (installed by using a Remote Assistance session)](#sec-helpassistant) + - [DefaultAccount](#defaultaccount) + - [Default local system accounts](#sec-localsystem) - [How to manage local accounts](#sec-manage-accounts) @@ -46,42 +56,29 @@ For information about security principals, see [Security Principals](security-pr ## Default local user accounts +The default local user accounts are built-in accounts that are created automatically when you install Windows. -The default local user accounts are built-in accounts that are created automatically when you install the Windows Server operating system on a stand-alone server or member server. The **Applies To** list at the beginning of this article designates the Windows operating systems to which this topic applies. - -After the Windows Server operating system is installed, the default local user accounts cannot be removed or deleted. In addition, default local user accounts do not provide access to network resources. +After Windows is installed, the default local user accounts cannot be removed or deleted. In addition, default local user accounts do not provide access to network resources. Default local user accounts are used to manage access to the local server’s resources based on the rights and permissions that are assigned to the account. The default local user accounts, and the local user accounts that you create, are located in the Users folder. The Users folder is located in the Local Users and Groups folder in the local Computer Management Microsoft Management Console (MMC). Computer Management is a collection of administrative tools that you can use to manage a single local or remote computer. For more information, see [How to manage local accounts](#sec-manage-accounts) later in this topic. -The default local user accounts that are provided include the Administrator account, Guest account and HelpAssistant account. Each of these default local user accounts is described in the following sections. +Default local user accounts are described in the following sections. ### Administrator account -The default local Administrator account is a user account for the system administrator. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the installation for all Windows Server operating systems, and for Windows client operating systems. +The default local Administrator account is a user account for the system administrator. Every computer has an Administrator account (SID S-1-5-*domain*-500, display name Administrator). The Administrator account is the first account that is created during the Windows installation. -For Windows Server operating systems, the Administrator account gives the user full control of the files, directories, services, and other resources that are under the control of the local server. The Administrator account can be used to create local users, and assign user rights and access control permissions. The Administrator account can also be used take control of local resources at any time simply by changing the user rights and permissions. +The Administrator account has full control of the files, directories, services, and other resources on the local computer. The Administrator account can create other local users, assign user rights, and assign permissions. The Administrator account can take control of local resources at any time simply by changing the user rights and permissions. The default Administrator account cannot be deleted or locked out, but it can be renamed or disabled. -The default Administrator account is initially installed differently for Windows Server operating systems, and the Windows client operating systems. The following table provides a comparison. - -| Default restriction | Windows Server operating systems | Windows client operating systems | -|---------------------|----------------------------------|----------------------------------| -| Administrator account is disabled on installation | No | Yes | -| Administrator account is set up on first sign-in | Yes | No, keep disabled | -| Administrator account is used to set up the local server or client computer | Yes | No, use a local user account with **Run as administrator** to obtain administrative rights | -| Administrator account requires a strong password when it is enabled | Yes | Yes | -| Administrator account can be disabled, locked out, or renamed | Yes | Yes | - -In summary, for Windows Server operating systems, the Administrator account is used to set up the local server only for tasks that require administrative rights. The default Administrator account is set up by using the default settings that are provided on installation. Initially, the Administrator account is not associated with a password. After installation, when you first set up Windows Server, your first task is to set up the Administrator account properties securely. This includes creating a strong password and securing the **Remote control** and **Remote Desktop Services Profile** settings. You can also disable the Administrator account when it is not required. - -In comparison, for the Windows client operating systems, the Administrator account has access to the local system only. The default Administrator account is initially disabled by default, and this account is not associated with a password. It is a best practice to leave the Administrator account disabled. The default Administrator account is considered only as a setup and disaster recovery account, and it can be used to join the computer to a domain. When administrator access is required, do not sign in as an administrator. You can sign in to your computer with your local (non-administrator) credentials and use **Run as administrator**. +In Windows 10 and Windows Server 20016, Windows setup disables the built-in Administrator account and creates another local account that is a member of the Administrators group. Members of the Administrators groups can run apps with elevated permissions without using the **Run as Administrator** option. Fast User Switching is more secure than using Runas or different-user elevation. **Account group membership** By default, the Administrator account is installed as a member of the Administrators group on the server. It is a best practice to limit the number of users in the Administrators group because members of the Administrators group on a local server have Full Control permissions on that computer. -The Administrator account cannot be deleted or removed from the Administrators group, but it can be renamed or disabled. +The Administrator account cannot be deleted or removed from the Administrators group, but it can be renamed. **Security considerations** @@ -115,53 +112,78 @@ By default, the Guest account is the only member of the default Guests group (SI **Security considerations** -When an administrator enables the Guest account, it is a best practice to create a strong password for this account. In addition, the administrator on the computer should also grant only limited rights and permissions for the Guest account. For security reasons, the Guest account should not be used over the network and made accessible to other computers. - -When a computer is shutting down or starting up, it is possible that a guest user or anyone with local access could gain unauthorized access to the computer. To help prevent this risk, do not grant the Guest account the [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system) user right. +When enabling the Guest account, only grant limited rights and permissions. For security reasons, the Guest account should not be used over the network and made accessible to other computers. In addition, the guest user in the Guest account should not be able to view the event logs. After the Guest account is enabled, it is a best practice to monitor the Guest account frequently to ensure that other users cannot use services and other resources, such as resources that were unintentionally left available by a previous user. -### HelpAssistant account (installed by using a Remote Assistance session) -The default HelpAssistant account is enabled when a Windows Remote Assistance session is run. The Windows Remote Assistance session can be used to connect from the server to another computer running the Windows operating system. For solicited remote assistance, a user initiates a Windows Remote Assistance session, and it is initiated by invitation. For solicited remote assistance, a user sends an invitation from their computer, through e-mail or as a file, to a person who can provide assistance. +### DefaultAccount -After the user’s invitation for a Windows Remote Assistance session is accepted, the default HelpAssistant account is automatically created. The HelpAssistant account provides limited access to the computer to the person who provides assistance. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service. The HelpAssistant account is automatically deleted after there are no Remote Assistance requests are pending. +The DefaultAccount, also known as the Default System Managed Account (DSMA), is a built-in account introduced in Windows 10 version 1607 and Windows Server 2016. +The DMSA is a well-known user account type. +It is a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic. +The DMSA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. -The security identifiers (SIDs) that pertain to the default HelpAssistant account include: +The DMSA has a well-known RID of 503. The security identifier (SID) of the DMSA will thus have a well-known SID in the following format: S-1-5-21--503 -- SID: S-1-5-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. +The DMSA is a member of the well-known group **System Managed Accounts Group**, which has a well-known SID of S-1-5-32-581. -- SID: S-1-5-14, display name Remote Interactive Logon. This group includes all users who sign in to the computer by using Remote Desktop Connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID. +The DMSA alias can be granted access to resources during offline staging even before the account itself has been created. The account and the group are created during first boot of the machine within the Security Accounts Manager (SAM). -For the Windows Server operating system, Remote Assistance is an optional component that is not installed by default. You must install Remote Assistance before it can be used. +#### How Windows uses the DefaultAccount +From a permission perspective, the DefaultAccount is a standard user account. +The DefaultAccount is needed to run multi-user-manifested-apps (MUMA apps). +MUMA apps run all the time and react to users signing in and signing out of the devices. +Unlike Windows Desktop where apps run in context of the user and get terminated when the user signs off, MUMA apps run by using the DSMA. -In comparison, for the Windows client operating system, the HelpAssistant account is enabled on installation by default. +MUMA apps are functional in shared session SKUs such as Xbox. For example, Xbox shell is a MUMA app. +Today, Xbox automatically signs in as Guest account and all apps run in this context. +All the apps are multi-user-aware and respond to events fired by user manager. +The apps run as the Guest account. + +Similarly, Phone auto logs in as a “DefApps” account which is akin to the standard user account in Windows but with a few extra privileges. Brokers, some services and apps run as this account. + +In the converged user model, the multi-user-aware apps and multi-user-aware brokers will need to run in a context different from that of the users. +For this purpose, the system creates DSMA. + +#### How the DefaultAccount gets created on domain controllers + +If the domain was created with domain controllers that run Windows Server 2016, the DefaultAccount will exist on all domain controllers in the domain. +If the domain was created with domain controllers that run an earlier version of Windows Server, the DefaultAccount will be created after the PDC Emulator role is transferred to a domain controller that runs Windows Server 2016. The DefaultAccount will then be replicated to all other domain controllers in the domain. + +#### Recommendations for managing the Default Account (DSMA) + +Microsoft does not recommend changing the default configuration, where the account is disabled. There is no security risk with having the account in the disabled state. Changing the default configuration could hinder future scenarios that rely on this account. ## Default local system accounts +### SYSTEM +The SYSTEM account is used by the operating system and by services that run under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account’s user rights. It is an internal account that does not show up in User Manager, and it cannot be added to any groups. -The system account and the Administrator account of the Administrators group have the same file rights and permissions, but they have different functions. The system account is used by the operating system and by services that run under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The system account was designed for that purpose. It is an internal account that does not show up in User Manager, it cannot be added to any groups, and it cannot have user rights assigned to it. - -On the other hand, the system account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the system account is granted Full Control permissions to all files on an NTFS volume. Here the system account has the same functional rights and permissions as the Administrator account. +On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the **Permissions** portion of the **Security** menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account. **Note**   -To grant the account Administrators group file permissions does not implicitly give permission to the system account. The system account's permissions can be removed from a file, but we do not recommend removing them. +To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them. -  +### NETWORK SERVICE +The NETWORK SERVICE account is a predefined local account used by the service control manager (SCM). A service that runs in the context of the NETWORK SERVICE account presents the computer's credentials to remote servers. For more information, see [NetworkService Account](https://docs.microsoft.com/windows/desktop/services/networkservice-account). + +### LOCAL SERVICE +The LOCAL SERVICE account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network. For more information, see [LocalService Account](https://docs.microsoft.com/windows/desktop/services/localservice-account). ## How to manage local user accounts -The default local user accounts, and the local user accounts that you create, are located in the Users folder. The Users folder is located in the Local Users and Groups folder in the local Computer Management Microsoft Management Console (MMC), a collection of administrative tools that you can use to manage a single local or remote computer. For more information about creating and managing local user accounts, see [Manage Local Users](https://technet.microsoft.com/library/cc731899.aspx). +The default local user accounts, and the local user accounts that you create, are located in the Users folder. The Users folder is located in Local Users and Groups. For more information about creating and managing local user accounts, see [Manage Local Users](https://technet.microsoft.com/library/cc731899.aspx). You can use Local Users and Groups to assign rights and permissions on the local server, and that server only, to limit the ability of local users and groups to perform certain actions. A right authorizes a user to perform certain actions on a server, such as backing up files and folders or shutting down a server. An access permission is a rule that is associated with an object, usually a file, folder, or printer. It regulates which users can have access to an object on the server and in what manner. -You cannot use Local Users and Groups to view local users and groups after a member server is used as a domain controller. However, you can use Local Users and Groups on a domain controller to target remote computers that are not domain controllers on the network. +You cannot use Local Users and Groups on a domain controller. However, you can use Local Users and Groups on a domain controller to target remote computers that are not domain controllers on the network. **Note**   -You use Active Directory Users and Computers to manage users and groups in Active Directory. +You use Active Directory Users and Computers to manage users and groups in Active Directory.loca -  +You can also manage local users by using NET.EXE USER and manage local groups by using NET.EXE LOCALGROUP, or by using a variety of PowerShell cmdlets and other scripting technologies. ### Restrict and protect local accounts with administrative rights @@ -192,7 +214,7 @@ UAC makes it possible for an account with administrative rights to be treated as In addition, UAC can require administrators to specifically approve applications that make system-wide changes before those applications are granted permission to run, even in the administrator's user session. -For example, a default feature of UAC is shown when a local account signs in from a remote computer by using Network logon (for example, by using NET.EXE USE). In this instance, it is issued a standard user token with no administrative rights, but with the ability to request or receive elevation. Consequently, local accounts that sign in by using Network logon cannot access administrative shares such as C$, or ADMIN$, or perform any remote administration. +For example, a default feature of UAC is shown when a local account signs in from a remote computer by using Network logon (for example, by using NET.EXE USE). In this instance, it is issued a standard user token with no administrative rights, but without the ability to request or receive elevation. Consequently, local accounts that sign in by using Network logon cannot access administrative shares such as C$, or ADMIN$, or perform any remote administration. For more information about UAC, see [User Account Control](/windows/access-protection/user-account-control/user-account-control-overview). @@ -263,6 +285,9 @@ The following table shows the Group Policy and registry settings that are used t + +>[!NOTE] +>You can also enforce the default for LocalAccountTokenFilterPolicy by using the custom ADMX in Security Templates.   **To enforce local account restrictions for remote access** @@ -285,7 +310,7 @@ The following table shows the Group Policy and registry settings that are used t 6. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by doing the following: - 1. Navigate to the Computer Configuration\\Policies\\Windows Settings, and > **Security Options**. + 1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and > **Security Options**. 2. Double-click **User Account Control: Run all administrators in Admin Approval Mode** > **Enabled** > **OK**. @@ -367,8 +392,8 @@ The following table shows the Group Policy settings that are used to deny networ

    Policy setting

    -

    User name of the default Administrator account

    -

    (Might be renamed through policy.)

    +

    Local account and member of Administrators group

    +

    2

    @@ -383,8 +408,8 @@ The following table shows the Group Policy settings that are used to deny networ

    Policy setting

    -

    User name of the default Administrator account

    -

    (Might be renamed through policy).

    +

    Local account and member of Administrators group

    + @@ -409,35 +434,19 @@ The following table shows the Group Policy settings that are used to deny networ 6. Configure the user rights to deny network logons for administrative local accounts as follows: - 1. Navigate to the Computer Configuration\\Policies\\Windows Settings, and > **User Rights Assignment**. + 1. Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\, and > **User Rights Assignment**. - 2. Double-click **Deny access to this computer from the network**, and > **Define these policy settings**. + 2. Double-click **Deny access to this computer from the network**. - 3. Click **Add User or Group**, type the name of the default Administrator account, and > **OK**. The default name is Administrator on US English installations, but it can be renamed either by policy or manually. - - ![local accounts 9](images/localaccounts-proc2-sample3.png) - - **Important**   - In the **User and group names** box, type the user name of the account that you identified at the start of this process. Do not click **Browse** and do not type the domain name or the local computer name in this dialog box. For example, type only **Administrator**. If the text that you typed resolved to a name that is underlined, includes a computer name, or includes the domain, it restricts the wrong account and causes this mitigation to work incorrectly. Also, be careful that you do not enter the group name Administrator to prevent blocking domain accounts in that group. - -   - - 4. For any additional local accounts in the Administrators group on all of the workstations that you are configuring, click **Add User or Group**, type the user names of these accounts in the dialog box in the same manner as described in the previous step, and then click **OK**. + 3. Click **Add User or Group**, type **Local account and member of Administrators group**, and > **OK**. 7. Configure the user rights to deny Remote Desktop (Remote Interactive) logons for administrative local accounts as follows: 1. Navigate to Computer Configuration\\Policies\\Windows Settings and Local Policies, and then click **User Rights Assignment**. - 2. Double-click **Deny log on through Remote Desktop Services**, and then select **Define these settings**. + 2. Double-click **Deny log on through Remote Desktop Services**. - 3. Click **Add User or Group**, type the user name of the default Administrator account, and > **OK**. (The default name is Administrator on US English installations, but it can be renamed either by policy or manually. - - **Important**   - In the **User and group names** box, type the user name of the account that you identified at the start of this process. Do not click **Browse** and do not type the domain name or the local computer name in this dialog box. For example, type only **Administrator**. If the text that you typed resolves to a name that is underlined or includes a domain name, it restricts the wrong account and causes this mitigation to work incorrectly. Also, be careful that you do not enter the group name Administrator because this also blocks domain accounts in that group. - -   - - 4. For any additional local accounts in the Administrators group on all of the workstations that you are setting up, click **Add User or Group**, type the user names of these accounts in the dialog box in the same manner as the previous step, and > **OK**. + 3. Click **Add User or Group**, type type **Local account and member of Administrators group**, and > **OK**. 8. Link the GPO to the first **Workstations** OU as follows: @@ -456,7 +465,6 @@ The following table shows the Group Policy settings that are used to deny networ **Note**   You might have to create a separate GPO if the user name of the default Administrator account is different on workstations and servers. -   ### Create unique passwords for local accounts with administrative rights diff --git a/windows/security/identity-protection/access-control/microsoft-accounts.md b/windows/security/identity-protection/access-control/microsoft-accounts.md index f1071d55e7..38c26d9546 100644 --- a/windows/security/identity-protection/access-control/microsoft-accounts.md +++ b/windows/security/identity-protection/access-control/microsoft-accounts.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 10/13/2017 --- diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index 19f600c354..f0034aa645 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/security-principals.md b/windows/security/identity-protection/access-control/security-principals.md index 75137c70cb..8442ef86cb 100644 --- a/windows/security/identity-protection/access-control/security-principals.md +++ b/windows/security/identity-protection/access-control/security-principals.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md index c210880baa..1569d03c49 100644 --- a/windows/security/identity-protection/access-control/service-accounts.md +++ b/windows/security/identity-protection/access-control/service-accounts.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index 4a7b685722..86165f1bf1 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -5,6 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/change-history-for-access-protection.md b/windows/security/identity-protection/change-history-for-access-protection.md index ceecf5c712..b2b7f6daf9 100644 --- a/windows/security/identity-protection/change-history-for-access-protection.md +++ b/windows/security/identity-protection/change-history-for-access-protection.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 08/11/2017 --- diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md index e5086ff9c0..b6fa386ae3 100644 --- a/windows/security/identity-protection/configure-s-mime.md +++ b/windows/security/identity-protection/configure-s-mime.md @@ -7,7 +7,12 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jdeckerms +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index 2ce6157d51..39d4a423a8 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md index 41b2e20eb2..b3c0ba0502 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/31/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md index 5f0414102b..0e10a79093 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md index 876bf45bbc..d999f556ba 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md index 66069f5d73..d46ed8851c 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md @@ -6,8 +6,13 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft -ms.date: 09/04/2018 +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.date: 03/01/2019 --- # Manage Windows Defender Credential Guard @@ -152,25 +157,19 @@ To disable Windows Defender Credential Guard, you can use the following set of p > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. 3. Delete the Windows Defender Credential Guard EFI variables by using bcdedit. From an elevated command prompt, type the following commands: + ``` syntax - mountvol X: /s - copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y - bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" - bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO - + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - + bcdedit /set hypervisorlaunchtype off mountvol X: /d - ``` + 2. Restart the PC. 3. Accept the prompt to disable Windows Defender Credential Guard. 4. Alternatively, you can disable the virtualization-based security features to turn off Windows Defender Credential Guard. @@ -186,7 +185,7 @@ For more info on virtualization-based security and Windows Defender Device Guard You can also disable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). ``` -DG_Readiness_Tool_v3.5.ps1 -Disable -AutoReboot +DG_Readiness_Tool_v3.6.ps1 -Disable -AutoReboot ``` #### Disable Windows Defender Credential Guard for a virtual machine diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md index f5edbab628..a83bbf8af8 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index b41c2815de..0277d8dcf5 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index 515338ce7e..68c7ae9ccb 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 01/12/2018 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index 9ac7b4a335..f6c5fda88e 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -6,7 +6,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md index d541979fb9..54db450ede 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard.md +++ b/windows/security/identity-protection/credential-guard/credential-guard.md @@ -7,7 +7,12 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.date: 08/17/2017 --- diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md index 7732d4dcb7..aa7b5c3ba4 100644 --- a/windows/security/identity-protection/enterprise-certificate-pinning.md +++ b/windows/security/identity-protection/enterprise-certificate-pinning.md @@ -1,10 +1,14 @@ --- +title: Enterprise Certificate Pinning ms.mktglfcycl: manage ms.sitesec: library -ms.author: mstephens -author: MikeStephens-MS description: Enterprise certificate pinning is a Windows feature for remembering, or “pinning” a root, issuing certificate authority, or end entity certificate to a given domain name. -manager: alanth +audience: ITPro +author: MikeStephens-MS +ms.author: mstephens +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.prod: w10 ms.technology: windows ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index 94caf55f34..768730bf01 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -5,9 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: aabhathipsay ms.author: aathipsa -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 02/15/2019 --- # WebAuthn APIs for password-less authentication on Windows 10 diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 5bc351b6ed..1f39421330 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 03/20/2018 --- # Multifactor Unlock diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index 69c2f928e5..bd94c85aeb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index 4602d7703e..097b826fd6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: DaniHalfin -ms.localizationpriority: medium +audience: ITPro +author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 07/27/2017 --- # Windows Hello and password changes diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index aa575dd8a2..e4763d7e10 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 4cf3f03202..2f9757d9d9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md index be690848aa..e6b69e32b2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-deploy-mfa.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure or Deploy Multifactor Authentication Services @@ -104,7 +108,7 @@ Sign in the domain controller with _domain administrator_ equivalent credentials ##### Add accounts to the Phonefactor Admins group 1. Open **Active Directory Users and Computers**. -2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select Users. In the content pane. Right-click the **Phonefactors Admin** security group and select **Properties**. +2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select Users. In the content pane. Right-click the **Phonefactor Admins** security group and select **Properties**. 3. Click the **Members** tab. 4. Click **Add**. Click **Object Types..** In the **Object Types** dialog box, select **Computers** and click **OK**. Enter the following user and/or computers accounts in the **Enter the object names to select** box and then click **OK**. * The computer account for the primary MFA Server @@ -185,7 +189,7 @@ The User Portal and Mobile Application web services need to communicate with the Adding the WebServices SDK user account to the Phonefactor Admins group provides the user account with the proper authorization needed to access the configuration data on the primary MFA server using the WebServices SDK. 1. Open **Active Directory Users and Computers**. -2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select **Users**. In the content pane. Right-click the **Phonefactors Admin** security group and select Properties. +2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select **Users**. In the content pane. Right-click the **Phonefactor Admins** security group and select Properties. 3. Click the Members tab. 4. Click **Add**. Click **Object Types..** Type the PFWSDK_ user name in the **Enter the object names to select** box and then click **OK**. * The computer account for the primary MFA Server diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index f33d7bbf02..1528aad8e3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Configure Windows Hello for Business Policy settings @@ -126,7 +130,7 @@ Windows 10 provides eight PIN Complexity Group Policy settings that give you gra * Require special characters * Require uppercase letters -In the Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under Administrative Templates\System\PIN Complexity under both the Computer and User Configuration nodes of the Group Policy editor. +In the Windows 10, version 1703, the PIN complexity Group Policy settings have moved to remove misunderstanding that PIN complexity policy settings were exclusive to Windows Hello for Business. The new location of these Group Policy settings is under Computer Configuration\Administrative Templates\System\PIN Complexity in the Group Policy editor. ## Review @@ -153,4 +157,4 @@ Users must receive the Windows Hello for Business group policy settings and have 2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md) 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) -5. Configure Windows Hello for Business Policy settings (*You are here*) \ No newline at end of file +5. Configure Windows Hello for Business Policy settings (*You are here*) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 9c64a37ec4..18164a1c75 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Validate Active Directory prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index ea525b612e..ac2f4ba332 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Validate and Deploy Multifactor Authentication Services (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 294064bd90..89d53fc368 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Validate and Configure Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index 0945e7436d..4aeeb5bb8b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # On Premises Certificate Trust Deployment @@ -26,16 +30,4 @@ Below, you can find all the information you will need to deploy Windows Hello fo 2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md) 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-cert-trust-validate-deploy-mfa.md) -5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) - - - - - - - - - - - - +5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index d2b2d4db85..36e3dad339 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/29/2018 --- # Windows Hello for Business Deployment Guide diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 1c7fd1f995..0d99dddd85 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # On Premises Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index f5b102d219..d392da1bd0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: DaniHalfin -ms.localizationpriority: medium +audience: ITPro +author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: troubleshooting +ms.localizationpriority: medium ms.date: 05/05/2018 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index 2aac336bfc..9de0743e58 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: DaniHalfin -ms.localizationpriority: medium +audience: ITPro +author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index c34aaa4692..4cbd7ca983 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business Frequently Ask Questions diff --git a/windows/security/identity-protection/hello-for-business/hello-features.md b/windows/security/identity-protection/hello-for-business/hello-features.md index 09530fefa8..280135c5b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-features.md +++ b/windows/security/identity-protection/hello-for-business/hello-features.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 05/05/2018 --- # Windows Hello for Business Features diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index a3d175023d..5a2a096de4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -5,9 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business and Authentication diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md index ce4c2db9b8..5bdfbc21f8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-device-registration.md @@ -5,9 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business and Device Registration diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 9ccd6b2fb8..789395a1bf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -5,9 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md index 7297f63ac7..e3304e2432 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-tech-deep-dive.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Technical Deep Dive diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index ab1a856a27..936c4a59e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -5,9 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 10/08/2018 --- # Technology and Terms diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 8f2df655ab..d5904c2e0e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -5,9 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 05/05/2018 --- # How Windows Hello for Business works diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 42d6273775..4ddd3e27d4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index dda2b53178..c7fd156e98 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Using Certificates for AADJ On-premises Single-sign On diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 063a6f0ffc..ed400300f7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Azure AD Join Single Sign-on Deployment Guides diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 376c0f16f1..4b487da424 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business Certificate Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 74d04ce826..cfbf292815 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/18/2018 --- # Configure Device Registration for Hybrid Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 92edeb0db7..71ad012ce7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Hybrid Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 2ee49c9aae..317a2481b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 09/08/2017 --- # Hybrid Azure AD joined Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index a0296bf8a4..461d86ca82 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Hybrid Windows Hello for Business Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 4395d9c432..4f7dca8320 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configuring Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 25208af1bd..fb95263ea4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Configure Windows Hello for Business: Active Directory Federation Services diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 7464c27892..559462a9db 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 10/23/2017 --- # Configure Hybrid Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index f14eedf3af..56921a06b0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 9728d0ac98..0ffc39e4d5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Hybrid Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index f3f298b684..49af90f1e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index ec4aa1375e..27ed68512f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business Key Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 496b9711d3..baf9a0401a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Device Registration for Hybrid key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index ce2e65c934..3e829f4aa7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Directory Synchronization for Hybrid key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index b6cbd28438..aebc17a2ae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Hybrid Key trust Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 5387747964..6759f1e112 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Hybrid Azure AD joined Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 06a470b1ce..47f83cea11 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Hybrid Windows Hello for Business Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index c2821a19f1..1e1d1effdc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Configuring Hybrid key trust Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 70dd6093e7..4ef86bfee8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Hybrid Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index d21998d065..3382dcb530 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index ef10959add..9f081c920a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -localizationpriority: high +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Configure Hybrid Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index c28c97dce0..448963dfbd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Hybrid Windows Hello for Business key trust settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 9c0f5c3a35..672ad0f33f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 05/05/2018 --- # Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 0d2f3c602d..5cef71faf7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md index b8d18d2c76..1d92e64857 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-deploy-mfa.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure or Deploy Multifactor Authentication Services @@ -104,7 +108,7 @@ Sign in the domain controller with _domain administrator_ equivalent credentials ##### Add accounts to the Phonefactor Admins group 1. Open **Active Directory Users and Computers**. -2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select Users. In the content pane. Right-click the **Phonefactors Admin** security group and select **Properties**. +2. In the navigation pane, expand the node with the organization’s Active Directory domain name. Select Users. In the content pane. Right-click the **Phonefactor Admins** security group and select **Properties**. 3. Click the **Members** tab. 4. Click **Add**. Click **Object Types..** In the **Object Types** dialog box, select **Computers** and click **OK**. Enter the following user and/or computers accounts in the **Enter the object names to select** box and then click **OK**. * The computer account for the primary MFA Server @@ -224,7 +228,7 @@ See [Configure Azure Multi-Factor Authentication Server to work with AD FS in Wi Sign-in the federation server with _Domain Admin_ equivalent credentials and follow [To install and configure the Azure Multi-Factor Authentication server](https://docs.microsoft.com/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#to-install-and-configure-the-azure-multi-factor-authentication-server) for an express setup with the configuration wizard. You can re-run the authentication wizard by selecting it from the Tools menu on the server. >[!IMPORTANT] ->Only follow the above mention article to install Azure MFA Server. Once it is intstalled, continue configuration using this article. +>Only follow the above mention article to install Azure MFA Server. Once it is installed, continue configuration using this article. ### Configuring Company Settings @@ -541,4 +545,4 @@ The Multi-Factor Authentication server communicates with the Azure MFA cloud ser 2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md) 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md) -5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) \ No newline at end of file +5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index f9c8f46088..e8cd8acaa1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Configure Windows Hello for Business Policy settings diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 9c5067319d..4bd120cf26 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -7,9 +7,13 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile author: DaniHalfin -ms.localizationpriority: medium +audience: ITPro author: mikestephens-MS ms.author: mstephen +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Validate Active Directory prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 5c80c9502b..11c3a1d90a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Validate and Deploy Multifactor Authentication Services (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 7a7999914a..8c28287378 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Validate and Configure Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index f367ae301e..56c4b7a2a8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: DaniHalfin -ms.localizationpriority: medium +audience: ITPro +author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 10/18/2017 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 09dfdad4dc..773be29f77 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: conceptual +localizationpriority: medium --- # Windows Hello for Business Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index b762cb48f0..b95f3a6b88 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: conceptual ms.date: 08/19/2018 --- # Planning a Windows Hello for Business Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 363636202f..9f76cf67c8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security +audience: ITPro author: mikestephens-MS ms.author: mstephen -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 6c6251b3f1..cea13ff9d2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/19/2018 --- # Windows Hello for Business Videos diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index c7eae511cd..388993c2d8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -7,9 +7,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: DaniHalfin -ms.localizationpriority: medium +audience: ITPro +author: danihalfin ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 10/23/2017 --- diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index fb9afb773b..376a238c8e 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,14 +1,18 @@ --- title: Microsoft-compatible security key -description: Windows10 enables users to sign in to their device using a security key. How is a Microsoft-compatible security key different (and better) than any other FIDO2 security key +description: Windows 10 enables users to sign in to their device using a security key. How is a Microsoft-compatible security key different (and better) than any other FIDO2 security key keywords: FIDO2, security key, CTAP, Hello, WHFB ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: aabhathipsay ms.author: aathipsa -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 11/14/2018 --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 0156ec9a78..5f1296e64e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -6,9 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: mikestephens-MS ms.author: mstephen -localizationpriority: high +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 08/20/2018 --- # Password-less Strategy diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 43aca85f75..1ed55612fa 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -1,14 +1,18 @@ --- title: Reset-security-key -description: Windows10 enables users to sign in to their device using a security key. How to reset a security key +description: Windows�10 enables users to sign in to their device using a security key. How to reset a security key keywords: FIDO2, security key, CTAP, Microsoft-compatible security key ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile +audience: ITPro author: aabhathipsay ms.author: aathipsa -ms.localizationpriority: medium +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +localizationpriority: medium ms.date: 11/14/2018 --- # How to reset a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md index de55fa465e..c286b36226 100644 --- a/windows/security/identity-protection/hello-for-business/toc.md +++ b/windows/security/identity-protection/hello-for-business/toc.md @@ -1,6 +1,14 @@ # [Windows Hello for Business](hello-identity-verification.md) +##[Password-less Strategy](passwordless-strategy.md) + ## [Windows Hello for Business Overview](hello-overview.md) +## [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md) +## [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) + +## [Windows Hello for Business Features](hello-features.md) +### [Multifactor Unlock](feature-multifactor-unlock.md) + ## [How Windows Hello for Business works](hello-how-it-works.md) ### [Technical Deep Dive](hello-how-it-works.md#technical-deep-dive) #### [Technology and Terminology](hello-how-it-works-technology.md) @@ -8,17 +16,12 @@ #### [Provisioning](hello-how-it-works-provisioning.md) #### [Authentication](hello-how-it-works-authentication.md) -## [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md) -## [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md) -## [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) -## [Windows Hello and password changes](hello-and-password-changes.md) -## [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) -## [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -## [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) - ## [Planning a Windows Hello for Business Deployment](hello-planning-guide.md) +## [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md) + ## [Windows Hello for Business Deployment Guide](hello-deployment-guide.md) + ### [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md) #### [Prerequisites](hello-hybrid-key-trust-prereqs.md) #### [New Installation Baseline](hello-hybrid-key-new-install.md) @@ -53,10 +56,11 @@ ##### [Configure or Deploy Multifactor Authentication Services](hello-cert-trust-deploy-mfa.md) #### [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md) -## [Windows Hello for Business Features](hello-features.md) -### [Multifactor Unlock](feature-multifactor-unlock.md) +## [Windows Hello and password changes](hello-and-password-changes.md) +## [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) ## [Windows Hello for Business Frequently Asked Questions (FAQ)](hello-faq.md) ### [Windows Hello for Business Videos](hello-videos.md) -##[Password-less Strategy](passwordless-strategy.md) \ No newline at end of file +## [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) +## [Event ID 300 - Windows Hello successfully created](hello-event-300.md) \ No newline at end of file diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index 1e0b600031..b6001998ed 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 02/05/2018 --- diff --git a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md index 0c5455cd58..07bb80474c 100644 --- a/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md +++ b/windows/security/identity-protection/installing-digital-certificates-on-windows-10-mobile.md @@ -7,7 +7,12 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jdeckerms +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index 3312502f59..d4040d63f5 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 01/12/2018 --- # Protect Remote Desktop credentials with Windows Defender Remote Credential Guard diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index 39707aa3da..afcbf6f6a8 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index e33b59d31c..89bbf2b1b7 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md index 58d230fb04..62c98ae6fb 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index 4354757189..e529dc00ea 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index 52c470aa92..8c99bb0570 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md index 0c626949d6..facd8ddf40 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-events.md +++ b/windows/security/identity-protection/smart-cards/smart-card-events.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index e30638b697..bb6e5da969 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md index f9df3d2d77..ea407b1937 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md +++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md index 5d613942c1..34b355d1cd 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md index 196bb6e4ec..634ec44834 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md index 886bad7bf9..5b0a21f2f9 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md index fa41a42f7d..bf3020f5bd 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md +++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index 851edc7279..f478817d07 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -6,7 +6,13 @@ ms.prod: w10 ms.mktglfcycl: operate ms.sitesec: library ms.pagetype: security -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 11/16/2018 --- diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md index 0854da77c6..9f3048c408 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index b208897c14..786f8d9b6e 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -7,7 +7,13 @@ ms.mktglfcycl: operate ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index 00b9bc3573..4b0bf32fe5 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -6,7 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md index 06c5e2b538..766f4cf4a7 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md index 32ad78341e..65c4b4ded6 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md index 3565c5e1c6..46c153bf96 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index b2e25477d9..e95e0215c2 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: conceptual +ms.localizationpriority: medium ms.date: 10/13/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md index 6b41c05246..55a77a6140 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md index 60bc3ab032..a770e703ca 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md index 00d53274ff..9e9a8627c3 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md @@ -5,7 +5,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: Justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 10/13/2017 --- diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index 9ad00797a5..13fc6ad9e2 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -6,7 +6,13 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: justinha +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 6fecccdc81..89aeaf1312 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/21/2017 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md index d90cb76d42..ba3d34afe1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/03/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index cf809e8fc8..592be01143 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index d4ebe56664..2655d0474e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/06/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md index adaf53c91e..28ec21a3bf 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/25/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md index e810ee9889..26f1385795 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md +++ b/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/03/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 64800a4fe1..5107934ed4 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/03/2017 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 491f941bf8..e505fa5f8d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -6,8 +6,12 @@ ms.prod: windows-server-threshold ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft -ms.date: 02/04/2019 +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/19/2019 --- # BitLocker: How to deploy on Windows Server 2012 and later @@ -41,12 +45,7 @@ Windows PowerShell offers administrators another option for BitLocker feature in   ### Using the servermanager module to install BitLocker -The `servermanager` Windows PowerShell module can use either the `Install-WindowsFeature` or `Add-WindowsFeature` to install the BitLocker feature. The `Add-WindowsFeature` cmdlet is merely a stub to the `Install-WindowsFeature`. This example uses the `Install-WindowsFeature` cmdlet. The feature name for BitLocker in the `servermanager` module is `BitLocker`. This can be determined using the `Get-WindowsFeature` cmdlet with a query such as: - -``` syntax -Get-WindowsFeature Bit -``` -The results of this command displays a table of all of the feature names beginning with “Bit” as their prefix. This allows you to confirm that the feature name is `BitLocker` for the BitLocker feature. +The `servermanager` Windows PowerShell module can use either the `Install-WindowsFeature` or `Add-WindowsFeature` to install the BitLocker feature. The `Add-WindowsFeature` cmdlet is merely a stub to the `Install-WindowsFeature`. This example uses the `Install-WindowsFeature` cmdlet. The feature name for BitLocker in the `servermanager` module is `BitLocker`. By default, installation of features in Windows PowerShell does not include optional sub-features or management tools as part of the install process. This can be seen using the `-WhatIf` option in Windows PowerShell. diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 4643595543..321a0ffe66 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: brianlic-msft -ms.date: 06/18/2018 +ms.date: 02/20/2019 --- # BitLocker: How to enable Network Unlock @@ -39,6 +39,7 @@ Network Unlock must meet mandatory hardware and software requirements before the - You must be running at least Windows 8 or Windows Server 2012. - Any supported operating system with UEFI DHCP drivers can be Network Unlock clients. +- Network Unlock clients must have a TPM chip and at least one TPM protector. - A server running the Windows Deployment Services (WDS) role on any supported server operating system. - BitLocker Network Unlock optional feature installed on any supported server operating system. - A DHCP server, separate from the WDS server. @@ -83,7 +84,7 @@ The server side configuration to enable Network Unlock also requires provisionin The following steps allow an administrator to configure Network Unlock in a domain where the Domain Functional Level is at least Windows Server 2012. -### Install the WDS Server role +### Install the WDS Server role The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the **Windows Deployment Services** role in Server Manager. @@ -95,7 +96,7 @@ Install-WindowsFeature WDS-Deployment You must configure the WDS server so that it can communicate with DHCP (and optionally Active Directory Doman Services) and the client computer. You can do using the WDS management tool, wdsmgmt.msc, which starts the Windows Deployment Services Configuration Wizard. -### Confirm the WDS Service is running +### Confirm the WDS Service is running To confirm the WDS service is running, use the Services Management Console or Windows PowerShell. To confirm the service is running in Services Management Console, open the console using **services.msc** and check the status of the Windows Deployment Services service. @@ -104,7 +105,7 @@ To confirm the service is running using Windows PowerShell, use the following co ``` syntax Get-Service WDSServer ``` -### Install the Network Unlock feature +### Install the Network Unlock feature To install the Network Unlock feature, use Server Manager or Windows PowerShell. To install the feature using Server Manager, select the **BitLocker Network Unlock** feature in the Server Manager console. @@ -113,7 +114,7 @@ To install the feature using Windows PowerShell, use the following command: ``` syntax Install-WindowsFeature BitLocker-NetworkUnlock ``` -### Create the certificate template for Network Unlock +### Create the certificate template for Network Unlock A properly configured Active Directory Services Certification Authority can use this certificate template to create and issue Network Unlock certificates. @@ -143,7 +144,7 @@ To add the Network Unlock template to the Certification Authority, open the Cert After adding the Network Unlock template to the Certification Authority, this certificate can be used to configure BitLocker Network Unlock. -### Create the Network Unlock certificate +### Create the Network Unlock certificate Network Unlock can use imported certificates from an existing PKI infrastructure, or you can use a self-signed certificate. @@ -214,7 +215,7 @@ Certreq example: 5. Launch Certificates - Local Machine by running **certlm.msc**. 6. Create a .pfx file by opening the **Certificates – Local Computer\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file. -### Deploy the private key and certificate to the WDS server +### Deploy the private key and certificate to the WDS server With the certificate and key created, deploy them to the infrastructure to properly unlock systems. To deploy the certificates, do the following: @@ -230,7 +231,7 @@ With certificate and key deployed to the WDS server for Network Unlock, the fina The following steps describe how to enable the Group Policy setting that is a requirement for configuring Network Unlock. 1. Open Group Policy Management Console (gpmc.msc). -2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option. +2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** or **Allow startup PIN with TPM** option. 3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers. The following steps describe how to deploy the required Group Policy setting: @@ -247,15 +248,10 @@ The following steps describe how to deploy the required Group Policy setting: 3. Follow the wizard steps and import the .cer file that was copied earlier. >**Note:**  Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. + +5. Reboot the clients after deploying the group policy. +>**Note:** The **Network (Certificate Based)** protector will be added only after a reboot with the policy enabled and a valid certificate present in the FVE_NKP store.   -### Require TPM+PIN protectors at startup - -An additional step is for enterprises to use TPM+PIN protectors for an extra level of security. To require TPM+PIN protectors in an environment, do the following: - -1. Open Group Policy Management Console (gpmc.msc). -2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option. -3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers. - ### Subnet policy configuration files on WDS Server (Optional) By default, all clients with the correct Network Unlock Certificate and valid Network Unlock protectors that have wired access to a Network Unlock-enabled WDS server via DHCP are unlocked by the server. A subnet policy configuration file on the WDS server can be created to limit which subnet(s) Network Unlock clients can use to unlock. @@ -285,13 +281,13 @@ The subnet policy configuration file must use a “\[SUBNETS\]” section to ide To disallow the use of a certificate altogether, its subnet list may contain the line “DISABLED". -## Turning off Network Unlock +## Turning off Network Unlock To turn off the unlock server, the PXE provider can be unregistered from the WDS server or uninstalled altogether. However, to stop clients from creating Network Unlock protectors the **Allow Network Unlock at startup** Group Policy setting should be disabled. When this policy setting is updated to disabled on client computers any Network Unlock key protectors on the computer will be deleted. Alternatively, the BitLocker Network Unlock certificate policy can be deleted on the domain controller to accomplish the same task for an entire domain. ->**Note:**  Removing the FVENKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server. +>**Note:**  Removing the FVE_NKP certificate store that contains the Network Unlock certificate and key on the WDS server will also effectively disable the server’s ability to respond to unlock requests for that certificate. However, this is seen as an error condition and is not a supported or recommended method for turning off the Network Unlock server.   -## Update Network Unlock certificates +## Update Network Unlock certificates To update the certificates used by Network Unlock, administrators need to import or generate the new certificate for the server and then update the Network Unlock certificate Group Policy setting on the domain controller. @@ -302,12 +298,13 @@ Troubleshooting Network Unlock issues begins by verifying the environment. Many - Verify client hardware is UEFI-based and is on firmware version is 2.3.1 and that the UEFI firmware is in native mode without a Compatibility Support Module (CSM) for BIOS mode enabled. Do this by checking that the firmware does not have an option enabled such as "Legacy mode" or "Compatibility mode" or that the firmware does not appear to be in a BIOS-like mode. - All required roles and services are installed and started - Public and private certificates have been published and are in the proper certificate containers. The presence of the Network Unlock certificate can be verified in the Microsoft Management Console (MMC.exe) on the WDS server with the certificate snap-ins for the local computer enabled. The client certificate can be verified by checking the registry key **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** on the client computer. -- Group policy for Network Unlock is enabled and linked to the appropriate domains +- Group policy for Network Unlock is enabled and linked to the appropriate domains. - Verify group policy is reaching the clients properly. This can be done using the GPRESULT.exe or RSOP.msc utilities. +- Verify the clients were rebooted after applying the policy. - Verify the **Network (Certificate Based)** protector is listed on the client. This can be done using either manage-bde or Windows PowerShell cmdlets. For example the following command will list the key protectors currently configured on the C: drive of the lcoal computer: ``` syntax - Manage-bde –protectors –get C: + manage-bde –protectors –get C: ``` >**Note:**  Use the output of manage-bde along with the WDS debug log to determine if the proper certificate thumbprint is being used for Network Unlock   @@ -343,14 +340,14 @@ Network Unlock and the accompanying Group Policy settings were introduced in Win The following steps can be used to configure Network Unlock on these older systems. -1. [Step One: Install the WDS Server role](#bkmk-stepone) -2. [Step Two: Confirm the WDS Service is running](#bkmk-steptwo) -3. [Step Three: Install the Network Unlock feature](#bkmk-stepthree) -4. [Step Four: Create the Network Unlock certificate](#bkmk-stepfour) -5. [Step Five: Deploy the private key and certificate to the WDS server](#bkmk-stepfive) -6. [Step Six: Configure registry settings for Network Unlock](#bkmk-stepsix) +1. [Install the WDS Server role](#bkmk-installwdsrole) +2. [Confirm the WDS Service is running](#bkmk-confirmwdsrunning) +3. [Install the Network Unlock feature](#bkmk-installnufeature) +4. [Create the Network Unlock certificate](#bkmk-createcert) +5. [Deploy the private key and certificate to the WDS server](#bkmk-deploycert) +6. Configure registry settings for Network Unlock: - Apply the registry settings by running the following certutil script on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic. + Apply the registry settings by running the following certutil script (assuming your network unlock certificate file is called **BitLocker-NetworkUnlock.cer**) on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic. certutil -f -grouppolicy -addstore FVE_NKP BitLocker-NetworkUnlock.cer reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v OSManageNKP /t REG_DWORD /d 1 /f @@ -361,10 +358,8 @@ The following steps can be used to configure Network Unlock on these older syste reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKey /t REG_DWORD /d 2 /f reg add "HKLM\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 2 /f -7. [Create the Network Unlock certificate](#bkmk-stepfour) -8. [Deploy the private key and certificate to the WDS server](#bkmk-stepfive) -9. [Create the certificate template for Network Unlock](#bkmk-createcerttmpl) -10. [Require TPM+PIN protectors at startup](#bkmk-stepseven) +7. Set up a TPM protector on the clients +8. Reboot the clients to add the Network (Certificate Based) protector ## See also diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md index dcf559c46d..686e594e1e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/03/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 3a6301c3fc..38e4da5877 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 01/26/2019 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md index 78325f1ee2..fbdf7d7e41 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-network-unlock-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/03/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md index 0623101946..ca512b92d3 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.md @@ -7,8 +7,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft -ms.date: 05/03/2018 +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/21/2019 --- # BitLocker Overview and Requirements FAQ @@ -43,7 +47,7 @@ Two partitions are required to run BitLocker because pre-startup authentication ## Which Trusted Platform Modules (TPMs) does BitLocker support? -BitLocker supports TPM version 1.2 or higher. +BitLocker supports TPM version 1.2 or higher. BitLocker support for TPM 2.0 requires Unified Extensible Firmware Interface (UEFI) for the device. ## How can I tell if a TPM is on my computer? diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 8431b2341b..42574c9514 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 01/26/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md index 9e78e1465a..2c7235ba57 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual --- # BitLocker recovery guide diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index 8ef7812544..0b345c1349 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/12/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md index 66780914d3..eb1afcd6a5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-to-go-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 07/10/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md index 69e24624d0..1b10ce9876 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-upgrading-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/03/2018 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index d3ec59e360..d65bc1e6ed 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/25/2017 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index d835ee97f5..84411a03ec 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md index 1edcded5ee..fb49f2d779 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 07/10/2018 --- diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index efa0edfef4..658600d2ea 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/04/2018 --- diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index b7fb12a822..228b3241e9 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/19/2017 --- diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 68675bb3d6..6d4df86d67 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -62,7 +62,7 @@ For Encrypted Hard Drives used as **startup drives**:   ## Technical overview -Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering significantly improved performance. In versions of Windows earlier than Windows Server 2012, BitLocker required a two-step process to complete read/write requests. In Windows Server 2012, Windows 8, or later, Encrypted Hard Drives offload the cryptographic operations to the drive controller for much greater efficiency. When the operating system an Encrypted Hard Drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. This media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk. +Rapid encryption in BitLocker directly addresses the security needs of enterprises while offering significantly improved performance. In versions of Windows earlier than Windows Server 2012, BitLocker required a two-step process to complete read/write requests. In Windows Server 2012, Windows 8, or later, Encrypted Hard Drives offload the cryptographic operations to the drive controller for much greater efficiency. When the operating system identifies an Encrypted Hard Drive, it activates the security mode. This activation lets the drive controller generate a media key for every volume that the host computer creates. This media key, which is never exposed outside the disk, is used to rapidly encrypt or decrypt every byte of data that is sent or received from the disk. ## Configuring Encrypted Hard Drives as Startup drives diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md index 8d7bde1868..e17bd5c51b 100644 --- a/windows/security/information-protection/index.md +++ b/windows/security/information-protection/index.md @@ -5,7 +5,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/10/2018 --- diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 529d064913..2a25a68d5b 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -94,9 +94,11 @@ In-market systems, released with Windows 10 version 1709 or earlier, will not su No, Kernel DMA Protection only protects against drive-by DMA attacks after the OS is loaded. It is the responsibility of the system firmware/BIOS to protect against attacks via the Thunderbolt™ 3 ports during boot. ### How can I check if a certain driver supports DMA-remapping? -DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the following Property GUID (highlighted in red in the image below) in the Details tab of a device in Device Manager. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of 2 means that the device driver supports DMA-remapping. +DMA-remapping is supported for specific device drivers, and is not universally supported by all devices and drivers on a platform. To check if a specific driver is opted into DMA-remapping, check the values corresponding to the DMA Remapping Policy property in the Details tab of a device in Device Manager*. A value of 0 or 1 means that the device driver does not support DMA-remapping. A value of 2 means that the device driver supports DMA-remapping. Please check the driver instance for the device you are testing. Some drivers may have varying values depending on the location of the device (internal vs. external). +*For Windows 10 versions 1803 and 1809, the property field in Device Manager uses a GUID, as highlighted in the image below + ![Kernel DMA protection user experience](images/device-details-tab.png) ### What should I do if the drivers for my Thunderbolt™ 3 peripherals do not support DMA-remapping? diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index cb56f52198..37232dee00 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -7,7 +7,11 @@ ms.mktglfcycl: Explore ms.pagetype: security ms.sitesec: library ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/16/2018 --- diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md index ad48ae604e..2ad21a5ff0 100644 --- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index df37e941b5..5f8805bb4e 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 1cc72bd01d..6800a86d9a 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -8,7 +8,11 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/27/2017 --- diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index 37d77fa8e0..5296588ad5 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/11/2018 --- diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md index 201fa3eafd..ce4f195e2f 100644 --- a/windows/security/information-protection/tpm/manage-tpm-commands.md +++ b/windows/security/information-protection/tpm/manage-tpm-commands.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/30/2017 --- diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md index 6f31a72d96..57322cf856 100644 --- a/windows/security/information-protection/tpm/manage-tpm-lockout.md +++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/02/2017 --- # Manage TPM lockout diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index 164658f0a0..eacf850aab 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 09faeded0c..e826eb601c 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/16/2017 --- diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index 36ab2dd427..c7ef09ffc6 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -8,7 +8,11 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/29/2018 --- diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 3d34861247..3f858bbcb9 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -8,7 +8,11 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: andreabichsel -ms-author: v-anbic +ms-author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/29/2018 --- diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index 0b2740ff70..6b661fde27 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/02/2018 --- diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md index f66b65f12b..91a5e57e1f 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md @@ -7,7 +7,11 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: andreabichsel -ms.author: v-anbic +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/11/2018 --- diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index ed7d4a50ad..a30bed2776 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -6,9 +6,15 @@ ms.prod: w10 ms.mktglfcycl: explore ms.pagetype: security ms.sitesec: library -ms.author: justinha -ms.date: 05/30/2018 +ms.pagetype: security ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 7c0b4e23ef..137f60c277 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -5,9 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # How to collect Windows Information Protection (WIP) audit event logs diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 0743b419b6..752c36ecf3 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/31/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 06c6f03b54..b96fe95c7b 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index faaddea437..cd3a0e3848 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index addb2e2df0..042a8923f9 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -5,10 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.localizationpriority: medium -ms.date: 09/19/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/28/2019 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune @@ -412,7 +416,7 @@ There are no default locations included with WIP, you must add each of your netw Cloud Resources With proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
    contoso.visualstudio.com,contoso.internalproxy2.com

    Without proxy: contoso.sharepoint.com|contoso.visualstudio.com - Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. + Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. Protected domains diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 6593dc47a3..48de57d325 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 08/08/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/27/2019 --- # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune @@ -357,7 +362,7 @@ There are no default locations included with WIP, you must add each of your netw Enterprise Cloud Resources With proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
    contoso.visualstudio.com,contoso.internalproxy2.com

    Without proxy: contoso.sharepoint.com|contoso.visualstudio.com - Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. + Specify the cloud resources to be treated as corporate and protected by WIP.

    For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.

    If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

    Personal applications will be able to access Enterprise Cloud Resources if the resource in the Enterprise Cloud Resource Policy has a blank space or an invalid character, such as a trailing dot in the URL.

    Important
    In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

    When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. Enterprise Network Domain Names (Required) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index 1462462e93..1e940e8137 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -5,10 +5,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 08/08/2018 -localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md index e766991a5a..2783e1edb2 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-sccm.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 08/08/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 3ff66496cf..f76e952f71 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/15/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md index 6d41dd0d2a..6f1c74f23f 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 08/08/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 52503527a1..3de2479c2a 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/11/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index f02c43a630..437815bd4a 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # General guidance and best practices for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md index b1005f382d..3b2125c461 100644 --- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md +++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md @@ -6,12 +6,17 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 11/28/2018 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- -# How Windows Information Protection protects files with a sensitivity label +# How Windows Information Protection (WIP) protects a file that has a sensitivity label **Applies to:** @@ -29,10 +34,12 @@ Microsoft information protection technologies include: - [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects local data at rest on endpoint devices, and manages apps to protect local data in use. Data that leaves the endpoint device, such as email attachment, is not protected by WIP. -- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365 and other first-party or third-party Software-as-a-Service (SaaS) apps. +- [Office 365 Information Protection](https://docs.microsoft.com/office365/securitycompliance/office-365-info-protection-for-gdpr-overview) is a solution to classify, protect, and monitor personal data in Office 365. - [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. Azure Information Protection is applied directly to content, and roams with the content as it's moved between locations and cloud services. +- [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) is a cloud access security broker (CASB) solution that allows you to discover, classify, protect, and monitor user data in first-party and third-party Software-as-a-Service (SaaS) apps used by your organization. + End users can choose and apply sensitivity labels from a bar that appears below the ribbon in Office apps: ![Sensitivity labels](images/sensitivity-labels.png) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 2c82639fdb..a795c151fc 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -8,7 +8,11 @@ ms.sitesec: library ms.pagetype: security author: justinha ms.author: justinha -ms.date: 12/18/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 03/04/2019 ms.localizationpriority: medium --- @@ -104,10 +108,17 @@ This table provides info about the most common problems you might encounter whil

  • SavedGames
    • - WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using System Center Configuration Manager. + WIP isn’t turned on for employees in your organization. Error code 0x807c0008 will result if WIP is deployed by using System Center Configuration Manager. Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

    If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). + + Only enlightened apps can be managed without device enrollment + + If a user enrolls a device for Mobile Application Management (MAM) without device enrollment, only enlightened apps will be managed. This is by design to prevent personal files from being unintenionally encrypted by unenlighted apps. Unenlighted apps that need to access work using MAM need to be re-compiled as LOB apps or managed by using MDM with device enrollment. + If all apps need to be managed, enroll the device for MDM. + + >[!NOTE] diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 4005e8742f..ecb1b8af14 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md index 6baff2c026..b577d9e9e5 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-sccm.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/13/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using System Center Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index e160720d9f..eca0d84acb 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 10/13/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Create a Windows Information Protection (WIP) policy using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 49ed1d9865..5768cd40ed 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/11/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index ea566d653b..4af9ce947b 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/11/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index fda5027ad2..b00cdeb40f 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -7,9 +7,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: justinha ms.localizationpriority: medium -ms.date: 09/11/2017 +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Testing scenarios for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 49ceafd5b2..4f4a47aff3 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 02/07/2019 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index b971c3a054..13b9c07410 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -6,9 +6,14 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -ms.author: justinha -ms.date: 05/30/2018 ms.localizationpriority: medium +author: justinha +ms.author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 8bb9b2c5d5..6574cf15e2 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -8,10 +8,14 @@ ms.prod: w10 ms.mktglfcycl: ms.sitesec: library ms.pagetype: security +ms.localizationpriority: medium author: justinha ms.author: justinha -ms.localizationpriority: medium -ms.date: 10/15/2018 +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/26/2019 --- # Fine-tune Windows Information Protection (WIP) with WIP Learning diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 7bd8b0766d..f90703feef 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -7,7 +7,7 @@ ##### [Hardware-based isolation](windows-defender-atp/overview-hardware-based-isolation.md) ###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md) ####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) -###### [System integrity](windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) +###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) ##### [Application control](windows-defender-application-control/windows-defender-application-control.md) ##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md) ##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md) @@ -96,6 +96,10 @@ +#### [Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md) + + + #### [Portal overview](windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md) @@ -304,66 +308,6 @@ ######## [PowerShell](windows-defender-atp/exposed-apis-full-sample-powershell.md) ####### [Using OData Queries](windows-defender-atp/exposed-apis-odata-samples.md) -##### [Use the Windows Defender ATP exposed APIs (deprecated)](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -###### [Supported Windows Defender ATP APIs (deprecated)](windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md) -#######Actor (deprecated) -######## [Get actor information (deprecated)](windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md) -######## [Get actor related alerts (deprecated)](windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -#######Alerts (deprecated) -######## [Get alerts (deprecated)](windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md) -######## [Get alert information by ID (deprecated)](windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -######## [Get alert related actor information (deprecated)](windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related domain information (deprecated)](windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related file information (deprecated)](windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related IP information (deprecated)](windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -######## [Get alert related machine information (deprecated)](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -#######Domain (deprecated) -######## [Get domain related alerts (deprecated)](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get domain related machines (deprecated)](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get domain statistics (deprecated)](windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md) -######## [Is domain seen in organization (deprecated)](windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -#######File(deprecated) -######## [Block file (deprecated)](windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md) -######## [Get file information (deprecated)](windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md) -######## [Get file related alerts (deprecated)](windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get file related machines (deprecated)](windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get file statistics (deprecated)](windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md) -######## [Get FileActions collection (deprecated)](windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md) -######## [Unblock file (deprecated)](windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md) - -#######IP (deprecated) -######## [Get IP related alerts (deprecated)](windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get IP related machines (deprecated)](windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md) -######## [Get IP statistics (deprecated)](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md) -######## [Is IP seen in organization (deprecated)](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md) -#######Machines (deprecated) -######## [Collect investigation package (deprecated)](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md) -######## [Find machine information by IP (deprecated)](windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -######## [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -######## [Get FileMachineAction object (deprecated)](windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -######## [Get FileMachineActions collection (deprecated)](windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -######## [Get machine by ID (deprecated)](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md) -######## [Get machine log on users (deprecated)](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -######## [Get machine related alerts (deprecated)](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get MachineAction object (deprecated)](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md) -######## [Get MachineActions collection (deprecated)](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md) -######## [Get machines (deprecated)](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md) -######## [Get package SAS URI (deprecated)](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md) -######## [Isolate machine (deprecated)](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md) -######## [Release machine from isolation (deprecated)](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md) -######## [Remove app restriction (deprecated)](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -######## [Request sample (deprecated)](windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md) -######## [Restrict app execution (deprecated)](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md) -######## [Run antivirus scan (deprecated)](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md) -######## [Stop and quarantine file (deprecated)](windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md) - -#######User (deprecated) -######## [Get alert related user information (deprecated)](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -######## [Get user information (deprecated)](windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md) -######## [Get user related alerts (deprecated)](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md) -######## [Get user related machines (deprecated)](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md) - #####Windows updates (KB) info ###### [Get KbInfo collection](windows-defender-atp/get-kbinfo-collection-windows-defender-advanced-threat-protection.md) @@ -371,22 +315,14 @@ ###### [Get CVE-KB map](windows-defender-atp/get-cvekbmap-collection-windows-defender-advanced-threat-protection.md) - - - - - - - ##### API for custom alerts ###### [Enable the custom threat intelligence application](windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) -####### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) -####### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) -####### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) -####### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) -####### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) -####### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Use the threat intelligence API to create custom alerts](windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Create custom threat intelligence alerts](windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md) +###### [PowerShell code examples](windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md) +###### [Python code examples](windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md) +###### [Experiment with custom threat intelligence alerts](windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md) +###### [Troubleshoot custom threat intelligence issues](windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Pull alerts to your SIEM tools](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) @@ -400,6 +336,7 @@ ##### Reporting ###### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) +###### [Threat protection reports](windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md) ##### Role-based access control ###### [Manage portal access using RBAC](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) @@ -411,6 +348,10 @@ ##### [Configure managed security service provider (MSSP) support](windows-defender-atp/configure-mssp-support-windows-defender-advanced-threat-protection.md) +#### [Configure and manage Microsoft Threat Experts capabilities](windows-defender-atp/configure-microsoft-threat-experts.md) + + + #### Configure Microsoft threat protection integration ##### [Configure conditional access](windows-defender-atp/configure-conditional-access-windows-defender-advanced-threat-protection.md) ##### [Configure Microsoft Cloud App Security integration](windows-defender-atp/microsoft-cloud-app-security-config.md) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index f9a028c36e..842cb0b7bb 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md index 80aac0ab42..6935b85eb1 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 95b7643f60..4d960b6b9a 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 8b1f8421eb..6622f7fc55 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 07/25/2018 --- diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 7ce77ac37a..66dbdee966 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -8,7 +8,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: Mir0sh -ms.date: 04/19/2017 +ms.date: 02/28/2019 --- # Audit Security Group Management @@ -32,9 +32,9 @@ This subcategory allows you to audit events generated by changes to security gro | Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments | |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Domain Controller | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
    We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.| -| Member Server | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
    We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.| -| Workstation | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
    We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.| +| Domain Controller | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
    This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.| +| Member Server | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
    This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.| +| Workstation | Yes | No | Yes | No | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.
    This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory.| **Events List:** diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 8b87a565cb..7f78b5f46d 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index 5ae03bbe81..ac22b4c4fe 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index aea8e2c6a8..0de79e98e7 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 5ac16f81ca..2bcf48cc8b 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 564f09756f..ec41b532a0 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index d6fa0d9840..129ea370a0 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index 12b823cf4e..7980a4d633 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index ada9f8ba66..6c5869c87d 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 1c30f0f216..efc11bd08e 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 87389a5d60..9a3ba69bf5 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 814491f237..2a98ef92e3 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 71a8cdfc2c..b3ca1eb32d 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: none -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index cfb61706ce..ea200b936f 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -80,12 +80,14 @@ You will typically see many Failure events with **Failure Code** “**0x20**”, **Account Information:** -- **Account Name** \[Type = UnicodeString\]**:** the User Principal Name (UPN) of the account that requested the ticket. Computer account name ends with **$** character in UPN. This field typically has the following value format: user\_account\_name@FULL\_DOMAIN\_NAME. +- **Account Name** \[Type = UnicodeString\]**:** the user name of the account that requested the ticket in the User Principal Name (UPN) syntax. Computer account name ends with **$** character in the user name part. This field typically has the following value format: user\_account\_name@FULL\_DOMAIN\_NAME. - User account example: dadmin@CONTOSO.LOCAL - Computer account example: WIN81$@CONTOSO.LOCAL + > **Note** Although this field is in the UPN format, this is not the attribute value of "UserPrincipalName" of the user account. It is the "normalized" name or implicit UPN. It is built from the user SamAccountName and the Active Directory domain name. + This parameter in this event is optional and can be empty in some cases. - **Account Domain** \[Type = UnicodeString\]**:** the name of the Kerberos Realm that **Account Name** belongs to. This can appear in a variety of formats, including the following: @@ -169,7 +171,7 @@ The most common values: | 12 | Transited-policy-checked | KILE MUST NOT check for transited domains on servers or a KDC. Application servers MUST ignore the TRANSITED-POLICY-CHECKED flag. | | 13 | Ok-as-delegate | The KDC MUST set the OK-AS-DELEGATE flag if the service account is trusted for delegation. | | 14 | Request-anonymous | KILE not use this flag. | -| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the "canonicalize" KDC option for the AS-REQ or TGS-REQ. | +| 15 | Name-canonicalize | In order to request referrals the Kerberos client MUST explicitly request the “canonicalize” KDC option for the AS-REQ or TGS-REQ. | | 16-25 | Unused | - | | 26 | Disable-transited-check | By default the KDC will check the transited field of a TGT against the policy of the local realm before it will issue derivative tickets based on the TGT. If this flag is set in the request, checking of the transited field is disabled. Tickets issued without the performance of this check will be noted by the reset (0) value of the TRANSITED-POLICY-CHECKED flag, indicating to the application server that the transited field must be checked locally. KDCs are encouraged but not required to honor
    the DISABLE-TRANSITED-CHECK option.
    Should not be in use, because Transited-policy-checked flag is not supported by KILE. | | 27 | Renewable-ok | The RENEWABLE-OK option indicates that a renewable ticket will be acceptable if a ticket with the requested life cannot otherwise be provided, in which case a renewable ticket may be issued with a renew-till equal to the requested end time. The value of the renew-till field may still be limited by local limits, or limits selected by the individual principal or server. | diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md index 7964ac323a..f056c5bcbf 100644 --- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md index 439c9c1b3f..8ac19f8a63 100644 --- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md index 7aeb903d71..05c48b5b7f 100644 --- a/windows/security/threat-protection/auditing/monitor-claim-types.md +++ b/windows/security/threat-protection/auditing/monitor-claim-types.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md index c99548b8fd..caebb3f391 100644 --- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index a6c28921e2..a2936e96f6 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 51df126e27..d53ec727de 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md index 94d8efbfe0..d7f19b5369 100644 --- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index 27794f5009..bf24f2af21 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md index 3f49698848..e47b57c140 100644 --- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md +++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md index 8dee2ff70e..6413ce76ea 100644 --- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index ae9bb6e67a..358f59cf57 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index 8c5ba869ef..43965518d5 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md index f71f318cd8..2440624637 100644 --- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md +++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md index 5669c302b9..7ba1c6a70e 100644 --- a/windows/security/threat-protection/auditing/view-the-security-event-log.md +++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md index 8b97c1b72b..20f786b03b 100644 --- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md +++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md index c318406475..6261639989 100644 --- a/windows/security/threat-protection/change-history-for-threat-protection.md +++ b/windows/security/threat-protection/change-history-for-threat-protection.md @@ -5,7 +5,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/11/2018 ms.localizationpriority: medium --- diff --git a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md index d61268d81f..e2554705b5 100644 --- a/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md +++ b/windows/security/threat-protection/device-control/control-usb-devices-using-intune.md @@ -8,14 +8,14 @@ ms.pagetype: security ms.localizationpriority: medium ms.author: justinha author: justinha -ms.date: 02/06/2019 +ms.date: 02/22/2019 --- # How to control USB devices and other removable media using Windows Defender ATP **Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) -Windows Defender ATP provides multiple monitoring and control features for USB peripherals to help prevent threats in unauthorized peripherals from compromising your devices: +Microsoft recommends [a layered approach to securing removable media](https://aka.ms/devicecontrolblog), and Windows Defender ATP provides multiple monitoring and control features to help prevent threats in unauthorized peripherals from compromising your devices: 1. [Prevent threats from removable storage](#prevent-threats-from-removable-storage) introduced by removable storage devices by enabling: - [Windows Defender Antivirus real-time protection (RTP)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus) to scan removable storage for malware. @@ -29,10 +29,9 @@ Windows Defender ATP provides multiple monitoring and control features for USB p - Granular configuration to deny write access to removable disks and approve or deny devices by USB vendor code, product code, device IDs, or a combination. - Flexible policy assignment of device installation settings based on an individual or group of Azure Active Directory (Azure AD) users and devices. ->[!NOTE] ->These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. -For more information about controlling USB devices, see the [Microsoft Secure blog "WDATP has protections for USB and removable devices"](https://aka.ms/devicecontrolblog). +These threat reduction measures help prevent malware from coming into your environment. To protect enterprise data from leaving your environment, you can also configure data loss prevention measures. For example, on Windows 10 devices you can configure [BitLocker](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) and [Windows Information Protection](https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure), which will encrypt company data even if it is stored on a personal device, or use the [Storage/RemovableDiskDenyWriteAccess CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-storage#storage-removablediskdenywriteaccess) to deny write access to removable disks. Additionally, you can [classify and protect files on Windows devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview) (including their mounted USB devices) by using Windows Defender ATP and Azure Information Protection. + ## Prevent threats from removable storage @@ -167,11 +166,11 @@ Allowing installation of specific devices requires also enabling [DeviceInstalla ### Prevent installation of specifically prohibited peripherals -Windows Defender ATP also blocks installation and usage of prohibited peripherals either by using **Administrative Templates** or [Device Installation CSP settings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) with a custom profile in Intune. +Windows Defender ATP blocks installation and usage of prohibited peripherals by using either of these options: -For more information about using **Administrative Templates**, see [Windows 10 templates to configure Group Policy settings in Microsoft Intune](https://docs.microsoft.com/intune/administrative-templates-windows). +- [Administrative Templates](https://docs.microsoft.com/intune/administrative-templates-windows) can block any device with a matching hardware ID or setup class. +- [Device Installation CSP settings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation) with a custom profile in Intune. You can [prevent installation of specific device IDs](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids) or [prevent specific device classes](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). -For a SyncML example that prevents installation of specific device IDs, see [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdeviceids). To prevent specific device classes, see [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventinstallationofmatchingdevicesetupclasses). ## Related topics diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index e877d200de..c9c5b0b0c2 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -2,9 +2,13 @@ title: FIPS 140 Validation description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. ms.prod: w10 -ms.localizationpriority: medium -ms.author: daniha +audience: ITPro author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 04/03/2018 --- diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 497d8b23b9..bdbc4a1115 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: sagaudre -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/25/2018 --- diff --git a/windows/security/threat-protection/images/AH_icon.png b/windows/security/threat-protection/images/AH_icon.png index ff9c97c86e..3fae6eba9a 100644 Binary files a/windows/security/threat-protection/images/AH_icon.png and b/windows/security/threat-protection/images/AH_icon.png differ diff --git a/windows/security/threat-protection/images/AR_icon.png b/windows/security/threat-protection/images/AR_icon.png index 887498f7bc..fa8836ea1f 100644 Binary files a/windows/security/threat-protection/images/AR_icon.png and b/windows/security/threat-protection/images/AR_icon.png differ diff --git a/windows/security/threat-protection/images/ASR_icon.png b/windows/security/threat-protection/images/ASR_icon.png index 28b5b3156f..dd521d492a 100644 Binary files a/windows/security/threat-protection/images/ASR_icon.png and b/windows/security/threat-protection/images/ASR_icon.png differ diff --git a/windows/security/threat-protection/images/EDR_icon.png b/windows/security/threat-protection/images/EDR_icon.png index 7e6df62bdf..f2622cbc2b 100644 Binary files a/windows/security/threat-protection/images/EDR_icon.png and b/windows/security/threat-protection/images/EDR_icon.png differ diff --git a/windows/security/threat-protection/images/MTE_icon.png b/windows/security/threat-protection/images/MTE_icon.png new file mode 100644 index 0000000000..d5b9b48086 Binary files /dev/null and b/windows/security/threat-protection/images/MTE_icon.png differ diff --git a/windows/security/threat-protection/images/NGP_icon.png b/windows/security/threat-protection/images/NGP_icon.png index df1b70e041..6066f305a2 100644 Binary files a/windows/security/threat-protection/images/NGP_icon.png and b/windows/security/threat-protection/images/NGP_icon.png differ diff --git a/windows/security/threat-protection/images/SS_icon.png b/windows/security/threat-protection/images/SS_icon.png index 95908405ce..e69ea2a796 100644 Binary files a/windows/security/threat-protection/images/SS_icon.png and b/windows/security/threat-protection/images/SS_icon.png differ diff --git a/windows/security/threat-protection/images/TVM_icon.png b/windows/security/threat-protection/images/TVM_icon.png new file mode 100644 index 0000000000..41faa16718 Binary files /dev/null and b/windows/security/threat-protection/images/TVM_icon.png differ diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 028116204e..c3218e2541 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -1,7 +1,7 @@ --- title: Threat Protection (Windows 10) description: Learn how Windows Defender ATP helps protect against threats. -keywords: threat protection, windows defender advanced threat protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, secure score, advanced hunting +keywords: threat protection, windows defender advanced threat protection, attack surface reduction, next generation protection, endpoint detection and response, automated investigation and response, microsoft threat experts, secure score, advanced hunting search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -9,7 +9,6 @@ ms.sitesec: library ms.pagetype: security author: dansimp ms.localizationpriority: medium -ms.date: 10/04/2018 --- # Threat Protection @@ -19,11 +18,11 @@ ms.date: 10/04/2018 - - + + - + - +

    Attack surface reduction

    Next generation protection

    Endpoint detection and response

    Next generation protection

    Endpoint detection and response

    Automated investigation and remediation

    Secure score

    Advanced hunting

    Microsoft Threat Experts
    @@ -72,6 +71,9 @@ Endpoint detection and response capabilities are put in place to detect, investi - [Forensic collection](windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines) - [Threat intelligence](windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md) - [Advanced detonation and analysis service](windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis) +- [Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md) + - [Custom detection](windows-defender-atp/overview-custom-detections.md) + - [Realtime and historical hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md) @@ -92,13 +94,14 @@ Windows Defender ATP includes a secure score to help you dynamically assess the - [Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md) - [Threat analytics](windows-defender-atp/threat-analytics-dashboard-windows-defender-advanced-threat-protection.md) - + -**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**
    -Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. +**[Microsoft Threat Experts](windows-defender-atp/microsoft-threat-experts.md)**
    +Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately. -- [Custom detection](windows-defender-atp/overview-custom-detections.md) -- [Realtime and historical hunting](windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md) +- [Targeted attack notification](windows-defender-atp/microsoft-threat-experts.md) +- [Experts-on-demand](windows-defender-atp/microsoft-threat-experts.md) +- [Configure your Microsoft Threat Protection managed hunting service](windows-defender-atp/configure-microsoft-threat-experts.md) @@ -106,7 +109,7 @@ Create custom threat intelligence and use a powerful search and query tool to hu Integrate Windows Defender Advanced Threat Protection into your existing workflows. - [Onboarding](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md) - [API and SIEM integration](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md) -- [Exposed APIs](windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md) +- [Exposed APIs](windows-defender-atp/use-apis.md) - [Role-based access control (RBAC)](windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md) - [Reporting and trends](windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/intelligence/safety-scanner-download.md b/windows/security/threat-protection/intelligence/safety-scanner-download.md index b122b4f14c..4ae4b880f3 100644 --- a/windows/security/threat-protection/intelligence/safety-scanner-download.md +++ b/windows/security/threat-protection/intelligence/safety-scanner-download.md @@ -28,12 +28,14 @@ Safety Scanner only scans when manually triggered and is available for use 10 da > **NOTE:** Safety scanner is a portable executable and does not appear in the Windows Start menu or as an icon on the desktop. Note where you saved this download. ## System requirements + Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Please refer to the [Microsoft Lifecycle Policy](https://support.microsoft.com/lifecycle). ## How to run a scan + 1. Download this tool and open it. 2. Select the type of scan you want run and start the scan. -3. Review the scan results displayed on screen. The tool lists all identified malware. +3. Review the scan results displayed on screen. For detailed detection results, view the log at **%SYSTEMROOT%\debug\msert.log**. To remove this tool, delete the executable file (msert.exe by default). diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 5afa6d82b1..fe229e350d 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: sagaudre -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/26/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index c8c5edd48a..cd1c0bac72 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md index 00f750f49c..86f071831a 100644 --- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index c86030f41b..3d60b94195 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md index 1478eafa69..c4a3b395cd 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/11/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 40febeceab..f0f80eb379 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/02/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md index 6108d6b607..f31fff3aac 100644 --- a/windows/security/threat-protection/security-policy-settings/account-policies.md +++ b/windows/security/threat-protection/security-policy-settings/account-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md index 69c08ad276..995825ed46 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/01/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md index 8a72fe5f92..03df52c356 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/10/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md index 7f99611e70..a310706d67 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md index be82562767..ae6a3113bf 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md index ddb53a6141..aa48dfc049 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md index a40ed288a9..8c18930e7e 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md index 13a891b6a7..386bcc365e 100644 --- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md +++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md index 723fd057b5..3c82864572 100644 --- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md +++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md index b84c11a4b2..fc4ae2cbbd 100644 --- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md +++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md index ef91abb02b..c4cebac730 100644 --- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md index 6b377b9dfa..2bbf8a7ffb 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md index f2aff6558e..50dd09fe05 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md index 63c0113000..51fdd036ee 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md index 32b6e39da1..0b3a95e875 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md +++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md index 321a577f5e..b16c89073c 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md +++ b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md index e0330e6edf..0e01e604f9 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-policy.md +++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md index d5b8c58676..dbc3a2bb29 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md index 5c444a35f5..c5bc517902 100644 --- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md index 142040f18f..c2bee9f43a 100644 --- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md +++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md index 4536e9d634..f571b43214 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md index c9d0ba95b7..32a2c28240 100644 --- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md +++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md index f1bfda3737..ef9dbd6b30 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md index f19009955d..22cdb449f1 100644 --- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md +++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md index f89ff1f37f..d6d7af1bda 100644 --- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md index 4cff161fe5..911cc1d64e 100644 --- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index 73ae7b6fc0..cdf9d19225 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index f8daf37229..a51e8d02d5 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index e88c9397bb..7b0a29c928 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md index 5bd7b3951b..b0904015a9 100644 --- a/windows/security/threat-protection/security-policy-settings/debug-programs.md +++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md index 659f95a2b8..d2b1a1c8aa 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md index 8d227032ee..001bea56e7 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md index 156963e0e5..e73986c146 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md index 8db35c7d85..4c6d1b40b2 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md index 092ab076ff..dc88264bc9 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md index 88275821af..9a447f2f54 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md index 4994799f27..cf13902765 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md +++ b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md index e41c0c5067..0fb2492610 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md index b15160364d..ca5a130d39 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md +++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md index 2a3bb79a6f..fc36372e94 100644 --- a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md +++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md index 66bdcc3368..9fe3ae0c2a 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md index f138f45684..550f00e172 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md index f6e9ee94a1..a01776886d 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md index 4f45c4dc2d..50d4dfd8d0 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md index 70d087e8d7..a57a307767 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md index 4ca8bd53b8..8de74ad471 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md index e54ec081e3..d2a0399346 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 78d2942171..77ae6bd49d 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/31/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md index a07c07bfbc..f17f211aa0 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index 8f0fbcb870..2ae2ec604e 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md index 085a3a3c54..96757ef0d8 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md index 5b79cc17d6..6ee04d6194 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md index 07d249dcd0..a9efdd4e25 100644 --- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md +++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md index b74521a317..fca71ed15b 100644 --- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md index 7653e023d7..7b200b914e 100644 --- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md @@ -8,7 +8,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- # Configure security policy settings diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md index e07c18c86d..c17e842ab7 100644 --- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md index 7ce527ad66..4d818afd08 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md +++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md index 83b3cbd192..7cd6b91162 100644 --- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md +++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 07/13/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md index 897e2f2549..4a01026f88 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md index e3afc8ee01..43ec5dfd6b 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md @@ -6,7 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md index e39fec421b..902d890229 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- # Interactive logon: Do not require CTRL+ALT+DEL diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md index dd30bc56ba..efa5515b00 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md index babebadd11..42ea616840 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md index fa9637e81f..14740a3224 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/18/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md index fb7ddb1250..8dafc863b6 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md index e98f13cc83..d166f3b2f4 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md index 403f7249a8..181503ce0e 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/27/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md index da69589771..ca42d4cb23 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md index b7dd20ed15..b929da7132 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md index 42081cd402..5dc5977d44 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md index 636bd2ec6f..8f86ac3be9 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md index ac070c7702..059286de93 100644 --- a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md +++ b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md index 75fb5939bd..0eee265187 100644 --- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md +++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md index 4e94af24de..21e6e17ff8 100644 --- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md +++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md index 1636ce5414..98d5d3ada0 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md index 57568063b4..b77a87acd8 100644 --- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md +++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md index b49be1c41c..80ce5dbaf1 100644 --- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md +++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md index 84ae8e5274..49593e2448 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md index f1397bc889..9a9f60a91e 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md index 412af6ec04..7996b7f057 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index 0cd52584a2..108f77300e 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md index cf13ab2714..737e1dcf31 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index 7427a0898e..93975f58d7 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md index 72ceae633e..c2973e510b 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md index ac82806b49..eddf44a9f6 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md index cd24f66c87..8fee2b49b6 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/21/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md index f966580dff..1aeba0b58d 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md index e5b6a658ce..4e1e178681 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 9a65820d67..24c588bb20 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md index da8d2ab5cf..333b50ebea 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md +++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md index f4abcd62e5..c0218670c7 100644 --- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md +++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md index f18bfcb85a..47871bfe64 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md index ed0c582609..bc5a7f8a53 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md index dba5ef3e9d..7198962e7d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md index 6ca86aeb84..e28b603e1e 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md index d767ea7088..a34782b5b5 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index d99e3aded9..687704f45a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md index eafe932536..da148dfff6 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md index 0207f7e66b..83772af89c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md index fce80319bb..eb56502a43 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md index aa5c1ab5dd..5d10afc106 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md index a6a303f5bf..3679a5ee7a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md index e5215a392c..7e9dcec21a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md +++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md index 27d191495c..590ae28aa9 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md index 21de9aeec4..d4ef57f497 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md index be635dcfef..3b3c62092a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md index 3874bf7655..1fd68c4416 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md index 42f411a872..5bd5cfb2b1 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md index 3b064f6908..e4240f62c8 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md index 1b73389dbb..195c5fb787 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md index 428b113fe1..26035ed5e3 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md index 94cd2f2a3b..68568fd416 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 07/27/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md index 2b4aa59ac0..4671d87e7a 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md index b3724d05f6..63a5d4ea86 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md index e3a706d5e9..fd9f4c3bc2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md index 9007808fc8..af8d5872c5 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index 588e68efbb..a32acc3f68 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md index 1fdac0f27c..3170d4c5b3 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 6751800e93..bd1fa82e5d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index c5a14b24b3..0bf8bbf8f7 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index bfdf5f299a..a083c308a5 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/08/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md index 49e90f010b..1a6c6aa40c 100644 --- a/windows/security/threat-protection/security-policy-settings/password-policy.md +++ b/windows/security/threat-protection/security-policy-settings/password-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md index 2eee65e68b..3fc6624999 100644 --- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md +++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md index 90776ad589..c9a40b1d3d 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md +++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index 9b538889f1..a7425d8dc2 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md index ad5a2f6f14..a23f71b36f 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md index a513560166..48d79a1a00 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md index 43278adbbf..ad02d882fd 100644 --- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md +++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md index afebd10193..8cb6622bda 100644 --- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md +++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index 2d007bb365..1a05c103ef 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/02/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md index 3b09600257..efc8bf3548 100644 --- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index ef50b18745..93421b1ded 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md index 051808cb85..473273bb0e 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index 6711b70593..e91d7f083b 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md index ef46b8301e..b1c54ad5fe 100644 --- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md +++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index b74494656b..b22ed33980 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index 12b6755312..2fead96341 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/01/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index 78a93d1dc7..6576490671 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 01/04/2019 --- diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index 74f1f7f04d..83b0cfd447 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 01/04/2019 --- # SMBv1 Microsoft network client: Digitally sign communications (if server agrees) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md index 9661827e2a..0547bc976c 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 01/04/2019 --- diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md index 7443f0f9de..516a244ec3 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 01/04/2019 --- diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md index d7c75a3d4f..e62f0051cb 100644 --- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md +++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md index 16c68a6929..a9970571eb 100644 --- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md +++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md index 0398bbbc89..0bc082cc25 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index ae91d8d14b..95a4438497 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/16/2018 --- diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 7e0ca59069..b14941a7d9 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md index c5de4856e1..57d94a5462 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md index c81039c024..3ee47c7421 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md index 63c46fc928..86d8763a80 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md index ffa2941137..9d2d8d239f 100644 --- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md +++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md index 05f928f9a6..0c5959a1d1 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/08/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md index 64449e0bec..0ed0d17d2b 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md index ac6a9b786d..2e70f620db 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/08/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md index b8620f41a5..16f331a605 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md index de3df48df1..f99bd12f18 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md index 54ad96d58f..3a3cee321a 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index 80a4e5f969..eec9833f99 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md index 0e931e969d..db74e8e286 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md index 40cce0498e..1480e9dae0 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md index d6ba8a9479..0c9ff24464 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md index 931d388344..a8748ce942 100644 --- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md +++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 61a5bb0ce0..ea2b3fa6af 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: tedhardyMSFT -ms.date: 02/16/2018 +ms.date: 02/28/2019 ms.localizationpriority: medium --- @@ -338,7 +338,7 @@ If your organizational audit policy enables additional auditing to meet its need | Category | Subcategory | Audit settings | |--------------------|---------------------------------|---------------------| | Account Logon | Credential Validation | Success and Failure | -| Account Management | Security Group Management | Success and Failure | +| Account Management | Security Group Management | Success | | Account Management | User Account Management | Success and Failure | | Account Management | Computer Account Management | Success and Failure | | Account Management | Other Account Management Events | Success and Failure | diff --git a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md index d4182f5a74..06b879559b 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md @@ -24,6 +24,10 @@ In addition to standard on-premises or hardware configurations, you can also use Boot storms can be a problem in large-scale VDIs; this guide will help reduce the overall network bandwidth and performance impact on your hardware. +>[!NOTE] +>We've recently introduced a new feature that helps reduce the network and CPU overhead ov VMs when obtaining security intelligence updates. If you'd like to test this feature before it's released generally, [download the PDF guide for VDI performance improvement testing](https://demo.wd.microsoft.com/Content/wdav-testing-vdi-ssu.pdf). + + We recommend setting the following when deploying Windows Defender Antivirus in a VDI environment: Location | Setting | Suggested configuration diff --git a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md index 924c523815..9a2b331fae 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md @@ -62,9 +62,14 @@ For more information about Intune device profiles, including how to create and c 5. Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**. 1. Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection: - 1. Setting to **Default Windows Defender Antivirus blocking level** will provide strong detection without increasing the risk of detecting legitimate files. - 2. Setting to **High blocking level** will apply a strong level of detection. While unlikely, some legitimate files may be detected (although you will have the option to unblock or dispute that detection). - + 1. Setting to **Default Windows Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files. + 2. Setting to **High blocking level** applies a strong level of detection. + 3. **High + blocking level** applies additional protection measures. + 4. **Zero tolerance blocking level** blocks all unknown executables. + + > [!WARNING] + > While unlikely, setting this switch to **High** might cause some legitimate files to be detected (although you will have the option to unblock or dispute that detection). The **High +** setting might impact client performance. We recommend you set this to the default level (**Not configured**). + 1. Click **OK**. diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md index 9aad83e9c5..7bf12c4b20 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/TOC.md @@ -2,7 +2,6 @@ # [AppLocker](applocker-overview.md) ## [Administer AppLocker](administer-applocker.md) -### [Administer AppLocker using MDM](administer-applocker-using-mdm.md) ### [Maintain AppLocker policies](maintain-applocker-policies.md) ### [Edit an AppLocker policy](edit-an-applocker-policy.md) ### [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md index f876e2a21b..36a71fa984 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm.md deleted file mode 100644 index 19441d1b3a..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker-using-mdm.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Administering AppLocker by using Mobile Device Management (MDM) (Windows 10) -description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. -ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -author: brianlic-msft -ms.date: 03/01/2018 ---- - -# Administering AppLocker by using Mobile Device Management (MDM) - -**Applies to** - - Windows 10 - - Windows Server - - diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md index d85ed0d63b..0064ab97ef 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/administer-applocker.md @@ -7,8 +7,12 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft -ms.date: 09/21/2017 +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/28/2019 --- # Administer AppLocker @@ -33,7 +37,6 @@ AppLocker helps administrators control how users can access and use files, such | Topic | Description | | - | - | -| [Administer AppLocker using Mobile Device Management (MDM)](administer-applocker-using-mdm.md) | This topic describes how to used MDM to manage AppLocker policies. | | [Maintain AppLocker policies](maintain-applocker-policies.md) | This topic describes how to maintain rules within AppLocker policies. | | [Edit an AppLocker policy](edit-an-applocker-policy.md) | This topic for IT professionals describes the steps required to modify an AppLocker policy. | | [Test and update an AppLocker policy](test-and-update-an-applocker-policy.md) | This topic discusses the steps required to test an AppLocker policy prior to deployment. | @@ -67,5 +70,3 @@ You must have Edit Setting permission to edit a GPO. By default, members of the ## Using Windows PowerShell to administer AppLocker For how-to info about administering AppLocker with Windows PowerShell, see [Use the AppLocker Windows PowerShell Cmdlets](use-the-applocker-windows-powershell-cmdlets.md). For reference info and examples how to administer AppLocker with Windows PowerShell, see the [AppLocker cmdlets](https://technet.microsoft.com/library/hh847210.aspx). -  -  diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md index 8b526e85fa..4ba13f8b1e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-architecture-and-components.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md index e1d9bba88b..06715de66b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-functions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md index d48aa2c008..758f313aac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/16/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index c939e91051..fd7f7cfe69 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md index b6c2c868d6..71f08e91e5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md index 36e0ac5981..b56b4d4a85 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policy-use-scenarios.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md index c4b962b01a..33e5620624 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-processes-and-interactions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md index ee4c5fe937..24cdcb9c69 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md index 054ee9ef62..edbe6eb6ac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 44b08ac93f..f644b21ed5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/08/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md index 953ead6f1e..9f6c893a55 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-enforce-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md index dbc018a25b..812492d020 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-exceptions-for-an-applocker-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md index f5511d3cc8..b7ce15ef26 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-appLocker-reference-device.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md index c756426699..bcd9cb9112 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-the-application-identity-service.md @@ -7,7 +7,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/02/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md index a97aa2c7cd..1120cc9526 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-for-packaged-apps.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md index b21e2e2528..43af6ad592 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-file-hash-condition.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md index ec420bcac6..59e7c13e44 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-path-condition.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md index 9eec93864f..edf05d2183 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-a-rule-that-uses-a-publisher-condition.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md index 76e4917930..6622ef7891 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-applocker-default-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md index 7f38968703..7791c5c029 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-list-of-applications-deployed-to-each-business-group.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md index 1848f8085f..4bef661ac5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md index 1e07df2d5b..b4be8e695e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/create-your-applocker-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md index 7c12e10af2..c7eb47499b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/02/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md index 3457f579f9..2309668f9e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index c3be5b8cd7..d45405393e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index 6acc47d3c4..d4599e1d65 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md index e81f42d528..70728d4e87 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md index bca3d32254..b05be7369f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/determine-your-application-control-objectives.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md index 393294a921..17e51bf270 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md @@ -7,7 +7,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md index cea7ab6ca2..86b55052a9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/dll-rules-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md index 01f5f91d5d..d48fe25d9b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.pagetype: security ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md index 7b6244b2eb..55df155aaa 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-application-list.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index 8f9183d2d5..bd96fb0487 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md index c03fb9d05e..c1cde0a5f2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-an-applocker-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md index b620e305a4..79a93ebed6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/edit-applocker-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md index a915311c12..045b259154 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enable-the-dll-rule-collection.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md index 6ef53ce437..4195b8d95c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/enforce-applocker-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md index 1ac1c9ce81..34a87eba3b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/executable-rules-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md index 000441d121..a06cd80b04 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md index 71956ee4d9..df296dbc5b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md index 536d75e6ad..70a0cb391f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/how-applocker-works-techref.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md index b880da4f7e..d28968fd6b 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md index 0785d8c4b0..05c36921ed 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md index dfb5a0b633..fa2c8449ab 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index 6f54125e98..312c00c2bb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md index 5de1967090..1fdcdbd719 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md index d77a10fb74..ea87808e0d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/merge-applocker-policies-manually.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md index d7dec8dac9..d1a7055787 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md index cda020c5b7..e972a285a0 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/optimize-applocker-performance.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md index 8911d1bf9e..619aa19efd 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/13/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md index f4d78c2168..6500f75fea 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/plan-for-applocker-policy-management.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md index 5eb4f002d8..c0a1f26152 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/refresh-an-applocker-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md index df08c99d15..dd6ba10e90 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-for-deploying-applocker-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md index d816c2e3df..97d032f8b6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md index 174b721e32..0e48a6f472 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/run-the-automatically-generate-rules-wizard.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md index 6fab819f0e..1649917882 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md index a6b7813076..9d73f8afef 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/security-considerations-for-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md index 6d3979d91f..fc03b4f081 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md index 453ab0eb53..5ffb4d98b5 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md index 27c90949d6..ccbc705657 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/test-and-update-an-applocker-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md index b78412c268..ac08014ac6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/tools-to-use-with-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md index 5e696490b6..e5fb93d221 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 66ac0616c3..5ad969d5f9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/13/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index c85924b254..578986beac 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md index 35b9675e4c..4b1ec580e1 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-the-applocker-policy-deployment-process.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md index b8dff87c25..3b54878e4f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md index fdba7959a0..725d456a08 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-default-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md index a7077bd6b7..40b6d2c8ea 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-behavior.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md index cf5e0d7301..194a713b23 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-collections.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md index 93e36b568f..35682f8954 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-condition-types.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md index 56ef43a232..92a2179fce 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-applocker-rule-exceptions.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md index bf60367a08..72cf62e127 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-file-hash-rule-condition-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md index 46a0ba3967..154d463930 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-path-rule-condition-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md index 612e3824d2..99c3ebe52a 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understanding-the-publisher-rule-condition-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md index 45529acef2..709e3beb0d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md @@ -8,7 +8,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md index e5cd39f92c..fdc15a6ef8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md index 686d4be09d..a9409118af 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md index 36b1d0017d..f675e2f425 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md index 6d7fb0b8d9..5a4bf9af3c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md index 292c50818f..b77b1ee1c8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index 47b6d2df84..1e37f0531c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md index 9926340d47..cf2294e550 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md index e49dcb1440..f204088397 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-your-windows-defender-application-control-planning-document.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md index 68bc862fd3..a414320068 100644 --- a/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md +++ b/windows/security/threat-protection/windows-defender-application-control/document-your-windows-defender-application-control-management-processes.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 09/21/2017 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md index 8c0a834285..2edd777efc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md @@ -5,7 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 03/01/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md index 1423972366..d50f975bc2 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: jsuther1974 -ms.date: 02/28/2018 +ms.date: 02/19/2019 --- # Optional: Use the Device Guard Signing Portal in the Microsoft Store for Business @@ -16,4 +16,25 @@ ms.date: 02/28/2018 **Applies to:** - Windows 10 -- Windows Server 2016 \ No newline at end of file +- Windows Server 2019 +- Windows Server 2016 + +You can sign code integrity policies with the Device Guard signing portal to prevent them from being tampered with after they're deployed. + +## Sign your code integrity policy +Before you get started, be sure to review these best practices: + +**Best practices** + +- Test your code integrity policies on a pilot group of devices before deploying them to production. +- Use rule options 9 and 10 during testing. For more information, see the section Code integrity policy rules in the [Deploy Windows Defender Application Control policy rules and file rules](hhttps://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create). + +**To sign a code integrity policy** + +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). +2. Click **Manage**, click **Store settings**, and then click **Device Guard**. +3. Click **Upload** to upload your code integrity policy. +4. After the files are uploaded, click **Sign** to sign the code integrity policy. +5. Click **Download** to download the signed code integrity policy. + + When you sign a code integrity policy with the Device Guard signing portal, the signing certificate is added to the policy. This means you can't modify this policy. If you need to make changes, make them to an unsigned version of the policy, and then sign the policy again. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md index 35710141ab..7fa8248d7c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md @@ -5,7 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 02/20/2018 --- diff --git a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md index 1ec89ed28f..0d185ae9bd 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 02/07/2019 +ms.date: 02/19/2019 --- # Prepare to install Windows Defender Application Guard @@ -58,7 +58,7 @@ Employees can use hardware-isolated browsing sessions without any administrator Applies to: - Windows 10 Enterprise edition, version 1709 or higher -You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests tooad non-enterprise domain(s) in the container. +You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container. The following diagram shows the flow between the host PC and the isolated container. ![Flowchart for movement between Microsoft Edge and Application Guard](images/application-guard-container-v-host.png) diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index d3ddc702eb..59406a457e 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -5,7 +5,7 @@ #### [Hardware-based isolation](overview-hardware-based-isolation.md) ##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md) ###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md) -##### [System integrity](../windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md) +##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) #### [Application control](../windows-defender-application-control/windows-defender-application-control.md) #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) #### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) @@ -94,6 +94,10 @@ #### [Information protection in Windows overview](information-protection-in-windows-overview.md) + +### [Microsoft Threat Experts](microsoft-threat-experts.md) + + ### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) @@ -298,98 +302,16 @@ ###### Multiple APIs ####### [PowerShell](exposed-apis-full-sample-powershell.md) ###### [Using OData Queries](exposed-apis-odata-samples.md) - -#### [Use the Windows Defender ATP exposed APIs (deprecated)](exposed-apis-windows-defender-advanced-threat-protection.md) -##### [Supported Windows Defender ATP APIs (deprecated)](supported-apis-windows-defender-advanced-threat-protection.md) -######Actor (deprecated) -####### [Get actor information (deprecated)](get-actor-information-windows-defender-advanced-threat-protection.md) -####### [Get actor related alerts (deprecated)](get-actor-related-alerts-windows-defender-advanced-threat-protection.md) -######Alerts (deprecated) -####### [Get alerts (deprecated)](get-alerts-windows-defender-advanced-threat-protection.md) -####### [Get alert information by ID (deprecated)](get-alert-info-by-id-windows-defender-advanced-threat-protection.md) -####### [Get alert related actor information (deprecated)](get-alert-related-actor-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related domain information (deprecated)](get-alert-related-domain-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related file information (deprecated)](get-alert-related-files-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related IP information (deprecated)](get-alert-related-ip-info-windows-defender-advanced-threat-protection.md) -####### [Get alert related machine information (deprecated)](get-alert-related-machine-info-windows-defender-advanced-threat-protection.md) -######Domain (deprecated) -####### [Get domain related alerts (deprecated)](get-domain-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get domain related machines (deprecated)](get-domain-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get domain statistics (deprecated)](get-domain-statistics-windows-defender-advanced-threat-protection.md) -####### [Is domain seen in organization (deprecated)](is-domain-seen-in-org-windows-defender-advanced-threat-protection.md) - -######File(deprecated) -####### [Block file (deprecated)](block-file-windows-defender-advanced-threat-protection.md) -####### [Get file information (deprecated)](get-file-information-windows-defender-advanced-threat-protection.md) -####### [Get file related alerts (deprecated)](get-file-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get file related machines (deprecated)](get-file-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get file statistics (deprecated)](get-file-statistics-windows-defender-advanced-threat-protection.md) -####### [Get FileActions collection (deprecated)](get-fileactions-collection-windows-defender-advanced-threat-protection.md) -####### [Unblock file (deprecated)](unblock-file-windows-defender-advanced-threat-protection.md) - -######IP (deprecated) -####### [Get IP related alerts (deprecated)](get-ip-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get IP related machines (deprecated)](get-ip-related-machines-windows-defender-advanced-threat-protection.md) -####### [Get IP statistics (deprecated)](get-ip-statistics-windows-defender-advanced-threat-protection.md) -####### [Is IP seen in organization (deprecated)](is-ip-seen-org-windows-defender-advanced-threat-protection.md) -######Machines (deprecated) -####### [Collect investigation package (deprecated)](collect-investigation-package-windows-defender-advanced-threat-protection.md) -####### [Find machine information by IP (deprecated)](find-machine-info-by-ip-windows-defender-advanced-threat-protection.md) -####### [Get machines (deprecated)](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineAction object (deprecated)](get-filemachineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get FileMachineActions collection (deprecated)](get-filemachineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machine by ID (deprecated)](get-machine-by-id-windows-defender-advanced-threat-protection.md) -####### [Get machine log on users (deprecated)](get-machine-log-on-users-windows-defender-advanced-threat-protection.md) -####### [Get machine related alerts (deprecated)](get-machine-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get MachineAction object (deprecated)](get-machineaction-object-windows-defender-advanced-threat-protection.md) -####### [Get MachineActions collection (deprecated)](get-machineactions-collection-windows-defender-advanced-threat-protection.md) -####### [Get machines (deprecated)](get-machines-windows-defender-advanced-threat-protection.md) -####### [Get package SAS URI (deprecated)](get-package-sas-uri-windows-defender-advanced-threat-protection.md) -####### [Isolate machine (deprecated)](isolate-machine-windows-defender-advanced-threat-protection.md) -####### [Release machine from isolation (deprecated)](unisolate-machine-windows-defender-advanced-threat-protection.md) -####### [Remove app restriction (deprecated)](unrestrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Request sample (deprecated)](request-sample-windows-defender-advanced-threat-protection.md) -####### [Restrict app execution (deprecated)](restrict-code-execution-windows-defender-advanced-threat-protection.md) -####### [Run antivirus scan (deprecated)](run-av-scan-windows-defender-advanced-threat-protection.md) -####### [Stop and quarantine file (deprecated)](stop-quarantine-file-windows-defender-advanced-threat-protection.md) - -######User (deprecated) -####### [Get alert related user information (deprecated)](get-alert-related-user-info-windows-defender-advanced-threat-protection.md) -####### [Get user information (deprecated)](get-user-information-windows-defender-advanced-threat-protection.md) -####### [Get user related alerts (deprecated)](get-user-related-alerts-windows-defender-advanced-threat-protection.md) -####### [Get user related machines (deprecated)](get-user-related-machines-windows-defender-advanced-threat-protection.md) - - - - - - - - - - - - - - - - - - - - - #### API for custom alerts ##### [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -##### [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) -###### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) -###### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) -###### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) -###### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) -###### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Use the threat intelligence API to create custom alerts](use-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) +##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) +##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) +##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) #### [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) @@ -403,6 +325,7 @@ #### Reporting ##### [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) +##### [Threat protection reports](threat-protection-reports-windows-defender-advanced-threat-protection.md) #### Role-based access control ##### [Manage portal access using RBAC](rbac-windows-defender-advanced-threat-protection.md) @@ -412,6 +335,11 @@ #### [Configure managed security service provider (MSSP) support](configure-mssp-support-windows-defender-advanced-threat-protection.md) + + + +### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) + ### Configure Microsoft Threat Protection integration #### [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md) #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md) diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md index 850fea7739..d0a2edbc27 100644 --- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: View and organize the Windows Defender ATP Alerts queue description: Learn about how the Windows Defender ATP alerts queues work, and how to sort and filter lists of alerts. -keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period +keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period, microsoft threat experts alerts search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -77,7 +77,7 @@ Corresponds to the automated investigation state. You can choose between showing alerts that are assigned to you or automation. ### Detection source -Select the source that triggered the alert detection. +Select the source that triggered the alert detection. Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts managed hunting service. >[!NOTE] >The Windows Defender Antivirus filter will only appear if machines are using Windows Defender Antivirus as the default real-time protection antimalware product. diff --git a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 08d856647a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Block file API -description: Use this API to blocking files from being running in the organization. -keywords: apis, graph api, supported apis, block file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Block file API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Prevent a file from being executed in the organization using Windows Defender Antivirus. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/files/{sha1}/block -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - - -## Response -If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/block -Content-type: application/json -{ - "Comment": "Block file due to alert 32123" -} - - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6260351a2c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Collect investigation package API -description: Use this API to create calls related to the collecting an investigation package from a machine. -keywords: apis, graph api, supported apis, collect investigation package -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Collect investigation package API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Collect investigation package from a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/collectInvestigationPackage -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. Required. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | Text | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/collectInvestigationPackage -Content-type: application/json -{ - "Comment": "Collect forensics due to alert 1234" -} -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "c9042f9b-8483-4526-87b5-35e4c2532223", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@contoso.com ", - "requestorComment": " Collect forensics due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:09:24.1785079Z", - "lastUpdateTimeUtc": "2017-12-04T12:09:24.1785079Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md index 70e3d006fa..0db8c85384 100644 --- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 04/24/2018 --- # Enable conditional access to better protect users, devices, and data @@ -57,7 +56,7 @@ There are three ways to address a risk: 2. Resolve active alerts on the machine. This will remove the risk from the machine. 3. You can remove the machine from the active policies and consequently, conditional access will not be applied on the machine. -Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](#configure-conditional-access). +Manual remediation requires a secops admin to investigate an alert and address the risk seen on the device. The automated remediation is configured through configuration settings provided in the following section, [Configure conditional access](configure-conditional-access-windows-defender-advanced-threat-protection.md). When the risk is removed either through manual or automated remediation, the device returns to a compliant state and access to applications is granted. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index e4df4b05b7..14a13f7b3a 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -12,10 +12,9 @@ ms.author: macapara author: mjcaparas ms.localizationpriority: medium manager: dansimp -audience: ITProarticle +audience: ITPro ms.collection: M365-security-compliance -ms.topic: -ms.date: 04/24/2018 +ms.topic: article --- # Onboard Windows 10 machines using a local script diff --git a/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md new file mode 100644 index 0000000000..dca722db26 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/configure-microsoft-threat-experts.md @@ -0,0 +1,116 @@ +--- +title: Configure and manage Microsoft Threat Experts capabilities +description: You need to register to Microsoft Threats Experts preview to configure, manage, and use it in your daily security operations and security administration work. +keywords: Microsoft Threat Experts, managed threat hunting service, MTE, Microsoft managed hunting service +search.product: Windows 10 +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMV +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 02/28/2019 +--- + +# Configure and manage Microsoft Threat Experts capabilities +**Applies to:** + +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) + +[!include[Prerelease�information](prerelease.md)] + +## Before you begin +To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a valid Premier customer service and support account. However, Premier charges will not be incurred during the preview. + +You also need to ensure that you have Windows Defender ATP deployed in your environment with machines enrolled, and not just on a laboratory set-up. + + +## Register to Microsoft Threat Experts preview +If you're already a Windows Defender ATP customer, you can apply for preview through the Windows Defender ATP portal. + +1. From the navigation pane, go to **Settings > General > Advanced features > Threat Experts**. + +2. Click **Apply for preview**. + +3. In the **Apply for preview** dialog box, read and make sure you understand the preview's terms of agreement. + +4. Enter your name and email address so that Microsoft can get back to you on your application. + +5. Read the privacy statement, then click **Submit** when you're done. + + >[!NOTE] + >You will receive a welcome email once your application is approved. Then, from the navigation pane, go to **Settings** > **General** > **Advanced features** to turn the **Threat Experts** toggle on. Click **Save preferences**. + + +## Receive targeted attack notification from Microsoft Threat Experts +You can receive targeted attack notification from Microsoft Threat Experts through the following: +- The Windows Defender ATP portal's **Alerts** dashboard +- Your email, if you choose to configure it + +To receive targeted attack notifications through email, you need to create an email notification rule. + +### Create an email notification rule +You can create rules to send email notifications for notification recipients. See Configure alert notifications to create, edit, delete, or troubleshoot email notification, for details. + + +## View the targeted attack notification +You'll start receiving targeted attack notification from Microsoft Threat Experts in your email after you have configured your system to receive email notification. + +1. Click the link in the email to go to the corresponding alert context in the dashboard tagged with **Threat experts**. + +2. From the dashboard, select the same alert topic that you got from the email, to view the details. + + +## Ask a Microsoft threat expert about suspicious cybersecurity activities in your organization +You can partner with Microsoft Threat Experts who can be engaged directly from within the Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand complex threats, targeted attack notifications that you get, or if you need more information about the alerts, a potentially compromised machine, or a threat intelligence context that you see on your portal dashboard. + +1. Navigate to the portal page with the relevant information that you'd like to investigate, for example, the **Incident** page. Ensure that the page for the relevant alert or machine is in view before raising an inquiry. +2. From the upper right-hand menu, click **?**, then select **Ask a threat expert**. +3. Asking a threat expert is a two-step process: you need to provide the necessary information and open a support ticket. + + **Step 1: Provide information** + a. Provide enough information to give the Microsoft Threat Experts enough context to start the investigation. Select the inquiry category from the **Provide information > Inquiry** details drop-down menu.
    + + b. Enter the additional details to give the threat experts more context of what you’d like to investigate. Click **Next**, and it takes you to the **Open support ticket** tab.
    + + c. Remember to use the ID number from the **Open a support ticket** tab page and include it to the details you will provide in the subsequent Customer Services and Support (CSS) pages.
    + + **Step 2: Open a support ticket** + + >[!NOTE] + >To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a Premier customer service and support account. However, you will not be charged for the Experts-on-demand service during the preview. + + a. In the **New support request** customer support page, select the following from the dropdown menu and then click **Next**:
    + + - **Select the product family**: **Security** + - **Select a product**: **Microsoft Threat Experts** + - **Select a category that best describes the issue**: **Windows Defender ATP** + - **Select a problem that best describes the issue**: Choose according to your inquiry category + + b. Fill out the fields with the necessary information about the issue and use the auto-generated ID when you open a Customer Services and Support (CSS) ticket. Then, click **Next**. + + c. In the **Select a support plan** page, select **Professional No Charge**. + + d. The severity of your issue has been pre-selected by default, per the support plan, **Professional No Charge**, that you'll use for this public preview. Select the time zone by which you'd like to receive the correspondence. Then, click **Next**. + + e. Verify your contact details and add another if necessary. Then, click **Next**. + + f. Review the summary of your support request, and update if necessary. Make sure that you read and understand the **Microsoft Services Agreement** and **Privacy Statement**. Then, click **Submit**. You will see the confirmation page indicating the response time and your support request number. + +## Scenario + +### Receive a progress report about your managed hunting inquiry +Response from Microsoft Threat Experts varies according to your inquiry. They will email a progress report to you regarding the Ask a threat expert inquiry that you've submitted, within two days, to communicate the investigation status from the following categories: +- More information is needed to continue with the investigation +- A file or several file samples are needed to determine the technical context +- Investigation requires more time +- Initial information was enough to conclude the investigation + +It is crucial to respond in a timely manner to keep the investigation moving. See the Premier customer service and support service level agreement for details. + diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5fd529d286..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Use the Windows Defender Advanced Threat Protection exposed APIs -description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 10/23/2017 ---- - -# Use the Windows Defender ATP exposed APIs (deprecated) - -**Applies to:** - - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) - -Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code). - -In general, you’ll need to take the following steps to use the APIs: -- Create an app -- Get an access token -- Run queries on the graph API - -### Before you begin -Before using the APIs, you’ll need to create an app that you’ll use to authenticate against the graph. You’ll need to create a native app to use for the adhoc queries. - -## Create an app - -1. Log on to [Azure](https://portal.azure.com). - -2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**. - - ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app.png) - -3. In the Create window, enter the following information then click **Create**. - - ![Image of Create application window](images/atp-azure-create.png) - - - **Name:** WinATPGraph - - **Application type:** Native - - **Redirect URI:** `https://localhost` - - -4. Navigate and select the newly created application. - ![Image of new app in Azure](images/atp-azure-atp-app.png) - -5. Click **All settings** > **Required permissions** > **Add**. - - ![Image of All settings, then required permissions](images/atp-azure-required-permissions.png) - -6. Click **Select an API** > **Microsoft Graph**, then click **Select**. - - ![Image of API access and API selection](images/atp-azure-api-access.png) - - -7. Click **Select permissions** and select **Sign in and read user profile** then click **Select**. - - ![Image of select permissions](images/atp-azure-select-permissions.png) - -You can now use the code snippets in the following sections to query the API using the created app ID. - -## Get an access token -1. Get the Client ID from the application you created. - -2. Use the **Client ID**. For example: - ``` - private const string authority = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"; - private const string resourceId = "https://graph.microsoft.com"; - private const string clientId = "{YOUR CLIENT ID/APP ID HERE}"; - private const string redirect = "https://localhost"; - HttpClient client = new HttpClient(); - AuthenticationContext auth = new AuthenticationContext(authority); - var token = auth.AcquireTokenAsync(resourceId, clientId, new Uri(redirect), new PlatformParameters(PromptBehavior.Auto)).Result; - client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token.AccessTokenType, token.AccessToken); - ``` - -## Query the graph -Once the bearer token is retrieved, you can easily invoke the graph APIs. For example: - -``` -client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); -// sample endpoint -string ep = @"https://graph.microsoft.com/{VERSION}/alerts?$top=5"; -HttpResponseMessage response = client.GetAsync(ep).Result; -string resp = response.Content.ReadAsStringAsync().Result; -Console.WriteLine($"response for: {ep} \r\n {resp}"); -``` - - -## Related topics -- [Supported Windows Defender ATP APIs](supported-apis-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 31dd495489..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Find machine information by internal IP API -description: Use this API to create calls related to finding a machine entry around a specific timestamp by internal IP. -keywords: ip, apis, graph api, supported apis, find machine, machine information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 07/25/2018 ---- - -# Find machine information by internal IP API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Find a machine entity around a specific timestamp by internal IP. - ->[!NOTE] ->The timestamp must be within the last 30 days. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/find(timestamp={time},key={IP}) -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine exists - 200 OK. -If no machine found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/find(timestamp=2018-06-19T10:00:00Z,key='10.166.93.61') -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - -The response will return a list of all machines that reported this IP address within sixteen minutes prior and after the timestamp. - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "04c99d46599f078f1c3da3783cf5b95f01ac61bb", - "computerDnsName": "", - "firstSeen": "2017-07-06T01:25:04.9480498Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9a091b8391..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get actor information API -description: Retrieves an actor information report. -keywords: apis, graph api, supported apis, get, actor, information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - - -# Get actor information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves an actor information report. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/actor/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and actor exists - 200 OK. -If actor does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/actors/zinc -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", - "id": "zinc", - "linkToReport": "link-to-pdf" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index bd46788176..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Get actor related alerts API -description: Retrieves all alerts related to a given actor. -keywords: apis, graph api, supported apis, get, actor, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get actor related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all alerts related to a given actor. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/actor/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert exists - 200 OK. -If actor does not exist or no related alerts - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/actors/zinc/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 3, - "value": [ - { - "id": "636390437845006321_-1646055784", - "severity": "Medium", - "status": "Resolved", - "description": "Malware associated with ZINC has been detected.", - "recommendedAction": "1.\tContact your incident response team.", - "alertCreationTime": "2017-08-23T00:09:43.9057955Z", - "category": "Malware", - "title": "Malware associated with the activity group ZINC was discovered", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 99122fe355..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert information by ID API -description: Retrieves an alert by its ID. -keywords: apis, graph api, supported apis, get, alert, information, id -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert information by ID API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves an alert by its ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert exists - 200 OK. -If alert not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts/$entity", - "id": "636396039176847743_89954699", - "severity": "Informational", - "status": "New", - "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", - "recommendedAction": "Collect artifacts and determine scope.", - "alertCreationTime": "2017-08-29T11:45:17.5754165Z", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6fbf1c4597..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get alert related actor information API -description: Retrieves the actor information related to the specific alert. -keywords: apis, graph api, supported apis, get, alert, actor, information, related -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related actor information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves the actor information related to the specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/actor -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and actor exist - 200 OK. -If alert not found or actor not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/actor -Content-type: application/json - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Actors/$entity", - "id": "zinc", - "linkToReport": "link-to-pdf" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 232626e443..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related domain information -description: Retrieves all domains related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related domain -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related domain information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - -[!include[Deprecatedinformation](deprecate.md)] - - - -Retrieves all domains related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/domains -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and domain exist - 200 OK. -If alert not found or domain not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/domains -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains", - "value": [ - { - "host": "www.example.com" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index aac3ca91b8..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related files information -description: Retrieves all files related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related files -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related files information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all files related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/files -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and files exist - 200 OK. -If alert not found or files not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/files -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files", - "value": [ - { - "sha1": "121c7060dada38275d7082a4b9dc62641b255c36", - "sha256": "c815e0abb8273ba4ea6ca92d430d9e4d065dbb52877a9ce6a8371e5881bd7a94", - "md5": "776c970dfd92397b3c7d74401c85cd40", - "globalPrevalence": null, - "globalFirstObserved": null, -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index c90e325cd2..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get alert related IP information -description: Retrieves all IPs related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related ip -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related IP information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all IPs related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/ips -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and an IP exist - 200 OK. -If alert not found or IPs not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/ips -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips", -"value": [ - { - "id": "104.80.104.128" - }, - { - "id": "23.203.232.228 -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9d2b5d8a54..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get alert related machine information -description: Retrieves all machines related to a specific alert. -keywords: apis, graph api, supported apis, get alert information, alert information, related machine -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related machine information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves all machines related to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/machine -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and machine exist - 200 OK. -If alert not found or machine not found - 404 Not Found. - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/machine -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", - "id": "207575116e44741d2b22b6a81429b3ca4fd34608", - "computerDnsName": "machine1-corp.contoso.com", - "firstSeen": "2015-12-01T11:31:53.7016691Z", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0f7a062536..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Get alert related user information -description: Retrieves the user associated to a specific alert. -keywords: apis, graph api, supported apis, get, alert, information, related, user -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alert related user information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves the user associated to a specific alert. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts/{id}/user -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alert and a user exists - 200 OK. -If alert not found or user not found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts/{id}/user -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", - "id": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4\\DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", - "accountSid": null, - "accountName": "DomainPII_aca88e6ed7dc68a69c35019ca947745f3858c868", - "accountDomainName": "UserPII_487a7e2aa8b0a24e429b0be88e5cf5e91be1a8f4", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4fd7bfe798..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Get alerts API -description: Retrieves top recent alerts. -keywords: apis, graph api, supported apis, get, alerts, recent -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves top recent alerts. - - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and alerts exists - 200 OK. -If no recent alerts found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 5000, - "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/alerts?$skip=5000", - "value": [ - { - "id": "636396039176847743_89954699", - "severity": "Informational", - "status": "New", - "description": "Readily available tools, such as commercial spyware, monitoring software, and hacking programs", - "recommendedAction": "Collect artifacts and determine scope", - "alertCreationTime": "2017-08-29T11:45:17.5754165Z", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 056e7fcffd..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Get domain related alerts API -description: Retrieves a collection of alerts related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of alerts related to a given domain address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain and alert exists - 200 OK. -If domain or alert does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 45f5bbd0c4..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get domain related machines API -description: Retrieves a collection of machines related to a given domain address. -keywords: apis, graph api, supported apis, get, domain, related, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of machines related to a given domain address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain and machine exists - 200 OK. -If domain or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index ad4cf3a27b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get domain statistics API -description: Retrieves the prevalence for the given domain. -keywords: apis, graph api, supported apis, get, domain, domain related machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get domain statistics API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Retrieves the prevalence for the given domain. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.graph.InOrgDomainStats", - "host": "example.com", - "orgPrevalence": "4070", - "orgFirstSeen": "2017-07-30T13:23:48Z", - "orgLastSeen": "2017-08-29T13:09:05Z" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index ca11fae786..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Get file information API -description: Retrieves a file by identifier Sha1, Sha256, or MD5. -keywords: apis, graph api, supported apis, get, file, information, sha1, sha256, md5 -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a file by identifier Sha1, Sha256, or MD5. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file exists - 200 OK. -If file does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Files/$entity", - "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", - "sha256": "34fcb083cd01b1bd89fc467fd3c2cd292de92f915a5cb43a36edaed39ce2689a", - "md5": "d387a06cd4bf5fcc1b50c3882f41a44e", - "globalPrevalence": 40790196, -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index d1f066091d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get file related alerts API -description: Retrieves a collection of alerts related to a given file hash. -keywords: apis, graph api, supported apis, get, file, hash -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given file hash. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file and alert exists - 200 OK. -If file or alerts do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a8650d806c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get file related machines API -description: Retrieves a collection of machines related to a given file hash. -keywords: apis, graph api, supported apis, get, machines, hash -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of machines related to a given file hash. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file and machines exists - 200 OK. -If file or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0e85bdd5e1..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get file statistics API -description: Retrieves the prevalence for the given file. -keywords: apis, graph api, supported apis, get, file, statistics -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get file statistics API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Retrieves the prevalence for the given file. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/files/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and file exists - 200 OK. -If file do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/files/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgFileStats", - "sha1": "adae3732709d2178c8895c9be39c445b5e76d587", - "orgPrevalence": "106398", - "orgFirstSeen": "2017-07-30T13:29:50Z", - "orgLastSeen": "2017-08-29T13:29:31Z", - "topFileNames": [ - "chrome.exe", - "old_chrome.exe" - ] -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 86719d8e4d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Get FileActions collection API -description: Use this API to create calls related to get fileactions collection -keywords: apis, graph api, supported apis, get, file, information, fileactions collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Gets collection of actions done on files. Get FileActions collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/fileactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of FileAction objects. - ->[!NOTE] ->Although Block and Unblock actions are under FileAction category, this API only returns the Block actions on files that are currently blocked. For example, a file that is blocked and then unblocked will not be seen on this API. - - - -## Example - -**Request** - -Here is an example of the request on an organization that has three FileActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/fileactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileActions", - "value": [ - { - "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" - }, - { - "fileIdentifier": "df708f0107c7cc75ba2e5aaadc88b8bcfa01071d", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T11:16:19.9209438Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "1316", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T11:16:19.9209438Z" - }, - { - "fileIdentifier": "f5bc0981641c8a1fb3ef03e4bf574d8adf7134cf", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T10:57:02.2430564Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test 1256 2017.11.05", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T10:57:02.2430564Z" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 16d879ad08..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Get FileMachineAction object API -description: Use this API to create calls related to get machineaction object -keywords: apis, graph api, supported apis, filemachineaction object -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileMachineAction object API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Gets file and machine actions. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/filemachineactions/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with the *FileMachineAction* object. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions/3dc88ce3-dd0c-40f7-93fc-8bd14317aab6 -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "3dc88ce3-dd0c-40f7-93fc-8bd14317aab6", - "sha1": "8908b4441a2cd7285fe9c82917f69041cd467cf7", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@contoso.com ", - "requestorComment": "1104", - "status": "Succeeded", - "fileId": "8908b4441a2cd7285fe9c82917f69041cd467cf7", - "machineId": "61a2d326d2190d048950406b54af23416118094a", - "creationDateTimeUtc": "2017-09-06T08:04:06.1994034Z", - "lastUpdateDateTimeUtc": "2017-09-06T08:05:46.9200942Z", - "fileInstances": [ - { - "filePath": "C:\\tools\\PE\\7f06a650-040b-4774-bb39-5264ea9e93fa.exe", - "status": "Succeeded" - } - ] -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 6ff6b4a661..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -title: Get FileMachineActions collection API -description: Use this API to create calls related to get filemachineactions collection -keywords: apis, graph api, supported apis, filemachineactions collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get FileMachineActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Get collection of file and machine actions. Get FileMachineActions collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/filemachineactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of FileMachineAction objects since the Retention policy time of the organization. - - -## Example 1 - -**Request** - -Here is an example of the request on an organization that has three FileMachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileActions", - "value": [ - { - "fileIdentifier": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" - }, - { - "fileIdentifier": "df708f0107c7cc75ba2e5aaadc88b8bcfa01071d", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T11:16:19.9209438Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "1316", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T11:16:19.9209438Z" - }, - { - "fileIdentifier": "f5bc0981641c8a1fb3ef03e4bf574d8adf7134cf", - "fileIdentifierType": "Sha1", - "actionType": "Block", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-11-05T10:57:02.2430564Z", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test 1256 2017.11.05", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-11-05T10:57:02.2430564Z" - } - ] -} - - -``` - -##Example 2 - -**Request** - -Here is an example of a request that filters the FileMachineActions by machine ID and shows the latest two FileMachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/filemachineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 -``` - -**Response** - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions", - "value": [ - { - "id": "6f1d364c-680c-499a-b30c-dd9265ad4c9d", - "sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "fileId": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:13:26.2106524Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:15:07.1639963Z", - "fileInstances": [ - { - "filePath": "C:\\Users\\ testUser \\Downloads\\elma.exe", - "status": "Succeeded" - }, - { - "filePath": "C:\\Users\\ testUser \\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\elma (2).exe.xc9q785.partial", - "status": "Succeeded" - }, - ] - }, - { - "id": "c083f601-012f-4955-b4cc-fab50fb69d79", - "sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "type": "RequestSample", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "fileId": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:40:01.1094743Z", - "fileInstances": [ - { - "filePath": "C:\\Windows\\System32\\conhost.exe", - "status": "Succeeded" - } - ] - } - ] -} -``` \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index fa65c52796..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get IP related alerts API -description: Retrieves a collection of alerts related to a given IP address. -keywords: apis, graph api, supported apis, get, ip, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given IP address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and alert exists - 200 OK. -If IP and alerts do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 756cbde8ab..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Get IP related machines API -description: Retrieves a collection of machines related to a given IP address. -keywords: apis, graph api, supported apis, get, ip, related, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP related machines API -Retrieves a collection of alerts related to a given IP address. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and machines exists - 200 OK. If IP or machines do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 01e4b54211..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Get IP statistics API -description: Retrieves the prevalence for the given IP. -keywords: apis, graph api, supported apis, get, ip, statistics, prevalence -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get IP statistics API - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - - - -Retrieves the prevalence for the given IP. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/stats -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#microsoft.windowsDefenderATP.api.InOrgIPStats", - "ipAddress": "192.168.1.1", - "orgPrevalence": "63515", - "orgFirstSeen": "2017-07-30T13:36:06Z", - "orgLastSeen": "2017-08-29T13:32:59Z" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 70f7ef1f4c..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get machine by ID API -description: Retrieves a machine entity by ID. -keywords: apis, graph api, supported apis, get, machines, entity, id -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine by ID API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a machine entity by ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine exists - 200 OK. -If no machine found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines/$entity", - "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", - "computerDnsName": "", - "firstSeen": "2015-03-15T00:18:20.6588778Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1b5ab3844f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get machine log on users API -description: Retrieves a collection of logged on users. -keywords: apis, graph api, supported apis, get, machine, log on, users -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine log on users API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of logged on users. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id}/logonusers -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine and user exist - 200 OK. -If no machine found or no users found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id}/logonusers -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users", - "value": [ - { - "id": "m", - "accountSid": null, - "accountName": "", - "accountDomainName": "northamerica", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 42bdf1c86f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get machine related alerts API -description: Retrieves a collection of alerts related to a given machine ID. -keywords: apis, graph api, supported apis, get, machines, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machine related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given machine ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machine and alert exists - 200 OK. -If no machine or no alerts found - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 1, - "value": [ - { - "id": "636396066728379047_-395412459", - "severity": "Medium", - "status": "New", - "description": "A reverse shell created from PowerShell was detected. A reverse shell allows an attacker to access the compromised machine without authenticating.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 5d17696c39..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Get MachineAction object API -description: Use this API to create calls related to get machineaction object -keywords: apis, graph api, supported apis, machineaction object -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get MachineAction object API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Get actions done on a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions/{id} -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with the *MachineAction* object. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions/2e9da30d-27f6-4208-81f2-9cd3d67893ba -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md deleted file mode 100644 index b0b763756d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Get MachineActions collection API -description: Use this API to create calls related to get machineactions collection -keywords: apis, graph api, supported apis, machineaction collection -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get MachineActions collection API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - Gets collection of actions done on machines. Get MachineAction collection API supports OData V4 queries. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with a collection of MachineAction objects since the Retention policy time of the organization. - - -## Example 1 - -**Request** - -Here is an example of the request on an organization that has three MachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions", - "value": [ - { - "id": "69dc3630-1ccc-4342-acf3-35286eec741d", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:43:57.2011911Z", - "lastUpdateTimeUtc": "2017-12-04T12:45:25.4049122Z" - }, - { - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" - }, - { - "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e", - "type": "UnrestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:40.6052029Z", - "lastUpdateTimeUtc": "2017-12-04T12:16:14.2899973Z" - } - ] -} - - -``` - -## Example 2 - -**Request** - -Here is an example of a request that filters the MachineActions by machine ID and shows the latest two MachineActions. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions?$filter=machineId eq 'f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f'&$top=2 -``` - - - -**Response** - -Here is an example of the response. - -``` -HTTP/1.1 200 Ok -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions", - "value": [ - { - "id": "69dc3630-1ccc-4342-acf3-35286eec741d", - "type": "CollectInvestigationPackage", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:43:57.2011911Z", - "lastUpdateTimeUtc": "2017-12-04T12:45:25.4049122Z" - }, - { - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "Succeeded", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:57.5511934Z" - } - ] -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index af20fa7c3a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Get machines API -description: Retrieves a collection of recently seen machines. -keywords: apis, graph api, supported apis, get, machines -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - - -Retrieves a collection of recently seen machines. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and machines exists - 200 OK. -If no recent machines - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "@odata.count": 5000, - "@odata.nextLink": "https://graph.microsoft.com/testwdatppreview/machines?$skip=5000", - "value": [ - { - "id": "fadd8a46f4cc722a0391fdee82a7503b9591b3b9", - "computerDnsName": "", - "firstSeen": "2015-03-15T00:18:20.6588778Z", - "osPlatform": "Windows10", - "osVersion": "10.0.0.0", -… -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 929c85a45a..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Get package SAS URI API -description: Use this API to get a URI that allows downloading an investigation package. -keywords: apis, graph api, supported apis, get package, sas, uri -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get package SAS URI API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Get a URI that allows downloading of an investigation package. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -GET /testwdatppreview/machineactions/{id}/getPackageUri -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - - -## Request body -Empty - -## Response -If successful, this method returns 200, Ok response code with object that holds the link to the package in the “value” parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri - -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 Ok -Content-type: application/json - -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Edm.String", - "value": "\"https://userrequests-us.securitycenter.windows.com:443/safedownload/WDATP_Investigation_Package.zip?token=gbDyj7y%2fbWGAZjn2sFiZXlliBTXOCVG7yiJ6mXNaQ9pLByC2Wxeno9mENsPFP3xMk5l%2bZiJXjLvqAyNEzUNROxoM2I1er9dxzfVeBsxSmclJjPsAx%2btiNyxSz1Ax%2b5jaT5cL5bZg%2b8wgbwY9urXbTpGjAKh6FB1e%2b0ypcWkPm8UkfOwsmtC%2biZJ2%2bPqnkkeQk7SKMNoAvmh9%2fcqDIPKXGIBjMa0D9auzypOqd8bQXp7p2BnLSH136BxST8n9IHR4PILvRjAYW9kvtHkBpBitfydAsUW4g2oDZSPN3kCLBOoo1C4w4Lkc9Bc3GNU2IW6dfB7SHcp7G9p4BDkeJl3VuDs6esCaeBorpn9FKJ%2fXo7o9pdcI0hUPZ6Ds9hiPpwPUtz5J29CBE3QAopCK%2fsWlf6OW2WyXsrNRSnF1tVE5H3wXpREzuhD7S4AIA3OIEZKzC4jIPLeMu%2bazZU9xGwuc3gICOaokbwMJiZTqcUuK%2fV9YdBdjdg8wJ16NDU96Pl6%2fgew2KYuk6Wo7ZuHotgHI1abcsvdlpe4AvixDbqcRJthsg2PpLRaFLm5av44UGkeK6TJpFvxUn%2f9fg6Zk5yM1KUTHb8XGmutoCM8U9er6AzXZlY0gGc3D3bQOg41EJZkEZLyUEbk1hXJB36ku2%2bW01cG71t7MxMBYz7%2bdXobxpdo%3d%3bRWS%2bCeoDfTyDcfH5pkCg6hYDmCOPr%2fHYQuaUWUBNVnXURYkdyOzVHqp%2fe%2f1BNyPdVoVkpQHpz1pPS3b5g9h7IMmNKCk5gFq5m2nPx6kk9EYtzx8Ndoa2m9Yj%2bSaf8zIFke86YnfQL4AYewsnQNJJh4wc%2bXxGlBq7axDcoiOdX91rKzVicH3GSBkFoLFAKoegWWsF%2fEDZcVpF%2fXUA1K8HvB6dwyfy4y0sAqnNPxYTQ97mG7yHhxPt4Pe9YF2UPPAJVuEf8LNlQ%2bWHC9%2f7msF6UUI4%2fca%2ftpjFs%2fSNeRE8%2fyQj21TI8YTF1SowvaJuDc1ivEoeopNNGG%2bGI%2fX0SckaVxU9Hdkh0zbydSlT5SZwbSwescs0IpzECitBbaLUz4aT8KTs8T0lvx8D7Te3wVsKAJ1r3iFMQZrlk%2bS1WW8rvac7oHRx2HKURn1v7fDIQWgJr9aNsNlFz4fLJ50T2qSHuuepkLVbe93Va072aMGhvr09WVKoTpAf1j2bcFZZU6Za5PxI32mr0k90FgiYFJ1F%2f1vRDrGwvWVWUkR3Z33m4g0gHa52W1FMxQY0TJIwbovD6FaSNDx7xhKZSd5IJ7r6P91Gez49PaZRcAZPjd%2bfbul3JNm1VqQPTLohT7wa0ymRiXpSST74xtFzuEBzNSNATdbngj3%2fwV4JesTjZjIj5Dc%3d%3blumqauVlFuuO8MQffZgs0tLJ4Fq6fpeozPTdDf8Ll6XLegi079%2b4mSPFjTK0y6eohstxdoOdom2wAHiZwk0u4KLKmRkfYOdT1wHY79qKoBQ3ZDHFTys9V%2fcwKGl%2bl8IenWDutHygn5IcA1y7GTZj4g%3d%3d\"" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 9301b0a805..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Get user information API -description: Retrieve a User entity by key such as user name or domain. -keywords: apis, graph api, supported apis, get, user, user information -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get user information API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieve a User entity by key (user name or domain\user). - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user exists - 200 OK. -If user does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Users/$entity", - "id": "", - "accountSid": null, - "accountName": "", - "accountDomainName": "", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4884ead11f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Get user related alerts API -description: Retrieves a collection of alerts related to a given user ID. -keywords: apis, graph api, supported apis, get, user, related, alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 11/15/2018 ---- - -# Get user related alerts API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of alerts related to a given user ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/alerts -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user and alert exists - 200 OK. -If user does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id}/alerts -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Alerts", - "@odata.count": 9, - "value": [ - { - "id": "636396023170943366_-36088267", - "severity": "Medium", - "status": "New", - "description": "Built-in Microsoft command-line utility Regsvr32.exe executes a suspicious script that leads to malicious actions. The commands trigger additional downloads and execution of uncommon executable (PE) files or scripts. There are rare cases where this is tied to legitimate behavior.", - "recommendedAction": "Update AV signatures and run a full scan.", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0a0c740329..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Get user related machines API -description: Retrieves a collection of machines related to a given user ID. -keywords: apis, graph api, supported apis, get, user, user related alerts -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Get user related machines API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Retrieves a collection of machines related to a given user ID. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/users/{id}/machines -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and user and machine exists - 200 OK. -If user or machine does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/users/{id}/machines -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ -"@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Machines", - "value": [ - { - "id": "0a3250e0693a109f1affc9217be9459028aa8426", - "computerDnsName": "ComputerPII_4aa5f8f4509b90675a13183742f1b1ad67cf62b0.DomainPII_23208d0fe863968308c0c8e67dc0004bd1257631", - "firstSeen": "2017-07-05T08:21:00.0572159Z", - "osPlatform": "Windows10", -… -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png b/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png index ff9c97c86e..3fae6eba9a 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png and b/windows/security/threat-protection/windows-defender-atp/images/AH_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png index 887498f7bc..fa8836ea1f 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png and b/windows/security/threat-protection/windows-defender-atp/images/AR_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png index 28b5b3156f..dd521d492a 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png and b/windows/security/threat-protection/windows-defender-atp/images/ASR_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.jpg b/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.jpg new file mode 100644 index 0000000000..ed71564e87 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.jpg differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png b/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png index 7e6df62bdf..f2622cbc2b 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png and b/windows/security/threat-protection/windows-defender-atp/images/EDR_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.jpg b/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.jpg new file mode 100644 index 0000000000..020b1d4132 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.jpg differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.png b/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.png new file mode 100644 index 0000000000..d5b9b48086 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/MTE_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.jpg b/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.jpg new file mode 100644 index 0000000000..d089da2493 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.jpg differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png b/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png index df1b70e041..6066f305a2 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png and b/windows/security/threat-protection/windows-defender-atp/images/NGP_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png b/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png index 95908405ce..e69ea2a796 100644 Binary files a/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png and b/windows/security/threat-protection/windows-defender-atp/images/SS_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/TVM_icon.png b/windows/security/threat-protection/windows-defender-atp/images/TVM_icon.png new file mode 100644 index 0000000000..41faa16718 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/TVM_icon.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png new file mode 100644 index 0000000000..ddda52b1f0 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/atp-threat-protection-reports.png differ diff --git a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f2f3f599ed..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/is-domain-seen-in-org-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Is domain seen in org API -description: Use this API to create calls related to checking whether a domain was seen in the organization. -keywords: apis, graph api, supported apis, domain, domain seen -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 04/24/2018 ---- - -# Is domain seen in org (deprecated) -Answers whether a domain was seen in the organization. - -[!include[Deprecatedinformation](deprecate.md)] - - - - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/domains/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and domain exists - 200 OK. -If domain does not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/domains/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Domains/$entity", - "host": "example.com" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 0b86cc08b7..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Is IP seen in org API -description: Answers whether an IP was seen in the organization. -keywords: apis, graph api, supported apis, is, ip, seen, org, organization -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Is IP seen in org (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Answers whether an IP was seen in the organization. - -## Permissions -User needs read permissions. - -## HTTP request -``` -GET /testwdatppreview/ips/{id}/ -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content type | application/json - - -## Request body -Empty - -## Response -If successful and IP exists - 200 OK. -If IP do not exist - 404 Not Found. - - -## Example - -**Request** - -Here is an example of the request. - -``` -GET https://graph.microsoft.com/testwdatppreview/ips/{id} -Content-type: application/json -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 200 OK -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#Ips/$entity", - "id": "192.168.1.1" -} -``` diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md deleted file mode 100644 index fbff79456d..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Isolate machine API -description: Use this API to create calls related isolating a machine. -keywords: apis, graph api, supported apis, isolate machine -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Isolate machine API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Isolates a machine from accessing external network. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/isolate -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -IsolationType | IsolationType | Full or selective isolation - -**IsolationType** controls the type of isolation to perform and can be one of the following: -- Full – Full isolation -- Selective – Restrict only limited set of applications from accessing the network - - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/isolate -Content-type: application/json -{ - "Comment": "Isolate machine due to alert 1234", - “IsolationType”: “Full” -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "b89eb834-4578-496c-8be0-03f004061435", - "type": "Isolate", - "requestor": "Analyst@contoso.com ", - "requestorComment": "Isolate machine due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:12:18.9725659Z", - "lastUpdateTimeUtc": "2017-12-04T12:12:18.9725659Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md index 953abcfa6f..8a0deb4397 100644 --- a/windows/security/threat-protection/windows-defender-atp/management-apis.md +++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md @@ -61,7 +61,7 @@ Managed security service provider | Get a quick overview on managed security ser ## Related topics - [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) - [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md) -- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md) +- [Use the Windows Defender ATP exposed APIs](use-apis.md) - [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md) - [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md) - [Role-based access control](rbac-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md b/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md new file mode 100644 index 0000000000..3e66a55ad7 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts.md @@ -0,0 +1,47 @@ +--- +title: Microsoft Threat Experts +description: Microsoft Threat Experts is the new managed threat hunting service in Windows Defender Advanced Threat Protection (Windows Defender ATP) that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. +keywords: managed threat hunting service, managed threat hunting, MTE, Microsoft Threat Experts +search.product: Windows 10 +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMV +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +ms.date: 02/28/2019 +--- + +# Microsoft Threat Experts +**Applies to:** +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) + +[!include[Prerelease�information](prerelease.md)] + +Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don’t get missed. + +This new capability provides expert-driven insights and data through targeted attack notification and access to experts on demand. + +## Targeted attack notification +Microsoft Threat Experts provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyberespionage. The managed hunting service includes: +- Threat monitoring and analysis, reducing dwell time and risk to the business +- Hunter-trained artificial intelligence to discover and prioritize both known and unknown attacks +- Identifying the most important risks, helping SOCs maximize time and energy +- Scope of compromise and as much context as can be quickly delivered to enable fast SOC response. + +## Collaborate with experts, on demand +Customers can engage our security experts directly from within Windows Defender Security Center for timely and accurate response. Experts provide insights needed to better understand the complex threats affecting your organization, from alert inquiries, potentially compromised machines, root cause of a suspicious network connection, to additional threat intelligence regarding ongoing advanced persistent threat campaigns. With this capability, you can: +- Get additional clarification on alerts including root cause or scope of the incident +- Gain clarity into suspicious machine behavior and next steps if faced with an advanced attacker +- Determine risk and protection regarding threat actors, campaigns, or emerging attacker techniques +- Seamlessly transition to Microsoft Incident Response (IR) or other third-party Incident Response services when necessary + + +## Related topic +- [Configure Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md index f69f7f9a83..c23a4512ad 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 07/01/2018 +ms.date: 02/21/2019 --- # Overview of attack surface reduction @@ -27,7 +27,7 @@ Attack surface reduction capabilities in Windows Defender ATP helps protect the | Capability | Description | |------------|-------------| -| [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious wbsites. | +| [Hardware-based isolation](../windows-defender-application-guard/wd-app-guard-overview.md) | Protects and maintains the integrity of the system as it starts and while it's running, and validates system integrity through local and remote attestation. In addition, container isolation for Microsoft Edge helps protect host operating system from malicious websites. | | [Application control](../windows-defender-application-control/windows-defender-application-control.md) | Moves away from the traditional application trust model where all applications are assumed trustworthy by default to one where applications must earn trust in order to run. | | [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) | Applies exploit mitigation techniques to apps your organization uses, both individually and to all apps. Works with third-party antivirus solutions and Windows Defender Antivirus (Windows Defender AV) | | [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) | Extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV. | diff --git a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md index f98065e413..6bf35eb789 100644 --- a/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md +++ b/windows/security/threat-protection/windows-defender-atp/overview-hardware-based-isolation.md @@ -25,8 +25,5 @@ Hardware-based isolation helps protect system integrity in Windows 10 and is int | Feature | Description | |------------|-------------| | [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md) | Application Guard protects your device from advanced attacks while keeping you productive. Using a unique hardware-based isolation approach, the goal is to isolate untrusted websites and PDF documents inside a lightweight container that is separated from the operating system via the native Windows Hypervisor. If an untrusted site or PDF document turns out to be malicious, it still remains contained within Application Guard’s secure container, keeping the desktop PC protected and the attacker away from your enterprise data. | -| [Windows Defender System Guard](how-hardware-based-containers-help-protect-windows.md) | System Guard protects and maintains the integrity of the system as it starts and after it's running, and validates system integrity by using attestation. | - - - +| [Windows Defender System Guard](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) | System Guard protects and maintains the integrity of the system as it starts and after it's running, and validates system integrity by using attestation. | diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index c60119b6e2..b20c0b27fa 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -26,11 +26,15 @@ ms.topic: conceptual The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities. ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-abovefoldlink) -Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. +Learn about new features in the Windows Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience. +For more information on capabilities that are generally available or in preview, see [What's new in Windows Defender](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp). +) + +## Turn on preview features You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available. Turn on the preview experience setting to be among the first to try upcoming features. @@ -39,22 +43,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea 2. Toggle the setting between **On** and **Off** and select **Save preferences**. -## Preview features -The following features are included in the preview release: - -- [Information protection](information-protection-in-windows-overview.md)
    -Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. This solution is delivered and managed as part of the unified Microsoft 365 information protection suite. - -- [Integration with Microsoft Cloud App Security](microsoft-cloud-app-security-integration.md)
    -Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. - - -- [Onboard Windows Server 2019](configure-server-endpoints-windows-defender-advanced-threat-protection.md#windows-server-version-1803-and-windows-server-2019)
    -Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. - -- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
    -Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. - >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 4d7432ff2f..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Request sample API -description: Use this API to create calls related to requesting a sample from a machine. -keywords: apis, graph api, supported apis, request sample -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Request sample API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/requestSample -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -Sha1 | String | Sha1 of the file to upload to the secure storage. **Required**. - -## Response -If successful, this method returns 201, Created response code and *FileMachineAction* object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/requestSample -Content-type: application/json -{ - "Comment": "Request Sample on machine due to alert 32123", - "Sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68" -} - -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "c083f601-012f-4955-b4cc-fab50fb69d79", - "sha1": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "type": "RequestSample", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "status": "InProgress", - "fileId": "8d25682b3a82af25b42dc90291c35ff3293daa68", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:39:24.9399004Z", - "fileInstances": [ - { - "filePath": "C:\\Windows\\System32\\conhost.exe", - "status": "InProgress" - } - ] -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 3f75d91bd0..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Restrict app execution API -description: Use this API to create calls related to restricting an application from executing. -keywords: apis, graph api, supported apis, collect investigation package -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Restrict app execution API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Restrict execution of set of predefined applications. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/restrictCodeExecution -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/restrictCodeExecution -Content-type: application/json -{ - "Comment": "Restrict code execution due to alert 1234" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "78d408d1-384c-4c19-8b57-ba39e378011a", - "type": "RestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Restrict code execution due to alert 1234", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:04.3825985Z", - "lastUpdateTimeUtc": "2017-12-04T12:15:04.3825985Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 8ed75cb329..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: Run antivirus scan API -description: Use this API to create calls related to running an antivirus scan on a machine. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Run antivirus scan API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Initiate Windows Defender Antivirus scan on the machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/runAntiVirusScan -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -ScanType| ScanType | Defines the type of the Scan. **Required**. - -**ScanType** controls the type of scan to perform and can be one of the following: - -- **Quick** – Perform quick scan on the machine -- **Full** – Perform full scan on the machine - - - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/runAntiVirusScan -Content-type: application/json -{ - "Comment": "Check machine for viruses due to alert 3212", - “ScanType”: “Full” -} -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "2e9da30d-27f6-4208-81f2-9cd3d67893ba", - "type": "RunAntiVirusScan", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Check machine for viruses due to alert 3212", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:18:27.1293487Z", - "lastUpdateTimeUtc": "2017-12-04T12:18:27.1293487Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index f3b54eaefe..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Stop and quarantine file API -description: Use this API to create calls related to stopping and quarantining a file. -keywords: apis, graph api, supported apis, stop, quarantine, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Stop and quarantine file API (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecated information](deprecate.md)] - -Stop execution of a file on a machine and ensure it’s not executed again on that machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/stopAndQuarantineFile -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. -Sha1 | String | Sha1 of the file to stop and quarantine on the machine. **Required**. - -## Response -If successful, this method returns 201, Created response code and _FileMachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/stopAndQuarantineFile -Content-type: application/json -{ - "Comment": "Stop and quarantine file on machine due to alert 32123", - "Sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#FileMachineActions/$entity", - "id": "6f1d364c-680c-499a-b30c-dd9265ad4c9d", - "sha1": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "type": "StopAndQuarantineFile", - "requestor": "Analyst@contoso.com ", - "requestorComment": " Stop and quarantine file on machine due to alert 32123", - "status": "InProgress", - "fileId": "87662bc3d60e4200ceaf7aae249d1c343f4b83c9", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T13:13:26.2106524Z", - "lastUpdateDateTimeUtc": "2017-12-04T13:13:58.8098277Z", - "fileInstances": [ - { - "filePath": "C:\\Users\\ testUser \\Downloads\\elma.exe", - "status": "InProgress" - }, - { - "filePath": "C:\\Users\\testUser\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\elma (2).exe.xc9q785.partial", - "status": "InProgress" - }, - ] - } - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md deleted file mode 100644 index a01fb9ed2b..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Supported Windows Defender Advanced Threat Protection query APIs -description: Learn about the specific supported Windows Defender Advanced Threat Protection entities where you can create API calls to. -keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: conceptual -ms.date: 09/03/2018 ---- - -# Supported Windows Defender ATP query APIs (deprecated) - -**Applies to:** -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - - -Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. - -## In this section -Topic | Description -:---|:--- -Actor | Run API calls such as get actor information and get actor related alerts. -Alerts | Run API calls such as get alerts, alert information by ID, alert related actor information, alert related IP information, and alert related machine information. -Domain |Run API calls such as get domain related machines, domain related machines, statistics, and check if a domain is seen in your organization. -File | Run API calls such as get file information, file related alerts, file related machines, and file statistics. -IP | Run API calls such as get IP related alerts, IP related machines, IP statistics, and check if and IP is seen in your organization. -Machines | Run API calls such as find machine information by IP, get machines, get machines by ID, information about logged on users, and alerts related to a given machine ID. -User | Run API calls such as get alert related user information, user information, user related alerts, and user related machines. -KbInfo | Run API call that gets list of Windows KB's information -CveKbMap | Run API call that gets mapping of CVE's to corresponding KB's -MachineSecurityStates | Run API call that gets list of machines with their security properties and versions -MachineGroups | Run API call that gets list of machine group definitions \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..04e187f344 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection.md @@ -0,0 +1,78 @@ +--- +title: Threat protection report in Windows Defender ATP +description: Track alert detections, categories, and severity using the threat protection report +keywords: alert detection, source, alert by category, alert severity, alert classification, determination +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Threat protection report in Windows Defender ATP + +**Applies to:** +- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) + +[!include[Prerelease information](prerelease.md)] + +The threat protection report provides high-level information about alerts generated in your organization. The report includes trending information showing the detection sources, categories, severities, statuses, classifications, and determinations of alerts across time. + +The dashboard is structured into two columns: + +![Image of the threat protection report](images/atp-threat-protection-reports.png) + +Section | Description +:---|:--- +1 | Alerts trends +2 | Alert summary + + +By default, the alert trends display alert information from the 30-day period ending in the latest full day. To gain better perspective on trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, select a time range from the drop-down options: + +- 30 days +- 3 months +- 6 months +- Custom + +While the alerts trends shows trending information alerts, the alert summary shows alert information scoped to 6 months. + + The alert summary allows you to drill down to a particular alert queue with the corresponding filter applied to it. For example, clicking on the EDR bar in the Detection sources card will bring you the alerts queue with results showing only alerts generated from EDR detections. + + + +## Alert attributes +The report is made up of cards that display the following alert attributes: + +- **Detection sources**: shows information about the sensors and detection technologies that provide the data used by Windows Defender ATP to trigger alerts. + +- **Threat categories**: shows the types of threat or attack activity that triggered alerts, indicating possible focus areas for your security operations. + +- **Severity**: shows the severity level of alerts, indicating the collective potential impact of threats to your organization and the level of response needed to address them. + +- **Status**: shows the resolution status of alerts, indicating the efficiency of your manual alert responses and of automated remediation (if enabled). + +- **Classification & determination**: shows how you have classified alerts upon resolution, whether you have classified them as actual threats (true alerts) or as incorrect detections (false alerts). These cards also show the determination of resolved alerts, providing additional insight like the types of actual threats found or the legitimate activities that were incorrectly detected. + + + + +## Filter data + +Use the provided filters to include or exclude alerts with certain attributes. + +>[!NOTE] +>These filters apply to **all** the cards in the report. + +For example, to show data about high-severity alerts only: + +1. Under **Filters > Severity**, select **High** +2. Ensure that all other options under **Severity** are deselected. +3. Select **Apply**. \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 1736e61abf..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Unblock file API -description: Use this API to create calls related to allowing a file to be executed in the organization -keywords: apis, graph api, supported apis, unblock file -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Unblock file API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Allow a file to be executed in the organization, using Windows Defender Antivirus. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/files/{sha1}/unblock -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - - -## Response -If successful, this method returns 200, Ok response code with empty body, which indicates that block message was sent to Windows Defender deployed in the organization. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/files/7327b54fd718525cbca07dacde913b5ac3c85673/unblock -Content-type: application/json -{ - "Comment": "Unblock file since alert 1234 was investigated and discovered to be false alarm", -} -``` - -**Response** - -Here is an example of the response. - - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "fileIdentifier": "7327b54fd718525cbca07dacde913b5ac3c85673", - "fileIdentifierType": "Sha1", - "actionType": "UnBlock", - "fileStatus": "Blocked", - "creationDateTimeUtc": "2017-12-04T13:06:23.4502191Z", - "requestor": "Analyst@contoso.com ", - "requestorComment": "test", - "cancellationDateTimeUtc": null, - "cancellationRequestor": null, - "cancellationComment": null, - "lastUpdateDateTimeUtc": "2017-12-04T13:06:23.4502191Z" -} - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 75c9b7f246..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Release machine from isolation API -description: Use this API to create calls related to release a machine from isolation. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Release machine from isolation API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Undo isolation of a machine. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/unisolate -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. **Required**. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unisolate -Content-type: application/json -{ - "Comment": "Unisolate machine since it was clean and validated" -} - -``` -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "09a0f91e-a2eb-409d-af33-5577fe9bd558", - "type": "Unisolate", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Unisolate machine since it was clean and validated ", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:13:15.0104931Z", - "lastUpdateTimeUtc": "2017-12-04T12:13:15.0104931Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md deleted file mode 100644 index 413288c9bf..0000000000 --- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Remove app restriction API -description: Use this API to create calls related to removing a restriction from applications from executing. -keywords: apis, graph api, supported apis, remove machine from isolation -search.product: eADQiWindows 10XVcnh -search.appverid: met150 -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: medium -manager: dansimp -audience: ITPro -ms.collection: M365-security-compliance -ms.topic: article -ms.date: 12/08/2017 ---- - -# Remove app restriction API (deprecated) - -**Applies to:** - -- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf) - -[!include[Deprecatedinformation](deprecate.md)] - -Unrestrict execution of set of predefined applications. - -## Permissions -Users need to have Security administrator or Global admin directory roles. - -## HTTP request -``` -POST /testwdatppreview/machines/{id}/unrestrictCodeExecution -``` - -## Request headers - -Header | Value -:---|:--- -Authorization | Bearer {token}. Required. -Content-Type | application/json - -## Request body -In the request body, supply a JSON object with the following parameters: - -Parameter | Type | Description -:---|:---|:--- -Comment | String | Comment to associate with the action. **Required**. - -## Response -If successful, this method returns 201, Created response code and _MachineAction_ object in the response body. - - -## Example - -**Request** - -Here is an example of the request. - -``` -POST https://graph.microsoft.com/testwdatppreview/machines/fb9ab6be3965095a09c057be7c90f0a2/unrestrictCodeExecution -Content-type: application/json -{ - "Comment": "Unrestrict code execution since machine was cleaned and validated" -} - -``` - -**Response** - -Here is an example of the response. - ->[!NOTE] ->The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call. - -``` -HTTP/1.1 201 Created -Content-type: application/json -{ - "@odata.context": "https://graph.microsoft.com/testwdatppreview/$metadata#MachineActions/$entity", - "id": "44cffc15-0e3d-4cbf-96aa-bf76f9b27f5e", - "type": "UnrestrictCodeExecution", - "requestor": "Analyst@ contoso.com ", - "requestorComment": "Unrestrict code execution since machine was cleaned and validated ", - "status": "InProgress", - "error": "None", - "machineId": "f46b9bb259ed4a7fb9981b73510e3cc7aa81ec1f", - "creationDateTimeUtc": "2017-12-04T12:15:40.6052029Z", - "lastUpdateTimeUtc": "2017-12-04T12:15:40.6052029Z" -} - - -``` diff --git a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md index 17510d55c1..9a6873627f 100644 --- a/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md +++ b/windows/security/threat-protection/windows-defender-atp/whats-new-in-windows-defender-atp.md @@ -5,88 +5,126 @@ keywords: what's new in windows defender atp search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 -ms.mktglfcycl: deploy +ms.mktglfcycl: secure ms.sitesec: library ms.pagetype: security -ms.author: dansimp -author: dansimp +ms.author: macapara +author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: article +ms.topic: conceptual --- # What's new in Windows Defender ATP **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Here are the new features in the latest release of Windows Defender ATP. +Here are the new features in the latest release of Windows Defender ATP as well as security features in Windows 10 and Windows Server. -## Windows Defender ATP 1809 -- [Incidents](incidents-queue.md)
    -Windows Defender ATP applies correlation analytics and aggregates all related alerts and investigations into an incident. Doing so helps narrate a broader story of an attack, thus providing you with the right visuals (upgraded incident graph) and data representations to understand and deal with complex cross-entity threats to your organization's network. +## February 2019 +The following capabilities are generally available (GA). +- [Incidents](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/incidents-queue)
    Incident is a new entity in Windows Defender ATP that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats. -- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)
    Support for iOS and Android devices are now supported. +- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
    Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. -- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
    -Controlled folder access is now supported on Windows Server 2019. - -- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
    -All Attack surface reduction rules are now supported on Windows Server 2019. -For Windows 10, version 1809 there are two new attack surface reduction rules: - - Block Adobe Reader from creating child processes - - Block Office communication application from creating child processes. - -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) - - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). - - Windows Defender Antivirus can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. - - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. - +### In preview +The following capability are included in the February 2019 preview release. + +- [Reports](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-protection-reports-windows-defender-advanced-threat-protection)
    The threat protection report provides high-level information about alerts generated in your organization. + +- [Microsoft Threat Experts](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts)
    Microsoft Threat Experts is the new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides additional layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365. -- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
    +## October 2018 +The following capabilities are generally available (GA). + +- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
    All Attack surface reduction rules are now supported on Windows Server 2019. + +- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
    Controlled folder access is now supported on Windows Server 2019. + +- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)
    With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. + +- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
    Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers. + +- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
    Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. + +- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
    Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs. + +- [Support for iOS and Android devices](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection#turn-on-third-party-integration)
    iOS and Android devices are now supported and can be onboarded to the service. + +- [Threat analytics](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/threat-analytics)
    Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats. -- [Custom detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-custom-detections)
    -With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. - -- [Managed security service provider (MSSP) support](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection)
    -Windows Defender ATP adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Windows Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools. +- New in Windows 10 version 1809, there are two new attack surface reduction rules: + - Block Adobe Reader from creating child processes + - Block Office communication application from creating child processes. + +- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) + - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/). + - Windows Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/) (preview), increasing its security. + - [Configure CPU priority settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus) for Windows Defender Antivirus scans. -- [Integration with Azure Security Center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#integration-with-azure-security-center)
    -Windows Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Windows Defender ATP to provide improved threat detection for Windows Servers. -- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
    -Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. +### In preview +The following capabilities are included in the October 2018 preview release. -- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
    -Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. +For more information on how to turn on preview features, see [Preview features](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection). -- [Onboard previous versions of Windows](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection)
    -Onboard supported versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor. +- [Information protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/information-protection-in-windows-overview)
    +Information protection is an integral part of Microsoft 365 Enterprise suite, providing intelligent protection to keep sensitive data secure while enabling productivity in the workplace. +Windows Defender ATP is seamlessly integrated in Microsoft Threat Protection to provide a complete and comprehensive data loss prevention (DLP) solution for Windows devices. + + >[!NOTE] + >Partially available from Windows 10, version 1809. -- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)
    -Windows Defender ATP provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs. +- [Integration with Microsoft Cloud App Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-cloud-app-security-integration)
    Microsoft Cloud App Security leverages Windows Defender ATP endpoint signals to allow direct visibility into cloud application usage including the use of unsupported cloud services (shadow IT) from all Windows Defender ATP monitored machines. -## Windows Defender ATP 1803 -- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard) -New attack surface reduction rules: + >[!NOTE] + >Available from Windows 10, version 1809 or later. + +- [Onboard Windows Server 2019](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection#windows-server-version-1803-and-windows-server-2019)
    Windows Defender ATP now adds support for Windows Server 2019. You'll be able to onboard Windows Server 2019 in the same method available for Windows 10 client machines. + +- [Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
    +Windows Defender ATP makes it easy to create a Power BI dashboard by providing an option straight from the portal. + + +## March 2018 +- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
    +Query data using Advanced hunting in Windows Defender ATP. + +- [Attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
    + New attack surface reduction rules: - Use advanced protection against ransomware - Block credential stealing from the Windows local security authority subsystem (lsass.exe) - Block process creations originating from PSExec and WMI commands - Block untrusted and unsigned processes that run from USB - Block executable content from email client and webmail +- [Automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
    Use Automated investigations to investigate and remediate threats. -- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
    + >[!NOTE] + >Available from Windows 10, version 1803 or later. + +- [Conditional access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
    Enable conditional access to better protect users, devices, and data. + +- [Windows Defender ATP Community center](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection)
    + The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. + +- [Controlled folder access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard)
    You can now block untrusted processes from writing to disk sectors using Controlled Folder Access. -- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
    -Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus). -- [Advanced Hunting](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection)
    Query data using Advanced hunting in Windows Defender ATP +- [Onboard non-Windows machines](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection)
    + Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Windows Defender Security Center and better protect your organization's network. -- [Automated investigation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)
    Use Automated investigations to investigate and remediate threats +- [Role-based access control (RBAC)](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection)
    + Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal. + + +- [Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10)
    +Windows Defender Antivirus now shares detection status between M365 services and interoperates with Windows Defender ATP. For more information, see [Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). + + Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus). -- [Conditional access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection)
    Enable conditional access to better protect users, devices, and data diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index f47bbf1c7e..43bb2202f5 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender Advanced Threat Protection description: Windows Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats. -keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, secure score, advanced hunting, microsoft threat protection +keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,7 +15,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 11/07/2018 --- # Windows Defender Advanced Threat Protection @@ -55,7 +54,7 @@ Windows Defender ATP uses the following combination of technology built into Win

    Endpoint detection and response

    Automated investigation and remediation

    Secure score

    Advanced hunting

    Microsoft Threat Experts
    @@ -87,22 +86,22 @@ To further reinforce the security perimeter of your network, Windows Defender AT **[Endpoint detection and response](overview-endpoint-detection-response.md)**
    Endpoint detection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars. +You can also do advanced hunting to create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. **[Automated investigation and remediation](automated-investigations-windows-defender-advanced-threat-protection.md)**
    In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale. - **[Secure score](overview-secure-score-windows-defender-advanced-threat-protection.md)**
    Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization. - + -**[Advanced hunting](overview-hunting-windows-defender-advanced-threat-protection.md)**
    -Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization. +**[Microsoft Threat Experts](microsoft-threat-experts.md)**
    +Windows Defender ATP's new managed threat hunting service provides proactive hunting, prioritization, and additional context and insights that further empower Security operation centers (SOCs) to identify and respond to threats quickly and accurately. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md index 325b6119b3..7328140fee 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -5,7 +5,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: justinha -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 11/15/2018 --- diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 640fe4cc29..c803573a3f 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -5,7 +5,11 @@ keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/20/2017 --- diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 7531187507..15efbf1a94 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -1,6 +1,6 @@ --- -title: How a hardware-based root of trust helps protect Windows 10 (Windows 10) -description: Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits. +title: Windows Defender System Guard How a hardware-based root of trust helps protect Windows 10 (Windows 10) +description: Windows Defender System Guard in Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb search.appverid: met150 ms.prod: w10 @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha -ms.date: 02/14/2019 +ms.date: 03/01/2019 --- @@ -37,13 +37,13 @@ As there are thousands of PC vendors that produce numerous models with different Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a blacklist), or a list of known 'good' SRTM measurements (also known as a whitelist). Each option has a drawback: -- A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. +- A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust. - A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow. In addition, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy. ### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM) -Windows Defender System Guard Secure Launch, first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM). +[Windows Defender System Guard Secure Launch](system-guard-secure-launch-and-smm-protection.md), first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM). DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state. @@ -56,7 +56,7 @@ Secure Launch simplifies management of SRTM measurements because the launch code System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS. -SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if DRTM is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor. +SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor. To defend against this, two techniques are used: 1. Paging protection to prevent inappropriate access to code and data @@ -74,7 +74,7 @@ In the future, Windows 10 will also measure this SMI Handler’s behavior and at While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity. -As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. +As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch will not support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. ![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png) diff --git a/windows/security/threat-protection/windows-defender-system-guard/images/system-guard-secure-launch.png b/windows/security/threat-protection/windows-defender-system-guard/images/system-guard-secure-launch.png index 8707d0fba4..b8167afbdc 100644 Binary files a/windows/security/threat-protection/windows-defender-system-guard/images/system-guard-secure-launch.png and b/windows/security/threat-protection/windows-defender-system-guard/images/system-guard-secure-launch.png differ diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md new file mode 100644 index 0000000000..9f39c8f835 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md @@ -0,0 +1,83 @@ +--- +title: Windows Defender System Guard How a hardware-based root of trust helps protect Windows 10 (Windows 10) +description: Windows Defender System Guard in Windows 10 uses a hardware-based root of trust to securely protect systems against firmware exploits. +ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: justinha +ms.date: 03/01/2019 +--- + + +# Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10 + +In order to protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy. + +Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees: + +- Protect and maintain the integrity of the system as it starts up +- Validate that system integrity has truly been maintained through local and remote attestation + +## Maintaining the integrity of the system as it starts + +### Static Root of Trust for Measurement (SRTM) + +With Windows 7, one of the means attackers would use to persist and evade detection was to install what is often referred to as a bootkit or rootkit on the system. +This malicious software would start before Windows started, or during the boot process itself, enabling it to start with the highest level of privilege. + +With Windows 10 running on modern hardware (that is, Windows 8-certified or greater) a hardware-based root of trust helps ensure that no unauthorized firmware or software (such as a bootkit) can start before the Windows bootloader. +This hardware-based root of trust comes from the device’s Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI). +This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM). + +As there are thousands of PC vendors that produce numerous models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. +Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a blacklist), or a list of known 'good' SRTM measurements (also known as a whitelist). +Each option has a drawback: + +- A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust. +- A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow. +In addition, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy. + +### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM) + +Windows Defender System Guard Secure Launch, first introduced in Windows 10 version 1809, aims to alleviate these issues by leveraging a technology known as the Dynamic Root of Trust for Measurement (DRTM). +DRTM lets the system freely boot into untrusted code initially, but shortly after launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. +This has the benefit of allowing untrusted early UEFI code to boot the system, but then being able to securely transition into a trusted and measured state. + + +![System Guard Secure Launch](images/system-guard-secure-launch.png) + +Secure Launch simplifies management of SRTM measurements because the launch code is now unrelated to a specific hardware configuration. This means the number of valid code measurements is small, and future updates can be deployed more widely and quickly. + +### System Management Mode (SMM) protection + +System Management Mode (SMM) is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. +Whenever one of these system operations is requested, a non-maskable interrupt (SMI) is invoked at runtime, which executes SMM code installed by the BIOS. +SMM code executes in the highest privilege level and is invisible to the OS, which makes it an attractive target for malicious activity. Even if System Guard Secure Launch is used to late launch, SMM code can potentially access hypervisor memory and change the hypervisor. +To defend against this, two techniques are used: + +1. Paging protection to prevent inappropriate access to code and data +2. SMM hardware supervision and attestation + +Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. +This prevents access to any memory that has not been specifically assigned. + +A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it does not access any part of the address space that it is not supposed to. + +SMM protection is built on top of the Secure Launch technology and requires it to function. +In the future, Windows 10 will also measure this SMI Handler’s behavior and attest that no OS-owned memory has been tampered with. + +## Validating platform integrity after Windows is running (run time) + +While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity. + +As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch will not support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. + + +![Boot time integrity](images/windows-defender-system-guard-boot-time-integrity.png) + +After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or System Center Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources. + diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 6b0f8c4ebd..73a279e7a5 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -8,12 +8,12 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: justinha -ms.date: 02/14/2019 +ms.date: 03/01/2019 --- # System Guard Secure Launch and SMM protection -This topic explains how to configure System Guard Secure Launch and System Management Mode (SMM) protection to improve the startup security of Windows 10 devices. +This topic explains how to configure [System Guard Secure Launch and System Management Mode (SMM) protection](system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) to improve the startup security of Windows 10 devices. The information below is presented from a client perspective. ## How to enable System Guard Secure Launch @@ -21,7 +21,7 @@ You can enable System Guard Secure Launch by using any of these options: - [Mobile Device Management (MDM)](#mobile-device-management) - [Group Policy](#group-policy) -- [Windows Security app](#windows-security-app) +- [Windows Security Center](#windows-security-center) - [Registry](#registry) ### Mobile Device Management @@ -35,11 +35,11 @@ System Guard Secure Launch can be configured for Mobile Device Management (MDM) ![Secure Launch Group Policy](images/secure-launch-group-policy.png) -### Windows Security app +### Windows Security Center Click **Start** > **Settings** > **Update & Security** > **Windows Security** > **Open Windows Security** > **Device security** > **Core isolation** > **Firmware protection**. -![Secure Launch Security App](images/secure-launch-security-app.png) +![Windows Security Center](images/secure-launch-security-app.png) ### Registry @@ -55,12 +55,31 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** > To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**. -![Secure Launch Security App](images/secure-launch-msinfo.png) - - - - +![Windows Security Center](images/secure-launch-msinfo.png) +>[!NOTE] +>To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). +## Requirements Met by System Guard Enabled Machines +Any machine with System Guard enabled will automatically meet the following low-level hardware requirements: +|For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| +|--------|-----------| +|64-bit CPU|A 64-bit computer with minimum 4 cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](https://docs.microsoft.com/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](https://docs.microsoft.com/virtualization/hyper-v-on-windows/reference/tlfs).| +|Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs are not supported.| +|Windows DMA Protection|Platforms must meet the Windows DMA Protection Specification (all external DMA ports must be off by default until the OS explicitly powers them).| +|SMM communication buffers| All SMM communication buffers must be implemented in EfiRuntimeServicesData ,EfiRuntimeServicesCode , EfiACPIMemoryNVS, or EfiReservedMemoryType memory types. | +|SMM Page Tables| Must NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory).
    Must NOT contain any mappings to code sections within EfiRuntimeServicesCode.
    Must NOT have execute and write permissions for the same page
    Must allow ONLY that TSEG pages can be marked executable and the memory map must report TSEG EfiReservedMemoryType.
    BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry. | +|Modern/Connected Standby|Platforms must support Modern/Connected Standby.| +|TPM AUX Index|Platform must set up a AUX index with index, attributes, and policy that exactly corresponds to the AUX index specified in the TXT DG with a data size of exactly 104 bytes (for SHA256 AUX data). (NameAlg = SHA256)
    Platforms must set up a PS (Platform Supplier) index with:
    • Exactly the "TXT PS2" style Attributes on creation as follows:
      • AuthWrite
      • PolicyDelete
      • WriteLocked
      • WriteDefine
      • AuthRead
      • WriteDefine
      • NoDa
      • Written
      • PlatformCreate
    • A policy of exactly PolicyCommandCode(CC = TPM2_CC_UndefineSpaceSpecial) (SHA256 NameAlg and Policy)
    • Size of exactly 70 bytes
    • NameAlg = SHA256
    • In addition, it must have been initialized and locked (TPMA_NV_WRITTEN = 1, TPMA_NV_WRITELOCKED = 1) at time of OS launch.
    PS index data DataRevocationCounters, SINITMinVersion, and PolicyControl must all be 0x00 | +|AUX Policy|The required AUX policy must be as follows:
    • A = TPM2_PolicyLocality (Locality 3 & Locality 4)
    • B = TPM2_PolicyCommandCode (TPM_CC_NV_UndefineSpecial)
    • authPolicy = {A} OR {{A} AND {B}}
    • authPolicy digest = 0xef, 0x9a, 0x26, 0xfc, 0x22, 0xd1, 0xae, 0x8c, 0xec, 0xff, 0x59, 0xe9, 0x48, 0x1a, 0xc1, 0xec, 0x53, 0x3d, 0xbe, 0x22, 0x8b, 0xec, 0x6d, 0x17, 0x93, 0x0f, 0x4c, 0xb2, 0xcc, 0x5b, 0x97, 0x24
    | +|Platform firmware|Platform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch:
    • Intel® SINIT ACM must be carried in the OEM BIOS
    • Platforms must ship with a production ACM signed by the correct production Intel® ACM signer for the platform
    | +|Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | +|For Qualcomm® processors with SD850 or later chipsets|Description| +|--------|-----------| +|Monitor Mode Communication|All Monitor Mode communication buffers must be implemented in either EfiRuntimeServicesData (recommended), data sections of EfiRuntimeServicesCode as described by the Memory Attributes Table, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types| +|Monitor Mode Page Tables|All Monitor Mode page tables must:
    • NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory)
    • They must NOT have execute and write permissions for the same page
    • Platforms must only allow Monitor Mode pages marked as executable
    • The memory map must report Monitor Mode as EfiReservedMemoryType
    • Platforms must provide mechanism to protect the Monitor Mode page tables from modification
    | +|Modern/Connected Standby|Platforms must support Modern/Connected Standby.| +|Platform firmware|Platform firmware must carry all code required to perform a launch.| +|Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md index 98a41989a0..e0eb8aa2f0 100644 --- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md index 01300466cb..48b1825121 100644 --- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md +++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md index 80be70956a..bfcf709295 100644 --- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md index ca09cb0b1b..9847ec13b0 100644 --- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 52a0ff1746..6a7263f0ca 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md index c6efd1da85..5959bbfda1 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md index 4b8a3f82d9..db6b6132c2 100644 --- a/windows/security/threat-protection/windows-firewall/boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index a3077b6d8b..011ebb5486 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index 5703ac0670..4e737e809f 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md index 62420de298..f2e2887ade 100644 --- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md +++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md index 0494cf7b90..547555a30a 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md index cc95a9fe0e..b9fa4a2a08 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md index 36a838b94a..e0d1dfffb0 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md index c0097b7a82..d34f75d4fe 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md index 59459f5637..e940d4f34e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md index 12aff1bf77..002a46e88e 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md index b42bfc69b3..c7f2c55c5c 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md index 7b6bd39b54..7542c518e3 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md index 559291765a..3d514a68af 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md index 9a7e901ac8..a22fc67423 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md +++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md index d58d940b08..f160d1828b 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md index e482d00b69..018d2e9b31 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md index 18e9197b4e..ff503c5cbb 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md index dcf7575556..995d06b05f 100644 --- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md index b23f0c7d01..61cd9ed219 100644 --- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md +++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md index 05db2ff779..04385257bc 100644 --- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md index 63802f55e1..a7a53b7459 100644 --- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md +++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md index 4ec20e462c..c9d55885a2 100644 --- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md +++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md index b9cb9944ae..4db16a7911 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md index ba32647e26..c4b832463c 100644 --- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md +++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md index b0f250ecfb..2da66c7b37 100644 --- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md +++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md index 1895dc3017..07f9ccdc3f 100644 --- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md +++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: securit ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md index af70080d9b..d0edca9291 100644 --- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md +++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md index 9aefd85144..cae0e8377d 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md index dd292b0bea..71d09a7ac9 100644 --- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md +++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md index f9d1765c2f..6811e14cb9 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md index efde773a84..e5a012b51d 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md index a4ecccf7e2..03f453bff7 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md index d20966c5d7..14a83fb6d4 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md index 36d61e5346..8eabd8aac7 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md index 4f3a998eee..d364255db1 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md index f0d4c6761c..67f89c2496 100644 --- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md +++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md index aec0ec391f..235a0c8da8 100644 --- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md +++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md index 7744378add..47e73387a1 100644 --- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md +++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 05/25/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index 48712e94eb..a667cc8b9e 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index 5023cacc9c..5358628f72 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index ee0a546b86..e2c215097f 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index cb91e6f3ab..4948d77abd 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md index db21ce0ac9..4b4d4f339d 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md index 825edaca3a..7dddf66e82 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md index df3c7329ae..7f97202ce9 100644 --- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md +++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md index 6ed1c4c636..3a3de91310 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index 35aa4212f1..d4f2cd21b8 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md index 720c7272ac..85800c7ac0 100644 --- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md +++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md index 4cf8c409e1..f2e032d611 100644 --- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md +++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index 21a3e2c957..54e493f96b 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md index ad1d17f139..128c004e23 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md +++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index 07ca7e7c61..18505427fb 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 4c2a252889..1bccaae7f0 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index c3a22d6df6..5ba2d31a7e 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index 8c1b016757..68dd3b06a3 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index 2ecc649ffb..8e2fc69d81 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md index b2c85e5dd0..c5219ae6b0 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md +++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index 38018ab8e2..6d8dc47e86 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index 99ff5ffcf6..c777247232 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -2,7 +2,11 @@ title: GPO\_DOMISO\_Encryption\_WS2008 (Windows 10) description: GPO\_DOMISO\_Encryption\_WS2008 ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446 -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index bed2d46cda..1ea46fff03 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index 1f645f91c2..9332c21b2f 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index f13c70d1c7..10a3fb7190 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md index 30a391a025..a19331420d 100644 --- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md +++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md index e40d8d7a2e..2e40134147 100644 --- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md +++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md index d32fbbad7b..6a095cdd8b 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 32a9043172..fe4dcddb97 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md index ca4b001e6a..dbeb159610 100644 --- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md +++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md @@ -6,7 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/13/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md index 746570ffbd..2dde088e64 100644 --- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md +++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index 7eefeac0b2..20fedfde68 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md index d45ed57dfc..9cfe8cea6a 100644 --- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md +++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md index 2894154e47..2c6b03a173 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md index f4e67423c5..6200a12ab9 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index 485b4917f9..f637339ccf 100644 --- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/02/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md index a49296f5d8..63089dc239 100644 --- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 75bbce24b9..1162388c82 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md index 9ec2562b8a..7a2216d02b 100644 --- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md index 6222a6da9c..bcdf78631e 100644 --- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md +++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md index d43c0a263c..ace81c47a8 100644 --- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index 38d6aa0b45..7125762949 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index 2a53064efd..f720623fc4 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index 0dc7dc181b..9a42f48cf7 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index 73a2f757c7..d8c6149e88 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md index f3db2bbad9..6ede27467b 100644 --- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md +++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md index 9a39c0de1d..0077d5fb03 100644 --- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index a2f19872e7..9c44ddea0e 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md index d3ae509319..fbef5e28cb 100644 --- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md +++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 2ab0ca6442..40ea379c43 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index b9a8de9993..b1ef08f124 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index 05a97f9e40..df49a18a2f 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index 4ff811eafc..f512c77601 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md index 565a73b576..79268f40a7 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md +++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md index 6bac7d1d1f..083d71d53f 100644 --- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md +++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md @@ -6,7 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index 5d7aec4d89..ec31b17097 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index a0bac113cf..acf3998fbf 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 04/19/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 016568e7c7..3ebb85def1 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md index 1dae92ce6c..fd7f843e54 100644 --- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md +++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md index 5be8b4b176..845d5216c4 100644 --- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md +++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md @@ -6,7 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md index a41e88727a..4ddc739f6f 100644 --- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md +++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md index 64ec16e1ac..76a58a391e 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md @@ -6,7 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md index b89e03159e..b999a2197b 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 08/17/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md index 17bc826d98..3b8e40b263 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md @@ -7,7 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/05/2017 --- diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md index 9b266aec88..fae8f19951 100644 --- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md +++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md @@ -6,7 +6,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 10/13/2017 --- diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 8371aff1a9..6e5a650a0c 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -2,9 +2,13 @@ title: Common Criteria Certifications description: This topic details how Microsoft supports the Common Criteria certification program. ms.prod: w10 -ms.localizationpriority: medium -ms.author: daniha +audience: ITPro author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-identity-device-management +ms.topic: article +ms.localizationpriority: medium ms.date: 10/8/2018 --- diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index efe30a1df5..2766b15d05 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -6,7 +6,11 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium ms.author: sagaudre -author: brianlic-msft +author: justinha +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual ms.date: 06/25/2018 ---